|
Plagegeister aller Art und deren Bekämpfung: claro search entfernen und evtl babylon toolbarWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.01.2013, 18:38 | #1 |
| claro search entfernen und evtl babylon toolbar Hallo, habe festgestellt, dass sich bei einem neuen Tab bei Firefox immer eine Clarosearch - Suchseite öffnet und daraufhin das entsprechende Add on gelöscht, jedoch besteht das Problem weiterhin. Dann habe ich gegoogelt und eure Seite mit Fehlerbehebung gefunden. http://www.trojaner-board.de/newthre...=newthread&f=8 Hier steht, dass ich eine Software namens "adwcleaner" runterladen solle, aber nur unter Anleitung benutzen solle. Also habe ich nun die Software auf dem Desktop, jedoch noch nicht benutzt, weil in benanntem Thread auch stand, dass ich das nur unter Anleitung solle. Kann mir nun jemand helfen? Grüße |
05.01.2013, 18:45 | #2 |
/// Malware-holic | claro search entfernen und evtl babylon toolbar Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
05.01.2013, 20:36 | #3 |
| claro search entfernen und evtl babylon toolbar da bin ich wieder.
__________________Es ergibt sich das Problem dass der OTL eine Fehlermeldung rausgibt, nach ca 20 Minuten. Hab es drei mal probiert. Fehlermeldung sagt, dass der Speicher erschöpft ist. Was nun? |
05.01.2013, 20:37 | #4 |
/// Malware-holic | claro search entfernen und evtl babylon toolbar Hi mal ohne mein Script versuchen bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
05.01.2013, 21:05 | #5 |
| claro search entfernen und evtl babylon toolbar OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.01.2013 20:52:13 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Icke\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 65,27% Memory free 7,49 Gb Paging File | 6,16 Gb Available in Paging File | 82,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,08 Gb Total Space | 25,89 Gb Free Space | 9,08% Space Free | Partition Type: NTFS Computer Name: ICKE-PC | User Name: Icke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.05 18:48:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe PRC - [2012.12.16 17:27:20 | 000,580,664 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe PRC - [2012.11.12 20:54:30 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012.11.10 22:03:47 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.08.28 07:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012.01.23 18:19:32 | 001,858,048 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2012.11.12 20:54:30 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012.11.10 22:03:47 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll MOD - [2012.11.10 22:03:47 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.16 17:27:20 | 000,580,664 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService) SRV - [2012.12.11 20:44:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.05 23:36:20 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.10 22:03:47 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.01.23 18:19:32 | 001,858,048 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.08.05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.10 22:03:47 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={5D093DC3-2B91-11E2-B0DB-00262210AE7B} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={5D093DC3-2B91-11E2-B0DB-00262210AE7B} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=117423&tt=0113_6&babsrc=HP_ss&mntrId=608d26d100000000000000262210ae7b IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 3D C5 AB 82 BF CD 01 [binary data] IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=0113_6&babsrc=SP_ss&mntrId=608d26d100000000000000262210ae7b IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={DAE42454-2E15-4425-8A38-DD263616862C}&mid=50d848671d8b47d08156d16f64f44788-018d4d29bcc892f029fa30e904c137a0a36f901c&lang=de&ds=AVG&pr=fr&d=2012-11-10 22:04:10&v=13.2.0.4&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={5D093DC3-2B91-11E2-B0DB-00262210AE7B} IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Claro Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: avg%40toolbar:13.2.0.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bf12866f8-1039-4e60-85b9-f04fa00620ea%7D&mid=50d848671d8b47d08156d16f64f44788-018d4d29bcc892f029fa30e904c137a0a36f901c&ds=AVG&v=13.2.0.4&lang=de&pr=fr&d=2012-11-10%2022%3A04%3A10&sap=ku&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.12 20:54:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 23:36:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 23:36:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.30 12:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\Extensions [2012.11.30 12:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.01.05 17:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\qzkne0p3.default\extensions [2012.12.07 00:55:19 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\firefox\profiles\qzkne0p3.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012.12.30 13:31:39 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\firefox\profiles\qzkne0p3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.03 14:27:54 | 000,001,300 | ---- | M] () -- C:\Users\Icke\AppData\Roaming\mozilla\firefox\profiles\qzkne0p3.default\searchplugins\claro.xml [2012.11.11 00:50:40 | 000,003,998 | ---- | M] () -- C:\Users\Icke\AppData\Roaming\mozilla\firefox\profiles\qzkne0p3.default\searchplugins\sweetim.xml [2012.12.05 23:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.12 20:54:41 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.5 [2012.12.05 23:36:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.12 20:54:33 | 000,003,571 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2013.01.03 14:27:42 | 000,006,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.8.5\bh\claro.dll (Montera Technologeis LTD) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.8.5\claroTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe () O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000..\Run: [Personal ID] C:\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf) O4 - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Icke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BA5E031-75EA-4E94-91AD-AEBCC75BA7DA}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20 - AppInit_DLLs: (c:\progra~4\browse~1\261040~1.25\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.05 18:48:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe [2013.01.04 16:58:56 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Roaming\OpenOffice.org [2013.01.04 16:58:18 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.01.04 16:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013.01.04 16:54:29 | 000,000,000 | ---D | C] -- C:\Users\Icke\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2013.01.03 14:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.01.03 14:29:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.01.03 14:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Claro LTD [2013.01.03 14:27:32 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Roaming\Babylon [2013.01.03 14:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.01.03 14:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solitaire XP [2013.01.03 14:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solitaire XP [2013.01.02 17:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead PhotoImpact 8 [2013.01.02 17:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ulead Systems [2013.01.02 17:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems [2013.01.02 17:46:10 | 000,000,000 | ---D | C] -- C:\Users\Icke\Desktop\Ulead Photo [2013.01.02 17:13:34 | 000,000,000 | ---D | C] -- C:\Users\Icke\Desktop\Mazda 626 gv [2012.12.29 20:13:22 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2012.12.23 21:03:34 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Local\Microsoft Games [2012.12.23 21:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2012.12.22 12:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT [2012.12.22 12:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UseNeXT [2012.12.21 12:58:50 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 12:58:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 12:58:49 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 12:58:49 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.19 22:42:13 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Local\ElevatedDiagnostics [2012.12.19 22:01:03 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2012.12.19 22:01:03 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2012.12.19 22:01:03 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2012.12.19 22:01:03 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2012.12.19 22:01:03 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2012.12.19 22:01:03 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2012.12.19 22:01:02 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2012.12.19 22:01:02 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2012.12.19 22:01:02 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2012.12.19 22:01:02 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2012.12.19 22:01:01 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2012.12.19 22:01:01 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2012.12.19 22:01:00 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2012.12.19 22:01:00 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2012.12.19 22:01:00 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2012.12.19 22:01:00 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2012.12.19 22:00:59 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2012.12.19 22:00:59 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2012.12.19 22:00:59 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2012.12.19 22:00:59 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2012.12.19 22:00:59 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2012.12.19 22:00:59 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2012.12.19 22:00:58 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2012.12.19 22:00:58 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2012.12.19 22:00:58 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2012.12.19 22:00:58 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2012.12.19 22:00:57 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2012.12.19 22:00:57 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2012.12.19 22:00:56 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2012.12.19 22:00:56 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2012.12.19 22:00:54 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2012.12.19 22:00:54 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2012.12.19 22:00:53 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2012.12.19 22:00:53 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2012.12.19 22:00:53 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2012.12.19 22:00:53 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2012.12.19 22:00:52 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2012.12.19 22:00:52 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2012.12.19 22:00:51 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2012.12.19 22:00:51 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2012.12.19 22:00:51 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2012.12.19 22:00:51 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2012.12.19 22:00:50 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2012.12.19 22:00:50 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2012.12.19 22:00:49 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2012.12.19 22:00:49 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2012.12.19 22:00:49 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2012.12.19 22:00:49 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2012.12.19 22:00:48 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2012.12.19 22:00:48 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2012.12.19 22:00:48 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2012.12.19 22:00:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2012.12.19 22:00:47 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2012.12.19 22:00:47 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2012.12.19 22:00:47 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2012.12.19 22:00:47 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2012.12.19 22:00:46 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2012.12.19 22:00:46 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2012.12.19 22:00:45 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2012.12.19 22:00:45 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2012.12.19 22:00:45 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2012.12.19 22:00:45 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2012.12.19 22:00:44 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2012.12.19 22:00:44 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2012.12.19 22:00:43 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2012.12.19 22:00:43 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2012.12.19 22:00:43 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2012.12.19 22:00:43 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2012.12.19 22:00:43 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2012.12.19 22:00:43 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2012.12.19 22:00:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2012.12.19 22:00:42 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2012.12.19 22:00:41 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2012.12.19 22:00:41 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2012.12.19 22:00:41 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2012.12.19 22:00:41 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2012.12.19 22:00:40 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2012.12.19 22:00:40 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2012.12.19 22:00:39 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2012.12.19 22:00:39 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2012.12.19 22:00:39 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2012.12.19 22:00:39 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2012.12.19 22:00:39 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2012.12.19 22:00:39 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2012.12.19 22:00:38 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2012.12.19 22:00:38 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2012.12.19 22:00:37 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2012.12.19 22:00:37 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2012.12.19 22:00:37 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2012.12.19 22:00:37 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2012.12.19 22:00:36 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2012.12.19 22:00:36 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2012.12.19 22:00:35 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2012.12.19 22:00:35 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2012.12.19 22:00:35 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2012.12.19 22:00:35 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2012.12.19 22:00:34 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2012.12.19 22:00:34 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2012.12.19 22:00:34 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2012.12.19 22:00:34 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2012.12.19 22:00:34 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2012.12.19 22:00:34 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2012.12.19 22:00:32 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2012.12.19 22:00:32 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2012.12.19 22:00:31 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2012.12.19 22:00:31 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2012.12.19 22:00:30 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2012.12.19 22:00:30 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2012.12.19 22:00:30 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2012.12.19 22:00:30 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2012.12.19 22:00:29 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2012.12.19 22:00:29 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2012.12.19 22:00:28 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2012.12.19 22:00:28 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2012.12.19 22:00:27 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2012.12.19 22:00:27 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2012.12.19 22:00:27 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2012.12.19 22:00:27 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2012.12.19 22:00:26 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2012.12.19 22:00:26 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2012.12.19 22:00:25 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2012.12.19 22:00:25 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2012.12.19 22:00:25 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2012.12.19 22:00:25 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2012.12.19 22:00:25 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2012.12.19 22:00:25 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2012.12.19 22:00:25 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2012.12.19 22:00:25 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2012.12.19 22:00:24 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2012.12.19 22:00:24 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2012.12.19 22:00:23 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2012.12.19 22:00:23 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2012.12.19 22:00:22 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2012.12.19 22:00:22 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2012.12.19 22:00:22 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2012.12.19 22:00:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2012.12.19 22:00:22 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2012.12.19 22:00:22 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2012.12.19 22:00:20 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2012.12.19 22:00:20 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2012.12.19 22:00:19 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2012.12.19 22:00:19 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2012.12.19 22:00:18 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2012.12.19 22:00:18 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2012.12.19 22:00:18 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2012.12.19 22:00:18 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2012.12.19 22:00:17 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2012.12.19 22:00:17 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2012.12.19 22:00:16 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2012.12.19 22:00:16 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2012.12.19 22:00:16 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2012.12.19 22:00:16 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2012.12.19 22:00:16 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2012.12.19 22:00:16 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2012.12.19 22:00:15 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2012.12.19 22:00:15 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2012.12.19 22:00:14 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2012.12.19 22:00:14 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2012.12.19 22:00:13 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2012.12.19 22:00:13 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2012.12.19 22:00:13 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2012.12.19 22:00:13 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2012.12.19 22:00:12 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2012.12.19 22:00:12 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2012.12.19 22:00:07 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2012.12.19 22:00:07 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2012.12.19 22:00:06 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2012.12.19 22:00:06 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2012.12.19 22:00:06 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2012.12.19 22:00:06 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2012.12.19 22:00:05 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2012.12.19 22:00:05 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2012.12.19 22:00:04 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2012.12.19 22:00:04 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2012.12.19 22:00:03 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2012.12.19 22:00:03 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2012.12.19 22:00:01 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2012.12.19 22:00:01 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2012.12.19 22:00:00 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2012.12.19 22:00:00 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2012.12.19 21:59:59 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2012.12.19 21:59:59 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2012.12.19 21:50:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.12.19 21:26:48 | 000,000,000 | R--D | C] -- C:\Users\Icke\Podcasts [2012.12.19 21:26:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2012.12.19 21:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune [2012.12.19 21:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Zune [2012.12.19 21:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications [2012.12.16 17:28:51 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Roaming\PerformerSoft [2012.12.16 17:28:47 | 000,019,000 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2012.12.16 17:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2012.12.16 17:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scout [2012.12.16 17:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2012.12.12 23:09:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.12 23:09:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.12 23:09:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.12 23:09:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.12 23:09:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.12 23:09:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.12 23:09:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.12 23:09:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.12 23:09:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.12 23:09:54 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.12 23:09:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.12 23:09:54 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.12 23:09:51 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.12 23:09:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.12 23:09:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.12 21:56:26 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 21:56:26 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 21:56:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 21:56:25 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 21:56:25 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 21:56:25 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 21:56:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 21:56:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 21:56:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 21:56:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 21:56:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 21:56:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 21:56:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 21:56:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 21:56:25 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 21:56:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 21:56:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 21:56:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 21:56:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 21:56:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 21:56:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 21:56:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 21:56:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 21:56:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 21:56:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 21:56:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 21:56:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 21:56:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 21:56:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 21:56:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 21:56:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 21:56:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 21:56:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 21:56:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 21:56:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 21:56:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 21:56:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 21:56:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 21:56:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 21:56:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 21:56:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 21:56:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 21:56:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 21:56:11 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 21:56:11 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.09 18:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.12.09 12:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2012.12.09 12:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.05 20:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.05 19:34:22 | 000,005,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.05 19:34:22 | 000,005,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.05 18:48:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe [2013.01.05 18:21:48 | 000,551,997 | ---- | M] () -- C:\Users\Icke\Desktop\adwcleaner.exe [2013.01.05 17:33:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.05 17:33:55 | 3018,412,032 | -HS- | M] () -- C:\hiberfil.sys [2013.01.04 23:49:04 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.04 23:49:04 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.04 23:49:04 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.04 23:49:04 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.04 23:49:04 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.04 18:46:44 | 000,479,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.04 16:59:11 | 000,001,241 | ---- | M] () -- C:\Users\Icke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.01.04 16:58:18 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.01.03 14:26:54 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Solitaire XP.lnk [2013.01.02 17:55:03 | 000,002,156 | ---- | M] () -- C:\Users\Icke\Desktop\Ulead Drop Spot.lnk [2013.01.02 17:54:57 | 000,005,195 | ---- | M] () -- C:\Windows\ULEAD32.INI [2013.01.02 17:54:48 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\PhotoImpact Album 8.lnk [2013.01.02 17:54:48 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\PhotoImpact 8.lnk [2012.12.22 12:49:57 | 000,001,863 | ---- | M] () -- C:\Users\Icke\Desktop\UseNeXT.lnk [2012.12.19 21:24:01 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.11 20:44:55 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.11 20:44:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.09 18:52:28 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.05 18:21:42 | 000,551,997 | ---- | C] () -- C:\Users\Icke\Desktop\adwcleaner.exe [2013.01.04 16:59:11 | 000,001,241 | ---- | C] () -- C:\Users\Icke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.01.04 16:58:18 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.01.03 14:26:54 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Solitaire XP.lnk [2013.01.02 17:55:03 | 000,002,156 | ---- | C] () -- C:\Users\Icke\Desktop\Ulead Drop Spot.lnk [2013.01.02 17:54:48 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\PhotoImpact Album 8.lnk [2013.01.02 17:54:48 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\PhotoImpact 8.lnk [2013.01.02 17:54:30 | 000,005,195 | ---- | C] () -- C:\Windows\ULEAD32.INI [2012.12.22 12:49:57 | 000,001,863 | ---- | C] () -- C:\Users\Icke\Desktop\UseNeXT.lnk [2012.12.19 21:24:01 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk [2012.11.12 14:05:29 | 000,004,096 | -H-- | C] () -- C:\Users\Icke\AppData\Local\keyfile3.drm [2012.11.11 13:55:49 | 000,001,125 | ---- | C] () -- C:\Windows\mgxoschk.ini [2012.11.11 13:27:05 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Icke\Documents\07022009003.mp4:TOC.WMV < End of report > extra:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.01.2013 20:52:13 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Icke\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 65,27% Memory free 7,49 Gb Paging File | 6,16 Gb Available in Paging File | 82,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,08 Gb Total Space | 25,89 Gb Free Space | 9,08% Space Free | Partition Type: NTFS Computer Name: ICKE-PC | User Name: Icke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2392377218-2953771678-1028247024-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" () Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" () Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0024C33B-6B87-4037-AE8F-1BB2374D9097}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{25AF40BB-C995-426E-B471-022CB38EE7B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{30D3DFEF-58C0-4A16-B218-DE56FA527E84}" = rport=137 | protocol=17 | dir=out | app=system | "{3F5FCECE-EE37-4426-91E0-139B7600D1DF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4FFE4C85-3B53-4111-A504-C4FDE068504C}" = rport=445 | protocol=6 | dir=out | app=system | "{5007D15D-93F5-4E10-853E-3F33E797CBA8}" = lport=137 | protocol=17 | dir=in | app=system | "{52055804-7D7A-4653-97BC-3B60F65F8966}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{54A96C86-4956-40EE-AD32-4C0FD31AFF49}" = lport=2869 | protocol=6 | dir=in | app=system | "{599E8FB8-71F1-46ED-9721-7425D9FB5AB7}" = rport=10243 | protocol=6 | dir=out | app=system | "{5DAF8F90-C562-4730-8DE1-BE1547D80853}" = lport=138 | protocol=17 | dir=in | app=system | "{62A195A0-025F-46B2-A8D9-A49549707A03}" = rport=139 | protocol=6 | dir=out | app=system | "{938CACDE-EB0D-4059-B466-36506182EDE7}" = lport=139 | protocol=6 | dir=in | app=system | "{AC05CFF7-7A93-417C-A890-A0CC7893C7B8}" = rport=138 | protocol=17 | dir=out | app=system | "{AEC32A92-07E8-44AE-B7F7-302CCD2C0CD1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C83DD877-0AC3-4A69-843A-B39C5ABA08F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CC41E511-52AE-4A46-B8B7-12636B5F3E70}" = lport=10243 | protocol=6 | dir=in | app=system | "{D97908F5-C41E-4EB7-B65F-D5E37E251F80}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DFE87DD6-4787-487D-8E88-1147A0E75738}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E8A06207-312A-4CB1-A4B8-A3AB7AF98420}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{ED625D29-EA95-428D-B928-13C294A7471B}" = lport=445 | protocol=6 | dir=in | app=system | "{F2E31D29-C631-411F-A23C-51226632584C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FA41FE9A-1B28-45EB-94FD-1A687D48913A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FDC686B3-356E-480B-ADF5-635B02A6C15E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2FD71968-0B23-4987-A19B-68564D7BD31D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3063E34C-6347-4AB1-9441-7F5527E79FD3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3ADDE8C2-68ED-4069-BEB5-4251135F3C41}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{40719D8F-FD17-4289-BC8D-A946B679B597}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{47794980-2E7F-41BD-B9F2-6E2AD4563C09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4FBB5D7B-785A-421F-830D-456FBBCFAC73}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5AF49C0D-0FCA-46B9-B1CF-8122880B4A42}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5D41C1A4-481D-4E2A-BF33-C3A251D0FB36}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{6195CFB1-206C-4AE6-AA18-AFFF9C9D26EB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{6450F7A4-A26C-4003-9550-04F83A75A6AD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{673C7C90-ABAA-42EC-84B4-394E82022B84}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{692FC0CA-7E56-48B9-B1B9-DF4E645E1FE9}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{6ABA2B0F-036F-409C-8E8F-4E6E8726B66C}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{7153D08A-596B-4625-8C7A-C8CBCFFD4CF1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{7D83677D-62D0-41BF-9126-88199D3757C2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{8111E86F-961C-4FF7-8B5D-6D21A38A62BD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8AAD896B-F959-4C4C-A8AC-1D51A6914A23}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8F6514FF-45F3-49B3-A03D-F59F99E6535A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{90AD5823-9CDE-44BF-B276-4332EEF512BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9DC0982E-DA42-4691-A7D8-655C6B03BA2D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{B37DEE73-F3A1-4163-B12F-38CA83A44184}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{B6016CB4-CC73-4E3F-AACD-E9CDEC14B70D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BAEBDD9B-0A78-4052-BF2F-5C55B4F354CC}" = protocol=6 | dir=out | app=system | "{C460993F-BA3F-4ADE-88F1-AEF24633AA5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{C7F50616-A39A-407D-891D-77E132E283A3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{D341C1AE-F194-4EA9-9429-E57AD9CEED72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D533A1EF-8BBB-48F6-8240-4D37F3B2FA96}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{EE7F3942-415B-47A1-8C13-E65F6398FA68}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F3164EAA-9111-44E9-8F79-3B2A9C752A9C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F41A00F3-9538-455A-880F-45855AB73EC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F7803593-A4EA-490C-B063-829398D39EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS) "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL) "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2 "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR) "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS) "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE) "{73105254-4936-47AC-ACDE-08D11D25E3DB}" = AVG 2013 "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL) "{882204F9-C50C-4081-B0AA-1F1BC5D0A723}" = MP3 deluxe MX Update "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK) "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN) "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND) "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT) "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY) "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN) "{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013 "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN) "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN) "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2013 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "VLC media player" = VLC media player 2.0.2 "WinRAR archiver" = WinRAR 4.20 (64-Bit) "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{2187FAB6-013A-4983-825F-F57F7BBBA373}_is1" = Solitaire XP version 1.0 "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2482B0B6-F933-46BF-815C-4B2EB0B9B8B4}" = HebRech HebRechw "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}" = Firebird SQL Server - MAGIX Edition "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{819B324F-62E8-4CBF-9E41-52CE31BF1F2C}" = MAGIX Speed burnR (MSI) "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.03 "{8C1932E3-8555-4B03-B2CC-AE86DC6673E4}" = Ulead Drop Spot "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks "{CF7D3040-7427-4E54-BC1F-D92E5D599D72}" = MAGIX Screenshare "{CFC811BB-5AC4-4F00-A88B-6DED596C2B36}" = MAGIX MP3 deluxe MX Download-Version "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F101C58C-15CC-42B3-83D1-536CFB960634}" = Ulead PhotoImpact 8 "{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVG Secure Search" = AVG Security Toolbar "claro" = Claro toolbar "InstallShield_{8C1932E3-8555-4B03-B2CC-AE86DC6673E4}" = Ulead Drop Spot 1.0 "InstallShield_{F101C58C-15CC-42B3-83D1-536CFB960634}" = Ulead PhotoImpact 8 "MAGIX_MSI_mp3_deluxe_mx" = MAGIX MP3 deluxe MX Download-Version "MAGIX_MSI_PCVisit" = MAGIX Screenshare "MAGIX_MSI_Speed3_burnR_mxcdr_MSI" = MAGIX Speed burnR (MSI) "MOTOROLA mp3 maker" = MOTOROLA mp3 maker "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Skin Pack Installer System X64" = Skin Pack Installer System X64 5.0 "Tankwagen-Simulator 2011_is1" = Tankwagen-Simulator 2011 "Updater Service" = Updater Service "UseNeXT_is1" = UseNeXT "YTdetect" = Yahoo! Detect ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.01.2013 08:41:20 | Computer Name = Icke-PC | Source = WinMgmt | ID = 10 Description = Error - 04.01.2013 10:43:38 | Computer Name = Icke-PC | Source = WinMgmt | ID = 10 Description = Error - 04.01.2013 13:48:04 | Computer Name = Icke-PC | Source = WinMgmt | ID = 10 Description = Error - 04.01.2013 14:53:43 | Computer Name = Icke-PC | Source = WinMgmt | ID = 10 Description = Error - 04.01.2013 15:13:05 | Computer Name = Icke-PC | Source = WinMgmt | ID = 10 Description = Error - 04.01.2013 17:39:13 | Computer Name = Icke-PC | Source = WinMgmt | ID = 10 Description = Error - 04.01.2013 20:05:19 | Computer Name = Icke-PC | Source = WinMgmt | ID = 10 Description = Error - 05.01.2013 08:26:18 | Computer Name = Icke-PC | Source = WinMgmt | ID = 10 Description = Error - 05.01.2013 11:51:28 | Computer Name = Icke-PC | Source = WinMgmt | ID = 10 Description = Error - 05.01.2013 12:35:20 | Computer Name = Icke-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 05.01.2013 11:50:18 | Computer Name = Icke-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 05.01.2013 11:50:26 | Computer Name = Icke-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 05.01.2013 11:50:39 | Computer Name = Icke-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern Fehlerquelle: 3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere Informationen. Error - 05.01.2013 11:50:39 | Computer Name = Icke-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern Fehlerquelle: 3 Fehlertyp: 9 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere Informationen. Error - 05.01.2013 11:50:39 | Computer Name = Icke-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern Fehlerquelle: 3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere Informationen. Error - 05.01.2013 11:56:59 | Computer Name = Icke-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 05.01.2013 12:34:03 | Computer Name = Icke-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 05.01.2013 12:34:07 | Computer Name = Icke-PC | Source = Service Control Manager | ID = 7006 Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error - 05.01.2013 12:34:14 | Computer Name = Icke-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern Fehlerquelle: 3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere Informationen. Error - 05.01.2013 12:34:14 | Computer Name = Icke-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18 Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern Fehlerquelle: 3 Fehlertyp: 9 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere Informationen. < End of report > |
05.01.2013, 22:23 | #6 |
| claro search entfernen und evtl babylon toolbar nun als quickscanOTL Logfile: Code:
ATTFilter OTL logfile created on: 05.01.2013 22:12:19 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Icke\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 60,47% Memory free 7,49 Gb Paging File | 6,02 Gb Available in Paging File | 80,32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285,08 Gb Total Space | 25,89 Gb Free Space | 9,08% Space Free | Partition Type: NTFS Computer Name: ICKE-PC | User Name: Icke | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.05 18:48:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe PRC - [2012.12.16 17:27:20 | 000,580,664 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe PRC - [2012.12.05 23:36:20 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.11.12 20:54:30 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012.11.10 22:03:47 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.08.28 07:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012.01.23 18:19:32 | 001,858,048 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe ========== Modules (No Company Name) ========== MOD - [2012.12.05 23:36:19 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.12 20:54:30 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012.11.10 22:03:47 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll MOD - [2012.11.10 22:03:47 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.12.16 17:27:20 | 000,580,664 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService) SRV - [2012.12.11 20:44:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.05 23:36:20 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.10 22:03:47 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0) SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.01.23 18:19:32 | 001,858,048 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.08.05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.10 22:03:47 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={5D093DC3-2B91-11E2-B0DB-00262210AE7B} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={5D093DC3-2B91-11E2-B0DB-00262210AE7B} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=117423&tt=0113_6&babsrc=HP_ss&mntrId=608d26d100000000000000262210ae7b IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 3D C5 AB 82 BF CD 01 [binary data] IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=0113_6&babsrc=SP_ss&mntrId=608d26d100000000000000262210ae7b IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={DAE42454-2E15-4425-8A38-DD263616862C}&mid=50d848671d8b47d08156d16f64f44788-018d4d29bcc892f029fa30e904c137a0a36f901c&lang=de&ds=AVG&pr=fr&d=2012-11-10 22:04:10&v=13.2.0.4&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={5D093DC3-2B91-11E2-B0DB-00262210AE7B} IE - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Claro Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: avg%40toolbar:13.2.0.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bf12866f8-1039-4e60-85b9-f04fa00620ea%7D&mid=50d848671d8b47d08156d16f64f44788-018d4d29bcc892f029fa30e904c137a0a36f901c&ds=AVG&v=13.2.0.4&lang=de&pr=fr&d=2012-11-10%2022%3A04%3A10&sap=ku&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.12 20:54:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 23:36:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.05 23:36:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.30 12:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\Extensions [2012.11.30 12:49:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013.01.05 17:54:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\Firefox\Profiles\qzkne0p3.default\extensions [2012.12.07 00:55:19 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\firefox\profiles\qzkne0p3.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi [2012.12.30 13:31:39 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Icke\AppData\Roaming\mozilla\firefox\profiles\qzkne0p3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.03 14:27:54 | 000,001,300 | ---- | M] () -- C:\Users\Icke\AppData\Roaming\mozilla\firefox\profiles\qzkne0p3.default\searchplugins\claro.xml [2012.11.11 00:50:40 | 000,003,998 | ---- | M] () -- C:\Users\Icke\AppData\Roaming\mozilla\firefox\profiles\qzkne0p3.default\searchplugins\sweetim.xml [2012.12.05 23:36:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.12 20:54:41 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\13.2.0.5 [2012.12.05 23:36:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.12 20:54:33 | 000,003,571 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2013.01.03 14:27:42 | 000,006,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.8.8.5\bh\claro.dll (Montera Technologeis LTD) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.8.8.5\claroTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe () O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000..\Run: [Personal ID] C:\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf) O4 - HKU\S-1-5-21-2392377218-2953771678-1028247024-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Icke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BA5E031-75EA-4E94-91AD-AEBCC75BA7DA}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20 - AppInit_DLLs: (c:\progra~4\browse~1\261040~1.25\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.05 18:48:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe [2013.01.04 16:58:56 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Roaming\OpenOffice.org [2013.01.04 16:58:18 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1 [2013.01.04 16:57:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3 [2013.01.04 16:54:29 | 000,000,000 | ---D | C] -- C:\Users\Icke\Desktop\OpenOffice.org 3.4.1 (de) Installation Files [2013.01.03 14:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.01.03 14:29:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.01.03 14:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Claro LTD [2013.01.03 14:27:32 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Roaming\Babylon [2013.01.03 14:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.01.03 14:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solitaire XP [2013.01.03 14:26:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solitaire XP [2013.01.02 17:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead PhotoImpact 8 [2013.01.02 17:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ulead Systems [2013.01.02 17:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems [2013.01.02 17:46:10 | 000,000,000 | ---D | C] -- C:\Users\Icke\Desktop\Ulead Photo [2013.01.02 17:13:34 | 000,000,000 | ---D | C] -- C:\Users\Icke\Desktop\Mazda 626 gv [2012.12.23 21:03:34 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Local\Microsoft Games [2012.12.23 21:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games [2012.12.22 12:49:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT [2012.12.22 12:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UseNeXT [2012.12.19 22:42:13 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Local\ElevatedDiagnostics [2012.12.19 21:50:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.12.19 21:26:48 | 000,000,000 | R--D | C] -- C:\Users\Icke\Podcasts [2012.12.19 21:26:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2012.12.19 21:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune [2012.12.19 21:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\Zune [2012.12.19 21:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications [2012.12.16 17:28:51 | 000,000,000 | ---D | C] -- C:\Users\Icke\AppData\Roaming\PerformerSoft [2012.12.16 17:28:47 | 000,019,000 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2012.12.16 17:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo [2012.12.16 17:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scout [2012.12.16 17:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2012.12.09 18:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.12.09 12:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2012.12.09 12:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.05 21:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.05 21:34:22 | 000,005,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.05 21:34:22 | 000,005,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.05 18:48:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Icke\Desktop\OTL.exe [2013.01.05 18:21:48 | 000,551,997 | ---- | M] () -- C:\Users\Icke\Desktop\adwcleaner.exe [2013.01.05 17:33:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.05 17:33:55 | 3018,412,032 | -HS- | M] () -- C:\hiberfil.sys [2013.01.04 23:49:04 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.04 23:49:04 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.04 23:49:04 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.04 23:49:04 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.04 23:49:04 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.04 18:46:44 | 000,479,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.04 16:59:11 | 000,001,241 | ---- | M] () -- C:\Users\Icke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.01.04 16:58:18 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.01.03 14:26:54 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Solitaire XP.lnk [2013.01.02 17:55:03 | 000,002,156 | ---- | M] () -- C:\Users\Icke\Desktop\Ulead Drop Spot.lnk [2013.01.02 17:54:57 | 000,005,195 | ---- | M] () -- C:\Windows\ULEAD32.INI [2013.01.02 17:54:48 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\PhotoImpact Album 8.lnk [2013.01.02 17:54:48 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\PhotoImpact 8.lnk [2012.12.22 12:49:57 | 000,001,863 | ---- | M] () -- C:\Users\Icke\Desktop\UseNeXT.lnk [2012.12.19 21:24:01 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk [2012.12.09 18:52:28 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.05 18:21:42 | 000,551,997 | ---- | C] () -- C:\Users\Icke\Desktop\adwcleaner.exe [2013.01.04 16:59:11 | 000,001,241 | ---- | C] () -- C:\Users\Icke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.01.04 16:58:18 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.01.03 14:26:54 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Solitaire XP.lnk [2013.01.02 17:55:03 | 000,002,156 | ---- | C] () -- C:\Users\Icke\Desktop\Ulead Drop Spot.lnk [2013.01.02 17:54:48 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\PhotoImpact Album 8.lnk [2013.01.02 17:54:48 | 000,002,161 | ---- | C] () -- C:\Users\Public\Desktop\PhotoImpact 8.lnk [2013.01.02 17:54:30 | 000,005,195 | ---- | C] () -- C:\Windows\ULEAD32.INI [2012.12.22 12:49:57 | 000,001,863 | ---- | C] () -- C:\Users\Icke\Desktop\UseNeXT.lnk [2012.12.19 21:24:01 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk [2012.11.12 14:05:29 | 000,004,096 | -H-- | C] () -- C:\Users\Icke\AppData\Local\keyfile3.drm [2012.11.11 13:55:49 | 000,001,125 | ---- | C] () -- C:\Windows\mgxoschk.ini [2012.11.11 13:27:05 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.09 18:52:28 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2012.12.09 18:52:28 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2012.11.10 22:06:34 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\AVG2013 [2013.01.03 14:27:32 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\Babylon [2012.11.14 22:43:36 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\kreawi [2012.11.11 15:03:08 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\MAGIX [2013.01.04 16:58:56 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\OpenOffice.org [2012.12.17 00:22:42 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\PerformerSoft [2012.11.30 12:49:40 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\TomTom [2013.01.03 14:30:01 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\TuneUp Software [2013.01.04 23:47:25 | 000,000,000 | ---D | M] -- C:\Users\Icke\AppData\Roaming\UseNeXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 64 bytes -> C:\Users\Icke\Documents\07022009003.mp4:TOC.WMV < End of report > bist du noch da? |
06.01.2013, 18:04 | #7 |
/// Malware-holic | claro search entfernen und evtl babylon toolbar hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL O20 - AppInit_DLLs: (c:\progra~4\browse~1\261040~1.25\{c16c1~1\browse~1.dll) - File not found :Files :Commands [EMPTYFLASH] [emptytemp] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.01.2013, 18:30 | #8 |
| claro search entfernen und evtl babylon toolbar All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~4\browse~1\261040~1.25\{c16c1~1\browse~1.dll deleted successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Icke ->Flash cache emptied: 27062 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Icke ->Temp folder emptied: 148219094 bytes ->Temporary Internet Files folder emptied: 209092280 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 171417904 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 174957103 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 118554 bytes Total Files Cleaned = 671,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01062013_180909 Files\Folders moved on Reboot... C:\Users\Icke\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
06.01.2013, 18:59 | #9 |
/// Malware-holic | claro search entfernen und evtl babylon toolbar download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.01.2013, 19:17 | #10 |
| claro search entfernen und evtl babylon toolbar 19:12:02.0583 3592 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 19:12:02.0801 3592 ============================================================ 19:12:02.0801 3592 Current date / time: 2013/01/06 19:12:02.0801 19:12:02.0801 3592 SystemInfo: 19:12:02.0801 3592 19:12:02.0801 3592 OS Version: 6.1.7601 ServicePack: 1.0 19:12:02.0801 3592 Product type: Workstation 19:12:02.0801 3592 ComputerName: ICKE-PC 19:12:02.0801 3592 UserName: Icke 19:12:02.0801 3592 Windows directory: C:\Windows 19:12:02.0801 3592 System windows directory: C:\Windows 19:12:02.0801 3592 Running under WOW64 19:12:02.0801 3592 Processor architecture: Intel x64 19:12:02.0801 3592 Number of processors: 2 19:12:02.0801 3592 Page size: 0x1000 19:12:02.0801 3592 Boot type: Normal boot 19:12:02.0801 3592 ============================================================ 19:12:04.0377 3592 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:12:04.0392 3592 ============================================================ 19:12:04.0392 3592 \Device\Harddisk0\DR0: 19:12:04.0392 3592 MBR partitions: 19:12:04.0392 3592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A04000, BlocksNum 0x23A2A000 19:12:04.0392 3592 ============================================================ 19:12:04.0423 3592 C: <-> \Device\Harddisk0\DR0\Partition1 19:12:04.0423 3592 ============================================================ 19:12:04.0423 3592 Initialize success 19:12:04.0423 3592 ============================================================ 19:13:42.0131 3972 ============================================================ 19:13:42.0131 3972 Scan started 19:13:42.0131 3972 Mode: Manual; SigCheck; TDLFS; 19:13:42.0131 3972 ============================================================ 19:13:42.0568 3972 ================ Scan system memory ======================== 19:13:42.0568 3972 System memory - ok 19:13:42.0568 3972 ================ Scan services ============================= 19:13:42.0833 3972 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 19:13:43.0067 3972 1394ohci - ok 19:13:43.0083 3972 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:13:43.0114 3972 ACPI - ok 19:13:43.0130 3972 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 19:13:43.0239 3972 AcpiPmi - ok 19:13:43.0348 3972 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:13:43.0379 3972 AdobeARMservice - ok 19:13:43.0535 3972 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:13:43.0582 3972 AdobeFlashPlayerUpdateSvc - ok 19:13:43.0676 3972 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 19:13:43.0707 3972 adp94xx - ok 19:13:43.0738 3972 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 19:13:43.0769 3972 adpahci - ok 19:13:43.0785 3972 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 19:13:43.0816 3972 adpu320 - ok 19:13:43.0863 3972 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:13:44.0081 3972 AeLookupSvc - ok 19:13:44.0128 3972 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 19:13:44.0206 3972 AFD - ok 19:13:44.0284 3972 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:13:44.0346 3972 agp440 - ok 19:13:44.0440 3972 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 19:13:44.0549 3972 ALG - ok 19:13:44.0580 3972 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 19:13:44.0596 3972 aliide - ok 19:13:44.0612 3972 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 19:13:44.0643 3972 amdide - ok 19:13:44.0658 3972 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 19:13:44.0721 3972 AmdK8 - ok 19:13:44.0752 3972 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 19:13:44.0814 3972 AmdPPM - ok 19:13:44.0892 3972 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 19:13:44.0908 3972 amdsata - ok 19:13:44.0939 3972 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 19:13:44.0970 3972 amdsbs - ok 19:13:45.0002 3972 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 19:13:45.0017 3972 amdxata - ok 19:13:45.0064 3972 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 19:13:45.0282 3972 AppID - ok 19:13:45.0345 3972 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:13:45.0423 3972 AppIDSvc - ok 19:13:45.0470 3972 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 19:13:45.0548 3972 Appinfo - ok 19:13:45.0626 3972 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 19:13:45.0688 3972 AppMgmt - ok 19:13:45.0735 3972 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 19:13:45.0782 3972 arc - ok 19:13:45.0828 3972 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 19:13:45.0860 3972 arcsas - ok 19:13:45.0891 3972 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:13:45.0969 3972 AsyncMac - ok 19:13:46.0016 3972 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 19:13:46.0031 3972 atapi - ok 19:13:46.0109 3972 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:13:46.0250 3972 AudioEndpointBuilder - ok 19:13:46.0296 3972 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 19:13:46.0359 3972 AudioSrv - ok 19:13:46.0593 3972 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe 19:13:46.0749 3972 AVGIDSAgent - ok 19:13:46.0811 3972 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 19:13:47.0170 3972 AVGIDSDriver - ok 19:13:47.0186 3972 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 19:13:47.0201 3972 AVGIDSHA - ok 19:13:47.0232 3972 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 19:13:47.0248 3972 Avgldx64 - ok 19:13:47.0279 3972 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys 19:13:47.0295 3972 Avgloga - ok 19:13:47.0310 3972 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 19:13:47.0357 3972 Avgmfx64 - ok 19:13:47.0388 3972 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 19:13:47.0420 3972 Avgrkx64 - ok 19:13:47.0451 3972 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 19:13:47.0466 3972 Avgtdia - ok 19:13:47.0513 3972 [ BFD698CC6E1DE2E0D23155DECC513D2F ] avgtp C:\Windows\system32\drivers\avgtpx64.sys 19:13:47.0544 3972 avgtp - ok 19:13:47.0576 3972 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe 19:13:47.0591 3972 avgwd - ok 19:13:47.0654 3972 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:13:47.0716 3972 AxInstSV - ok 19:13:47.0825 3972 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 19:13:47.0903 3972 b06bdrv - ok 19:13:47.0981 3972 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 19:13:48.0044 3972 b57nd60a - ok 19:13:48.0153 3972 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 19:13:48.0262 3972 BCM43XX - ok 19:13:48.0340 3972 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 19:13:48.0402 3972 BDESVC - ok 19:13:48.0449 3972 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 19:13:48.0527 3972 Beep - ok 19:13:48.0590 3972 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 19:13:48.0699 3972 BFE - ok 19:13:48.0761 3972 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 19:13:48.0917 3972 BITS - ok 19:13:48.0948 3972 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 19:13:49.0011 3972 blbdrive - ok 19:13:49.0073 3972 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:13:49.0136 3972 bowser - ok 19:13:49.0214 3972 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 19:13:49.0276 3972 BrFiltLo - ok 19:13:49.0307 3972 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 19:13:49.0354 3972 BrFiltUp - ok 19:13:49.0401 3972 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 19:13:49.0448 3972 Browser - ok 19:13:49.0479 3972 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 19:13:49.0541 3972 Brserid - ok 19:13:49.0572 3972 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 19:13:49.0619 3972 BrSerWdm - ok 19:13:49.0650 3972 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 19:13:49.0697 3972 BrUsbMdm - ok 19:13:49.0713 3972 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 19:13:49.0760 3972 BrUsbSer - ok 19:13:49.0822 3972 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 19:13:49.0853 3972 BTHMODEM - ok 19:13:49.0962 3972 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 19:13:50.0072 3972 bthserv - ok 19:13:50.0103 3972 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:13:50.0196 3972 cdfs - ok 19:13:50.0274 3972 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:13:50.0321 3972 cdrom - ok 19:13:50.0368 3972 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 19:13:50.0446 3972 CertPropSvc - ok 19:13:50.0477 3972 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 19:13:50.0524 3972 circlass - ok 19:13:50.0571 3972 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 19:13:50.0618 3972 CLFS - ok 19:13:50.0742 3972 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:13:50.0758 3972 clr_optimization_v2.0.50727_32 - ok 19:13:50.0883 3972 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:13:50.0898 3972 clr_optimization_v2.0.50727_64 - ok 19:13:51.0008 3972 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:13:51.0054 3972 clr_optimization_v4.0.30319_32 - ok 19:13:51.0086 3972 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:13:51.0101 3972 clr_optimization_v4.0.30319_64 - ok 19:13:51.0164 3972 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:13:51.0195 3972 CmBatt - ok 19:13:51.0242 3972 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:13:51.0257 3972 cmdide - ok 19:13:51.0288 3972 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 19:13:51.0351 3972 CNG - ok 19:13:51.0366 3972 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:13:51.0382 3972 Compbatt - ok 19:13:51.0413 3972 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 19:13:51.0491 3972 CompositeBus - ok 19:13:51.0538 3972 COMSysApp - ok 19:13:51.0569 3972 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 19:13:51.0585 3972 crcdisk - ok 19:13:51.0647 3972 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:13:51.0710 3972 CryptSvc - ok 19:13:51.0756 3972 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 19:13:51.0881 3972 CSC - ok 19:13:51.0928 3972 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 19:13:51.0990 3972 CscService - ok 19:13:52.0053 3972 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:13:52.0146 3972 DcomLaunch - ok 19:13:52.0240 3972 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 19:13:52.0349 3972 defragsvc - ok 19:13:52.0458 3972 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:13:52.0552 3972 DfsC - ok 19:13:52.0599 3972 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 19:13:52.0661 3972 Dhcp - ok 19:13:52.0708 3972 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 19:13:52.0802 3972 discache - ok 19:13:52.0864 3972 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 19:13:52.0895 3972 Disk - ok 19:13:52.0973 3972 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 19:13:53.0051 3972 dmvsc - ok 19:13:53.0098 3972 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:13:53.0160 3972 Dnscache - ok 19:13:53.0254 3972 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 19:13:53.0363 3972 dot3svc - ok 19:13:53.0410 3972 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 19:13:53.0535 3972 DPS - ok 19:13:53.0613 3972 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:13:53.0660 3972 drmkaud - ok 19:13:53.0738 3972 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:13:53.0800 3972 DXGKrnl - ok 19:13:53.0847 3972 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 19:13:53.0956 3972 EapHost - ok 19:13:54.0065 3972 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 19:13:54.0237 3972 ebdrv - ok 19:13:54.0268 3972 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 19:13:54.0330 3972 EFS - ok 19:13:54.0455 3972 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:13:54.0596 3972 ehRecvr - ok 19:13:54.0642 3972 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 19:13:54.0736 3972 ehSched - ok 19:13:54.0908 3972 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 19:13:54.0970 3972 elxstor - ok 19:13:54.0986 3972 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:13:55.0048 3972 ErrDev - ok 19:13:55.0142 3972 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 19:13:55.0220 3972 EventSystem - ok 19:13:55.0266 3972 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 19:13:55.0344 3972 exfat - ok 19:13:55.0391 3972 Fabs - ok 19:13:55.0422 3972 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:13:55.0547 3972 fastfat - ok 19:13:55.0625 3972 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 19:13:55.0703 3972 Fax - ok 19:13:55.0750 3972 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 19:13:55.0812 3972 fdc - ok 19:13:55.0859 3972 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 19:13:55.0968 3972 fdPHost - ok 19:13:56.0000 3972 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 19:13:56.0093 3972 FDResPub - ok 19:13:56.0124 3972 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:13:56.0140 3972 FileInfo - ok 19:13:56.0156 3972 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:13:56.0327 3972 Filetrace - ok 19:13:56.0436 3972 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe 19:13:56.0577 3972 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 19:13:56.0577 3972 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 19:13:56.0624 3972 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 19:13:56.0686 3972 flpydisk - ok 19:13:56.0733 3972 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:13:56.0748 3972 FltMgr - ok 19:13:56.0842 3972 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 19:13:56.0920 3972 FontCache - ok 19:13:57.0014 3972 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:13:57.0029 3972 FontCache3.0.0.0 - ok 19:13:57.0060 3972 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:13:57.0076 3972 FsDepends - ok 19:13:57.0123 3972 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:13:57.0170 3972 Fs_Rec - ok 19:13:57.0201 3972 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:13:57.0248 3972 fvevol - ok 19:13:57.0279 3972 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 19:13:57.0294 3972 gagp30kx - ok 19:13:57.0372 3972 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 19:13:57.0466 3972 gpsvc - ok 19:13:57.0497 3972 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 19:13:57.0544 3972 hcw85cir - ok 19:13:57.0622 3972 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:13:57.0716 3972 HdAudAddService - ok 19:13:57.0762 3972 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 19:13:57.0809 3972 HDAudBus - ok 19:13:57.0840 3972 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 19:13:57.0872 3972 HidBatt - ok 19:13:57.0903 3972 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 19:13:57.0965 3972 HidBth - ok 19:13:57.0981 3972 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 19:13:58.0028 3972 HidIr - ok 19:13:58.0074 3972 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 19:13:58.0152 3972 hidserv - ok 19:13:58.0199 3972 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:13:58.0230 3972 HidUsb - ok 19:13:58.0293 3972 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:13:58.0418 3972 hkmsvc - ok 19:13:58.0464 3972 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:13:58.0511 3972 HomeGroupListener - ok 19:13:58.0574 3972 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:13:58.0620 3972 HomeGroupProvider - ok 19:13:58.0652 3972 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:13:58.0667 3972 HpSAMD - ok 19:13:58.0714 3972 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:13:58.0854 3972 HTTP - ok 19:13:58.0901 3972 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:13:58.0917 3972 hwpolicy - ok 19:13:58.0948 3972 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 19:13:58.0964 3972 i8042prt - ok 19:13:58.0995 3972 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:13:59.0026 3972 iaStorV - ok 19:13:59.0166 3972 [ 2D605B4A28FEF74081A6647B491EB6C3 ] IBUpdaterService C:\ProgramData\IBUpdaterService\ibsvc.exe 19:13:59.0244 3972 IBUpdaterService - ok 19:13:59.0322 3972 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:13:59.0369 3972 idsvc - ok 19:13:59.0447 3972 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 19:13:59.0463 3972 iirsp - ok 19:13:59.0556 3972 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 19:13:59.0697 3972 IKEEXT - ok 19:13:59.0728 3972 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 19:13:59.0744 3972 intelide - ok 19:13:59.0790 3972 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 19:13:59.0837 3972 intelppm - ok 19:13:59.0868 3972 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:13:59.0946 3972 IPBusEnum - ok 19:13:59.0978 3972 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:14:00.0056 3972 IpFilterDriver - ok 19:14:00.0102 3972 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:14:00.0196 3972 iphlpsvc - ok 19:14:00.0227 3972 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 19:14:00.0274 3972 IPMIDRV - ok 19:14:00.0305 3972 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:14:00.0383 3972 IPNAT - ok 19:14:00.0399 3972 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:14:00.0461 3972 IRENUM - ok 19:14:00.0492 3972 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:14:00.0508 3972 isapnp - ok 19:14:00.0570 3972 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 19:14:00.0617 3972 iScsiPrt - ok 19:14:00.0664 3972 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:14:00.0711 3972 kbdclass - ok 19:14:00.0726 3972 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 19:14:00.0773 3972 kbdhid - ok 19:14:00.0804 3972 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 19:14:00.0820 3972 KeyIso - ok 19:14:00.0851 3972 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:14:00.0867 3972 KSecDD - ok 19:14:00.0882 3972 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:14:00.0914 3972 KSecPkg - ok 19:14:00.0929 3972 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 19:14:01.0007 3972 ksthunk - ok 19:14:01.0054 3972 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 19:14:01.0132 3972 KtmRm - ok 19:14:01.0163 3972 [ 033B4AED2C5519072C0D81E00804D003 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 19:14:01.0210 3972 L1C - ok 19:14:01.0304 3972 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 19:14:01.0397 3972 LanmanServer - ok 19:14:01.0475 3972 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:14:01.0553 3972 LanmanWorkstation - ok 19:14:01.0662 3972 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:14:01.0740 3972 lltdio - ok 19:14:01.0803 3972 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:14:01.0928 3972 lltdsvc - ok 19:14:01.0959 3972 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:14:02.0037 3972 lmhosts - ok 19:14:02.0084 3972 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 19:14:02.0099 3972 LSI_FC - ok 19:14:02.0115 3972 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 19:14:02.0146 3972 LSI_SAS - ok 19:14:02.0162 3972 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 19:14:02.0177 3972 LSI_SAS2 - ok 19:14:02.0193 3972 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 19:14:02.0208 3972 LSI_SCSI - ok 19:14:02.0240 3972 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 19:14:02.0302 3972 luafv - ok 19:14:02.0364 3972 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:14:02.0396 3972 Mcx2Svc - ok 19:14:02.0489 3972 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 19:14:02.0536 3972 MDM - ok 19:14:02.0552 3972 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 19:14:02.0583 3972 megasas - ok 19:14:02.0614 3972 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 19:14:02.0630 3972 MegaSR - ok 19:14:02.0692 3972 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 19:14:02.0754 3972 MMCSS - ok 19:14:02.0786 3972 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 19:14:02.0879 3972 Modem - ok 19:14:02.0910 3972 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:14:02.0957 3972 monitor - ok 19:14:03.0004 3972 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:14:03.0020 3972 mouclass - ok 19:14:03.0051 3972 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:14:03.0113 3972 mouhid - ok 19:14:03.0144 3972 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:14:03.0160 3972 mountmgr - ok 19:14:03.0285 3972 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 19:14:03.0316 3972 MozillaMaintenance - ok 19:14:03.0347 3972 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 19:14:03.0363 3972 mpio - ok 19:14:03.0378 3972 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:14:03.0456 3972 mpsdrv - ok 19:14:03.0534 3972 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:14:03.0628 3972 MpsSvc - ok 19:14:03.0675 3972 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:14:03.0753 3972 MRxDAV - ok 19:14:03.0815 3972 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:14:03.0878 3972 mrxsmb - ok 19:14:03.0924 3972 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:14:03.0971 3972 mrxsmb10 - ok 19:14:04.0018 3972 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:14:04.0080 3972 mrxsmb20 - ok 19:14:04.0112 3972 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 19:14:04.0127 3972 msahci - ok 19:14:04.0158 3972 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:14:04.0174 3972 msdsm - ok 19:14:04.0236 3972 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 19:14:04.0268 3972 MSDTC - ok 19:14:04.0314 3972 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:14:04.0408 3972 Msfs - ok 19:14:04.0439 3972 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:14:04.0486 3972 mshidkmdf - ok 19:14:04.0502 3972 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:14:04.0517 3972 msisadrv - ok 19:14:04.0580 3972 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:14:04.0689 3972 MSiSCSI - ok 19:14:04.0689 3972 msiserver - ok 19:14:04.0720 3972 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:14:04.0782 3972 MSKSSRV - ok 19:14:04.0814 3972 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:14:04.0892 3972 MSPCLOCK - ok 19:14:04.0923 3972 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:14:05.0001 3972 MSPQM - ok 19:14:05.0063 3972 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:14:05.0110 3972 MsRPC - ok 19:14:05.0157 3972 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 19:14:05.0172 3972 mssmbios - ok 19:14:05.0313 3972 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:14:05.0391 3972 MSTEE - ok 19:14:05.0422 3972 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 19:14:05.0484 3972 MTConfig - ok 19:14:05.0516 3972 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 19:14:05.0547 3972 Mup - ok 19:14:05.0609 3972 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 19:14:05.0734 3972 napagent - ok 19:14:05.0828 3972 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:14:05.0874 3972 NativeWifiP - ok 19:14:05.0984 3972 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:14:06.0030 3972 NDIS - ok 19:14:06.0093 3972 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:14:06.0202 3972 NdisCap - ok 19:14:06.0233 3972 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:14:06.0296 3972 NdisTapi - ok 19:14:06.0327 3972 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:14:06.0374 3972 Ndisuio - ok 19:14:06.0389 3972 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:14:06.0467 3972 NdisWan - ok 19:14:06.0498 3972 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:14:06.0576 3972 NDProxy - ok 19:14:06.0623 3972 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:14:06.0717 3972 NetBIOS - ok 19:14:06.0748 3972 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:14:06.0826 3972 NetBT - ok 19:14:06.0857 3972 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 19:14:06.0888 3972 Netlogon - ok 19:14:06.0951 3972 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 19:14:07.0107 3972 Netman - ok 19:14:07.0138 3972 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 19:14:07.0200 3972 netprofm - ok 19:14:07.0263 3972 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:14:07.0278 3972 NetTcpPortSharing - ok 19:14:07.0310 3972 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 19:14:07.0325 3972 nfrd960 - ok 19:14:07.0356 3972 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 19:14:07.0403 3972 NlaSvc - ok 19:14:07.0434 3972 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:14:07.0528 3972 Npfs - ok 19:14:07.0559 3972 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 19:14:07.0700 3972 nsi - ok 19:14:07.0731 3972 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:14:07.0824 3972 nsiproxy - ok 19:14:07.0902 3972 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:14:07.0965 3972 Ntfs - ok 19:14:07.0965 3972 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 19:14:08.0121 3972 Null - ok 19:14:08.0168 3972 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:14:08.0199 3972 nvraid - ok 19:14:08.0214 3972 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:14:08.0246 3972 nvstor - ok 19:14:08.0277 3972 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:14:08.0308 3972 nv_agp - ok 19:14:08.0339 3972 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:14:08.0386 3972 ohci1394 - ok 19:14:08.0464 3972 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:14:08.0495 3972 ose - ok 19:14:08.0573 3972 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:14:08.0620 3972 p2pimsvc - ok 19:14:08.0682 3972 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 19:14:08.0745 3972 p2psvc - ok 19:14:08.0776 3972 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 19:14:08.0807 3972 Parport - ok 19:14:08.0854 3972 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:14:08.0870 3972 partmgr - ok 19:14:08.0885 3972 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:14:08.0948 3972 PcaSvc - ok 19:14:08.0979 3972 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 19:14:09.0010 3972 pci - ok 19:14:09.0026 3972 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 19:14:09.0041 3972 pciide - ok 19:14:09.0072 3972 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 19:14:09.0119 3972 pcmcia - ok 19:14:09.0166 3972 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 19:14:09.0197 3972 pcw - ok 19:14:09.0228 3972 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:14:09.0322 3972 PEAUTH - ok 19:14:09.0384 3972 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 19:14:09.0478 3972 PeerDistSvc - ok 19:14:09.0603 3972 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 19:14:09.0650 3972 PerfHost - ok 19:14:09.0743 3972 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 19:14:09.0868 3972 pla - ok 19:14:09.0946 3972 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:14:09.0993 3972 PlugPlay - ok 19:14:10.0024 3972 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:14:10.0071 3972 PNRPAutoReg - ok 19:14:10.0102 3972 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:14:10.0133 3972 PNRPsvc - ok 19:14:10.0180 3972 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:14:10.0274 3972 PolicyAgent - ok 19:14:10.0383 3972 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 19:14:10.0476 3972 Power - ok 19:14:10.0554 3972 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:14:10.0632 3972 PptpMiniport - ok 19:14:10.0679 3972 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 19:14:10.0726 3972 Processor - ok 19:14:10.0788 3972 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 19:14:10.0804 3972 ProfSvc - ok 19:14:10.0820 3972 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:14:10.0835 3972 ProtectedStorage - ok 19:14:10.0866 3972 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:14:10.0960 3972 Psched - ok 19:14:11.0038 3972 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 19:14:11.0132 3972 ql2300 - ok 19:14:11.0163 3972 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 19:14:11.0178 3972 ql40xx - ok 19:14:11.0241 3972 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 19:14:11.0272 3972 QWAVE - ok 19:14:11.0288 3972 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:14:11.0319 3972 QWAVEdrv - ok 19:14:11.0334 3972 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:14:11.0412 3972 RasAcd - ok 19:14:11.0490 3972 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 19:14:11.0584 3972 RasAgileVpn - ok 19:14:11.0615 3972 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 19:14:11.0693 3972 RasAuto - ok 19:14:11.0740 3972 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:14:11.0818 3972 Rasl2tp - ok 19:14:11.0865 3972 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 19:14:11.0958 3972 RasMan - ok 19:14:11.0990 3972 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:14:12.0068 3972 RasPppoe - ok 19:14:12.0099 3972 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:14:12.0177 3972 RasSstp - ok 19:14:12.0239 3972 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:14:12.0348 3972 rdbss - ok 19:14:12.0364 3972 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 19:14:12.0411 3972 rdpbus - ok 19:14:12.0458 3972 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:14:12.0520 3972 RDPCDD - ok 19:14:12.0582 3972 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 19:14:12.0629 3972 RDPDR - ok 19:14:12.0660 3972 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:14:12.0738 3972 RDPENCDD - ok 19:14:12.0785 3972 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 19:14:12.0863 3972 RDPREFMP - ok 19:14:12.0926 3972 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:14:12.0988 3972 RDPWD - ok 19:14:13.0050 3972 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:14:13.0082 3972 rdyboost - ok 19:14:13.0128 3972 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:14:13.0206 3972 RemoteAccess - ok 19:14:13.0253 3972 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:14:13.0347 3972 RemoteRegistry - ok 19:14:13.0409 3972 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:14:13.0503 3972 RpcEptMapper - ok 19:14:13.0550 3972 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 19:14:13.0596 3972 RpcLocator - ok 19:14:13.0628 3972 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 19:14:13.0690 3972 RpcSs - ok 19:14:13.0752 3972 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:14:13.0846 3972 rspndr - ok 19:14:13.0877 3972 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 19:14:13.0908 3972 s3cap - ok 19:14:13.0940 3972 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 19:14:13.0955 3972 SamSs - ok 19:14:13.0986 3972 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:14:14.0002 3972 sbp2port - ok 19:14:14.0018 3972 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:14:14.0111 3972 SCardSvr - ok 19:14:14.0127 3972 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:14:14.0174 3972 scfilter - ok 19:14:14.0236 3972 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 19:14:14.0345 3972 Schedule - ok 19:14:14.0376 3972 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 19:14:14.0439 3972 SCPolicySvc - ok 19:14:14.0454 3972 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:14:14.0501 3972 SDRSVC - ok 19:14:14.0548 3972 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:14:14.0657 3972 secdrv - ok 19:14:14.0688 3972 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 19:14:14.0766 3972 seclogon - ok 19:14:14.0813 3972 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 19:14:14.0876 3972 SENS - ok 19:14:14.0876 3972 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 19:14:14.0922 3972 SensrSvc - ok 19:14:14.0954 3972 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 19:14:15.0000 3972 Serenum - ok 19:14:15.0032 3972 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 19:14:15.0078 3972 Serial - ok 19:14:15.0110 3972 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 19:14:15.0141 3972 sermouse - ok 19:14:15.0203 3972 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 19:14:15.0281 3972 SessionEnv - ok 19:14:15.0312 3972 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:14:15.0390 3972 sffdisk - ok 19:14:15.0422 3972 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:14:15.0468 3972 sffp_mmc - ok 19:14:15.0500 3972 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:14:15.0546 3972 sffp_sd - ok 19:14:15.0578 3972 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 19:14:15.0624 3972 sfloppy - ok 19:14:15.0671 3972 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:14:15.0749 3972 SharedAccess - ok 19:14:15.0812 3972 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:14:15.0905 3972 ShellHWDetection - ok 19:14:15.0936 3972 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 19:14:15.0952 3972 SiSRaid2 - ok 19:14:15.0968 3972 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 19:14:15.0999 3972 SiSRaid4 - ok 19:14:16.0014 3972 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:14:16.0092 3972 Smb - ok 19:14:16.0155 3972 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:14:16.0202 3972 SNMPTRAP - ok 19:14:16.0233 3972 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 19:14:16.0248 3972 spldr - ok 19:14:16.0342 3972 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 19:14:16.0420 3972 Spooler - ok 19:14:16.0529 3972 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 19:14:16.0716 3972 sppsvc - ok 19:14:16.0763 3972 [ 0133DE7BB39F869975D8AF4BC9F0B0DB ] sppuinotify C:\Windows\system32\sppuinotify.dll 19:14:16.0794 3972 sppuinotify ( UnsignedFile.Multi.Generic ) - warning 19:14:16.0794 3972 sppuinotify - detected UnsignedFile.Multi.Generic (1) 19:14:16.0841 3972 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 19:14:16.0904 3972 srv - ok 19:14:16.0950 3972 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:14:17.0028 3972 srv2 - ok 19:14:17.0091 3972 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:14:17.0122 3972 srvnet - ok 19:14:17.0200 3972 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:14:17.0262 3972 SSDPSRV - ok 19:14:17.0278 3972 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:14:17.0372 3972 SstpSvc - ok 19:14:17.0418 3972 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 19:14:17.0450 3972 stexstor - ok 19:14:17.0543 3972 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 19:14:17.0621 3972 stisvc - ok 19:14:17.0668 3972 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 19:14:17.0684 3972 storflt - ok 19:14:17.0730 3972 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 19:14:17.0777 3972 StorSvc - ok 19:14:17.0824 3972 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 19:14:17.0840 3972 storvsc - ok 19:14:17.0855 3972 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 19:14:17.0871 3972 swenum - ok 19:14:17.0949 3972 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 19:14:18.0074 3972 swprv - ok 19:14:18.0152 3972 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 19:14:18.0230 3972 SysMain - ok 19:14:18.0261 3972 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:14:18.0292 3972 TabletInputService - ok 19:14:18.0323 3972 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 19:14:18.0386 3972 TapiSrv - ok 19:14:18.0401 3972 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 19:14:18.0495 3972 TBS - ok 19:14:18.0588 3972 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:14:18.0682 3972 Tcpip - ok 19:14:18.0744 3972 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:14:18.0807 3972 TCPIP6 - ok 19:14:18.0869 3972 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:14:18.0900 3972 tcpipreg - ok 19:14:18.0947 3972 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:14:18.0978 3972 TDPIPE - ok 19:14:19.0041 3972 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:14:19.0103 3972 TDTCP - ok 19:14:19.0134 3972 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:14:19.0197 3972 tdx - ok 19:14:19.0212 3972 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 19:14:19.0244 3972 TermDD - ok 19:14:19.0306 3972 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 19:14:19.0415 3972 TermService - ok 19:14:19.0446 3972 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 19:14:19.0509 3972 Themes - ok 19:14:19.0540 3972 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 19:14:19.0602 3972 THREADORDER - ok 19:14:19.0712 3972 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe 19:14:19.0758 3972 TomTomHOMEService - ok 19:14:19.0774 3972 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 19:14:19.0868 3972 TrkWks - ok 19:14:19.0946 3972 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:14:20.0024 3972 TrustedInstaller - ok 19:14:20.0055 3972 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:14:20.0117 3972 tssecsrv - ok 19:14:20.0148 3972 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:14:20.0180 3972 TsUsbFlt - ok 19:14:20.0226 3972 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 19:14:20.0273 3972 TsUsbGD - ok 19:14:20.0320 3972 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:14:20.0398 3972 tunnel - ok 19:14:20.0429 3972 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 19:14:20.0445 3972 uagp35 - ok 19:14:20.0476 3972 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:14:20.0616 3972 udfs - ok 19:14:20.0679 3972 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:14:20.0741 3972 UI0Detect - ok 19:14:20.0772 3972 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:14:20.0804 3972 uliagpkx - ok 19:14:20.0835 3972 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 19:14:20.0882 3972 umbus - ok 19:14:20.0913 3972 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 19:14:20.0944 3972 UmPass - ok 19:14:20.0991 3972 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 19:14:21.0053 3972 UmRdpService - ok 19:14:21.0084 3972 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 19:14:21.0162 3972 upnphost - ok 19:14:21.0209 3972 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:14:21.0256 3972 usbccgp - ok 19:14:21.0303 3972 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:14:21.0350 3972 usbcir - ok 19:14:21.0396 3972 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 19:14:21.0474 3972 usbehci - ok 19:14:21.0537 3972 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:14:21.0599 3972 usbhub - ok 19:14:21.0630 3972 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 19:14:21.0646 3972 usbohci - ok 19:14:21.0677 3972 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:14:21.0724 3972 usbprint - ok 19:14:21.0786 3972 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 19:14:21.0802 3972 usbscan - ok 19:14:21.0849 3972 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:14:21.0896 3972 USBSTOR - ok 19:14:21.0927 3972 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 19:14:21.0974 3972 usbuhci - ok 19:14:22.0020 3972 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 19:14:22.0130 3972 UxSms - ok 19:14:22.0161 3972 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 19:14:22.0176 3972 VaultSvc - ok 19:14:22.0223 3972 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:14:22.0254 3972 vdrvroot - ok 19:14:22.0286 3972 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 19:14:22.0379 3972 vds - ok 19:14:22.0410 3972 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:14:22.0442 3972 vga - ok 19:14:22.0442 3972 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 19:14:22.0535 3972 VgaSave - ok 19:14:22.0566 3972 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 19:14:22.0629 3972 vhdmp - ok 19:14:22.0644 3972 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 19:14:22.0676 3972 viaide - ok 19:14:22.0738 3972 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 19:14:22.0754 3972 vmbus - ok 19:14:22.0785 3972 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 19:14:22.0847 3972 VMBusHID - ok 19:14:22.0878 3972 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:14:22.0894 3972 volmgr - ok 19:14:22.0925 3972 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:14:22.0956 3972 volmgrx - ok 19:14:22.0988 3972 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:14:23.0003 3972 volsnap - ok 19:14:23.0034 3972 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 19:14:23.0066 3972 vsmraid - ok 19:14:23.0159 3972 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 19:14:23.0331 3972 VSS - ok 19:14:23.0393 3972 [ 7DB85B78309C05C9F06F469ED976DC9E ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe 19:14:23.0424 3972 vToolbarUpdater13.2.0 - ok 19:14:23.0440 3972 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 19:14:23.0471 3972 vwifibus - ok 19:14:23.0502 3972 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 19:14:23.0549 3972 vwififlt - ok 19:14:23.0596 3972 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 19:14:23.0721 3972 W32Time - ok 19:14:23.0768 3972 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 19:14:23.0799 3972 WacomPen - ok 19:14:23.0861 3972 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 19:14:23.0939 3972 WANARP - ok 19:14:23.0970 3972 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:14:24.0017 3972 Wanarpv6 - ok 19:14:24.0095 3972 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 19:14:24.0220 3972 wbengine - ok 19:14:24.0267 3972 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:14:24.0329 3972 WbioSrvc - ok 19:14:24.0376 3972 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:14:24.0454 3972 wcncsvc - ok 19:14:24.0485 3972 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:14:24.0532 3972 WcsPlugInService - ok 19:14:24.0579 3972 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 19:14:24.0594 3972 Wd - ok 19:14:24.0672 3972 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:14:24.0750 3972 Wdf01000 - ok 19:14:24.0766 3972 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:14:24.0828 3972 WdiServiceHost - ok 19:14:24.0828 3972 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:14:24.0860 3972 WdiSystemHost - ok 19:14:24.0891 3972 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 19:14:24.0953 3972 WebClient - ok 19:14:25.0000 3972 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:14:25.0094 3972 Wecsvc - ok 19:14:25.0125 3972 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:14:25.0203 3972 wercplsupport - ok 19:14:25.0234 3972 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 19:14:25.0328 3972 WerSvc - ok 19:14:25.0390 3972 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 19:14:25.0515 3972 WfpLwf - ok 19:14:25.0546 3972 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:14:25.0562 3972 WIMMount - ok 19:14:25.0608 3972 WinDefend - ok 19:14:25.0608 3972 WinHttpAutoProxySvc - ok 19:14:25.0718 3972 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:14:25.0796 3972 Winmgmt - ok 19:14:25.0920 3972 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 19:14:26.0045 3972 WinRM - ok 19:14:26.0108 3972 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 19:14:26.0123 3972 WinUsb - ok 19:14:26.0201 3972 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 19:14:26.0264 3972 Wlansvc - ok 19:14:26.0357 3972 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 19:14:26.0404 3972 WmiAcpi - ok 19:14:26.0466 3972 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:14:26.0513 3972 wmiApSrv - ok 19:14:26.0591 3972 WMPNetworkSvc - ok 19:14:26.0732 3972 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe 19:14:26.0778 3972 WMZuneComm - ok 19:14:26.0841 3972 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:14:26.0856 3972 WPCSvc - ok 19:14:26.0888 3972 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:14:26.0903 3972 WPDBusEnum - ok 19:14:26.0919 3972 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:14:26.0981 3972 ws2ifsl - ok 19:14:26.0997 3972 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 19:14:27.0059 3972 wscsvc - ok 19:14:27.0059 3972 WSearch - ok 19:14:27.0184 3972 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 19:14:27.0340 3972 wuauserv - ok 19:14:27.0387 3972 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:14:27.0434 3972 WudfPf - ok 19:14:27.0496 3972 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:14:27.0543 3972 WUDFRd - ok 19:14:27.0590 3972 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:14:27.0636 3972 wudfsvc - ok 19:14:27.0683 3972 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 19:14:27.0730 3972 WwanSvc - ok 19:14:27.0980 3972 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe 19:14:28.0307 3972 ZuneNetworkSvc - ok 19:14:28.0401 3972 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe 19:14:28.0463 3972 ZuneWlanCfgSvc - ok 19:14:28.0494 3972 ================ Scan global =============================== 19:14:28.0541 3972 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 19:14:28.0588 3972 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 19:14:28.0619 3972 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 19:14:28.0682 3972 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 19:14:28.0728 3972 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 19:14:28.0744 3972 [Global] - ok 19:14:28.0744 3972 ================ Scan MBR ================================== 19:14:28.0760 3972 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 19:14:29.0150 3972 \Device\Harddisk0\DR0 - ok 19:14:29.0150 3972 ================ Scan VBR ================================== 19:14:29.0150 3972 [ C2238C08175EA1440CD3F9FD99682CAD ] \Device\Harddisk0\DR0\Partition1 19:14:29.0150 3972 \Device\Harddisk0\DR0\Partition1 - ok 19:14:29.0150 3972 ============================================================ 19:14:29.0150 3972 Scan finished 19:14:29.0150 3972 ============================================================ 19:14:29.0165 1192 Detected object count: 2 19:14:29.0165 1192 Actual detected object count: 2 19:15:12.0736 1192 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 19:15:12.0736 1192 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:15:12.0736 1192 sppuinotify ( UnsignedFile.Multi.Generic ) - skipped by user 19:15:12.0736 1192 sppuinotify ( UnsignedFile.Multi.Generic ) - User select action: Skip |
06.01.2013, 19:40 | #11 | |
/// Malware-holic | claro search entfernen und evtl babylon toolbar combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.01.2013, 20:05 | #12 |
| claro search entfernen und evtl babylon toolbar Combofix Logfile: Code:
ATTFilter ComboFix 13-01-05.01 - Icke 06.01.2013 19:48:18.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3838.2748 [GMT 1:00] ausgeführt von:: c:\users\Icke\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-12-06 bis 2013-01-06 )))))))))))))))))))))))))))))) . . 2013-01-06 18:56 . 2013-01-06 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-06 17:09 . 2013-01-06 17:09 -------- d-----w- C:\_OTL 2013-01-04 15:58 . 2013-01-04 15:58 -------- d-----w- c:\users\Icke\AppData\Roaming\OpenOffice.org 2013-01-04 15:57 . 2013-01-04 15:57 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 2013-01-03 13:29 . 2013-01-03 13:30 -------- d-----w- c:\programdata\TuneUp Software 2013-01-03 13:29 . 2013-01-03 13:29 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-01-03 13:27 . 2013-01-03 13:27 -------- d-----w- c:\program files (x86)\Claro LTD 2013-01-03 13:27 . 2013-01-03 13:27 -------- d-----w- c:\users\Icke\AppData\Roaming\Babylon 2013-01-03 13:27 . 2013-01-03 13:27 -------- d-----w- c:\programdata\Babylon 2013-01-03 13:26 . 2013-01-03 13:26 -------- d-----w- c:\program files (x86)\Solitaire XP 2013-01-02 16:53 . 2013-01-02 16:55 -------- d-----w- c:\program files (x86)\Ulead Systems 2013-01-02 16:51 . 2013-01-02 16:51 -------- d-----w- c:\programdata\Ulead Systems 2012-12-29 19:13 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-12-29 19:13 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-12-29 19:13 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-12-23 20:03 . 2013-01-02 19:09 -------- d-----w- c:\users\Icke\AppData\Local\Microsoft Games 2012-12-23 20:02 . 2012-12-23 20:02 -------- d-----w- c:\program files\Microsoft Games 2012-12-22 11:49 . 2012-12-22 11:49 -------- d-----w- c:\program files (x86)\UseNeXT 2012-12-21 11:58 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 11:58 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 11:58 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 11:58 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 21:42 . 2012-12-19 21:42 -------- d-----w- c:\users\Icke\AppData\Local\ElevatedDiagnostics 2012-12-19 21:00 . 2010-02-04 09:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll 2012-12-19 20:59 . 2005-02-05 18:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll 2012-12-19 20:25 . 2012-12-19 21:47 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL 2012-12-19 20:25 . 2012-12-19 21:47 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT 2012-12-19 20:25 . 2012-12-19 21:47 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR 2012-12-19 20:25 . 2012-12-19 21:47 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES 2012-12-19 20:23 . 2012-12-19 21:47 -------- d-----w- c:\windows\system32\drivers\UMDF\en-US 2012-12-19 20:23 . 2012-12-19 21:47 -------- d-----w- c:\program files\Zune 2012-12-19 20:13 . 2012-12-19 21:47 -------- d-----w- c:\programdata\Applications 2012-12-16 16:28 . 2012-12-16 23:22 -------- d-----w- c:\users\Icke\AppData\Roaming\PerformerSoft 2012-12-16 16:28 . 2012-03-14 14:47 19000 ----a-w- c:\windows\system32\roboot64.exe 2012-12-16 16:28 . 2012-12-16 16:28 -------- d-----w- c:\program files (x86)\Yontoo 2012-12-16 16:27 . 2012-12-16 16:27 -------- d-----w- c:\program files (x86)\File Scout 2012-12-16 16:27 . 2012-12-16 16:27 -------- d-----w- c:\programdata\IBUpdaterService 2012-12-12 20:56 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-09 17:52 . 2012-12-09 17:52 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2012-12-09 11:24 . 2012-12-09 11:24 -------- d-----w- c:\programdata\NokiaInstallerCache 2012-12-09 11:24 . 2012-12-09 11:24 -------- d-----w- c:\program files (x86)\Nokia . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-12 22:12 . 2012-11-13 10:52 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-11 19:44 . 2012-11-10 23:39 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-11 19:44 . 2012-11-10 23:39 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-14 21:42 . 2012-11-14 21:42 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-14 21:42 . 2012-11-14 21:42 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-11-14 21:42 . 2012-11-14 21:42 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-11-10 23:59 . 2009-06-10 20:59 113594 ----a-w- c:\windows\system32\slmgr.vbs 2012-11-10 23:59 . 2010-11-21 03:24 1008128 ----a-w- c:\windows\system32\user32.dll 2012-11-10 23:59 . 2009-06-10 21:38 113594 ----a-w- c:\windows\SysWow64\slmgr.vbs 2012-11-10 23:59 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll 2012-11-10 23:59 . 2010-11-21 03:24 15360 ----a-w- c:\windows\system32\slwga.dll 2012-11-10 23:59 . 2010-11-21 03:23 14336 ----a-w- c:\windows\SysWow64\slwga.dll 2012-11-10 23:59 . 2009-07-13 23:52 142336 ----a-w- c:\windows\system32\sppwmi.dll 2012-11-10 23:59 . 2009-07-13 23:36 118784 ----a-w- c:\windows\SysWow64\sppwmi.dll 2012-11-10 23:59 . 2009-07-13 23:52 65536 ----a-w- c:\windows\system32\sppuinotify.dll 2012-11-10 23:59 . 2009-07-13 23:51 381952 ----a-w- c:\windows\system32\sppcommdlg.dll 2012-11-10 23:59 . 2009-07-13 23:36 345088 ----a-w- c:\windows\SysWow64\sppcommdlg.dll 2012-11-10 23:59 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll 2012-11-10 23:59 . 2010-11-21 03:24 410624 ----a-w- c:\windows\SysWow64\systemcpl.dll 2012-11-10 21:03 . 2012-11-10 21:04 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2012-11-10 20:29 . 2012-11-10 20:29 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-11-10 20:29 . 2012-11-10 20:29 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-11-10 20:29 . 2012-11-10 20:29 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-11-10 20:29 . 2012-11-10 20:29 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-11-10 20:29 . 2012-11-10 20:29 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-11-10 20:29 . 2012-11-10 20:29 82432 ----a-w- c:\windows\system32\icardie.dll 2012-11-10 20:29 . 2012-11-10 20:29 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-11-10 20:29 . 2012-11-10 20:29 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-11-10 20:29 . 2012-11-10 20:29 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-11-10 20:29 . 2012-11-10 20:29 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-11-10 20:29 . 2012-11-10 20:29 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-11-10 20:29 . 2012-11-10 20:29 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-11-10 20:29 . 2012-11-10 20:29 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-11-10 20:29 . 2012-11-10 20:29 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-11-10 20:29 . 2012-11-10 20:29 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-11-10 20:29 . 2012-11-10 20:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-11-10 20:29 . 2012-11-10 20:29 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-11-10 20:29 . 2012-11-10 20:29 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-11-10 20:29 . 2012-11-10 20:29 448512 ----a-w- c:\windows\system32\html.iec 2012-11-10 20:29 . 2012-11-10 20:29 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-11-10 20:29 . 2012-11-10 20:29 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-11-10 20:29 . 2012-11-10 20:29 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-11-10 20:29 . 2012-11-10 20:29 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-11-10 20:29 . 2012-11-10 20:29 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-11-10 20:29 . 2012-11-10 20:29 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-10 20:29 . 2012-11-10 20:29 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-11-10 20:29 . 2012-11-10 20:29 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-11-10 20:29 . 2012-11-10 20:29 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-11-10 20:29 . 2012-11-10 20:29 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-11-10 20:29 . 2012-11-10 20:29 222208 ----a-w- c:\windows\system32\msls31.dll 2012-11-10 20:29 . 2012-11-10 20:29 197120 ----a-w- c:\windows\system32\msrating.dll 2012-11-10 20:29 . 2012-11-10 20:29 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-11-10 20:29 . 2012-11-10 20:29 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-11-10 20:29 . 2012-11-10 20:29 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-11-10 20:29 . 2012-11-10 20:29 160256 ----a-w- c:\windows\system32\wextract.exe 2012-11-10 20:29 . 2012-11-10 20:29 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-11-10 20:29 . 2012-11-10 20:29 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-11-10 20:29 . 2012-11-10 20:29 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-11-10 20:29 . 2012-11-10 20:29 149504 ----a-w- c:\windows\system32\occache.dll 2012-11-10 20:29 . 2012-11-10 20:29 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-11-10 20:29 . 2012-11-10 20:29 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-11-10 20:29 . 2012-11-10 20:29 12288 ----a-w- c:\windows\system32\mshta.exe 2012-11-10 20:29 . 2012-11-10 20:29 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-11-10 20:29 . 2012-11-10 20:29 114176 ----a-w- c:\windows\system32\admparse.dll 2012-11-10 20:29 . 2012-11-10 20:29 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-11-10 20:29 . 2012-11-10 20:29 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-11-10 20:29 . 2012-11-10 20:29 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-11-10 20:29 . 2012-11-10 20:29 103936 ----a-w- c:\windows\system32\inseng.dll 2012-11-10 20:29 . 2012-11-10 20:29 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-10-22 12:02 . 2012-10-22 12:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2012-10-16 08:38 . 2012-11-28 15:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 15:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 15:00 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-15 02:48 . 2012-10-15 02:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-10-09 18:17 . 2012-11-14 19:24 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-14 19:24 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-14 19:24 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 19:24 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [-] 2010-08-14 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe . [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2012-11-10 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2012-11-10 . 0A8910F85D554ADB5C7F5B157FEE8622 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}] 2012-12-24 10:10 258560 ----a-w- c:\program files (x86)\Claro LTD\claro\1.8.8.5\bh\claro.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-11-12 19:54 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2012-07-04 13:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-12 1796552] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040] "{9E131A93-EED7-4BEB-B015-A0ADB30B5646}"= "c:\program files (x86)\Claro LTD\claro\1.8.8.5\claroTlbr.dll" [2012-12-24 332800] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] . [HKEY_CLASSES_ROOT\clsid\{9e131a93-eed7-4beb-b015-a0adb30b5646}] [HKEY_CLASSES_ROOT\claro.clarodskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\claro.clarodskBnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-08-28 247768] "Personal ID"="c:\coolsp~1\PERSON~1\PID.EXE" [2009-03-04 1134008] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-12 997320] "ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-11-10 1020512] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Icke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-10 30568] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048] S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [2012-12-16 580664] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632] S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-10 711112] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 75243367 *Deregistered* - 75243367 . Inhalt des "geplante Tasks" Ordners . 2013-01-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-10 19:44] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.claro-search.com/?affID=117423&tt=0113_6&babsrc=HP_ss&mntrId=608d26d100000000000000262210ae7b mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={5D093DC3-2B91-11E2-B0DB-00262210AE7B} mLocal Page = c:\windows\SysWOW64\blank.htm IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll FF - ProfilePath - c:\users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\qzkne0p3.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Claro Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bf12866f8-1039-4e60-85b9-f04fa00620ea%7D&mid=50d848671d8b47d08156d16f64f44788-018d4d29bcc892f029fa30e904c137a0a36f901c&ds=AVG&v=13.2.0.4&lang=de&pr=fr&d=2012-11-10%2022%3A04%3A10&sap=ku&q= FF - ExtSQL: 2012-11-10 21:42; {9AA46F4F-4DC7-4c06-97AF-5035170634FE}; c:\users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\qzkne0p3.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi FF - ExtSQL: 2012-11-10 22:04; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\13.2.0.5 FF - ExtSQL: 2012-12-30 13:31; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Icke\AppData\Roaming\Mozilla\Firefox\Profiles\qzkne0p3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - user.js: extentions.y2layers.installId - ffbb3055-f145-4701-87f4-2d43892f475d FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: extensions.claro.tlbrSrchUrl - FF - user.js: extensions.claro.id - 608d26d100000000000000262210ae7b FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062} FF - user.js: extensions.claro.instlDay - 15708 FF - user.js: extensions.claro.vrsn - 1.8.8.5 FF - user.js: extensions.claro.vrsni - 1.8.8.5 FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.514:27 FF - user.js: extensions.claro.prtnrId - claro FF - user.js: extensions.claro.prdct - claro FF - user.js: extensions.claro.aflt - babsst FF - user.js: extensions.claro_i.smplGrp - none FF - user.js: extensions.claro.tlbrId - base FF - user.js: extensions.claro.instlRef - sst FF - user.js: extensions.claro.dfltLng - en FF - user.js: extensions.claro_i.excTlbr - false FF - user.js: extensions.claro.excTlbr - false FF - user.js: extensions.claro.admin - false FF - user.js: extensions.claro.autoRvrt - false FF - user.js: extensions.claro.rvrt - false FF - user.js: extensions.claro_i.newTab - false . - - - - Entfernte verwaiste Registrierungseinträge - - - - . WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-01-06 20:00:04 ComboFix-quarantined-files.txt 2013-01-06 19:00 . Vor Suchlauf: 19 Verzeichnis(se), 28.000.473.088 Bytes frei Nach Suchlauf: 28 Verzeichnis(se), 27.627.081.728 Bytes frei . - - End Of File - - 6EDFCE4952CD130B920350A44A4D887C Scan ist durchgelaufen und hat ca 10 Minuten gebraucht. Der Rechner hat aber keinen Neustart gemacht. Aufgefallen ist mir, dass Firefox nicht mehr der Standart - Browser war und mich fragte, ob er das wieder sein soll. |
06.01.2013, 20:10 | #13 |
/// Malware-holic | claro search entfernen und evtl babylon toolbar hi malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.01.2013, 23:05 | #14 |
| claro search entfernen und evtl babylon toolbar das hat gedauert, aber nun haben wir es. Der clarosearch ist aber noch da, hab ich grad gesehen. --------------- Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.06.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Icke :: ICKE-PC [Administrator] Schutz: Aktiviert 06.01.2013 20:19:05 mbam-log-2013-01-06 (20-19-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 481796 Laufzeit: 2 Stunde(n), 34 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 1 C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> 3792 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 2 HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Löschen bei Neustart. Infizierte Dateien: 6 C:\Users\Icke\Documents\Downloads\SoftonicDownloader_fuer_cupids-3d-valentines-day-screensaver.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Icke\Documents\Downloads\SoftonicDownloader_fuer_gimp(1).exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Icke\Documents\Downloads\SoftonicDownloader_fuer_gimp.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Icke\Documents\Downloads\SoftonicDownloader_fuer_photoscape.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.InstallBrain) -> Löschen bei Neustart. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
07.01.2013, 00:48 | #15 |
/// Malware-holic | claro search entfernen und evtl babylon toolbar Hi, wir sind ja nicht fertig. bitte nutze kein Softonic mehr. Lade und instaliere möglichst vom Hersteller direkt. Instaliere benutzerdefiniert, klicke nicht wild drauf los, lies was dir angeboten wird, evtl. auch Infos über google einholen. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu claro search entfernen und evtl babylon toolbar |
add on, adwcleaner, anleitung, babylon, desktop, entferne, entfernen, fehlerbehebung, festgestellt, firefox, gefunde, gelöscht, gestellt, leitung, namens, neue, neuen, problem, runterladen, search, software, stand, suchseite, tab, toolbar, öffnet |