|
Log-Analyse und Auswertung: Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.GenericWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.01.2013, 19:38 | #1 |
| Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic Hallo zusammen, ich hoffe Ihr könnt mir helfen! Gestern hat Kaspersky bei mir drei Trojaner gefunden, die er nicht beseitigen kann. Im Kaspersky Bericht erschein der HEUR:Exploit.Java.CVE-2012-0507.gen zweimal, warum auch immer (beide im selben Pfad gefunden) und der HEUR:Exploit.Java.Generic. Meine Backups gehen bis Anfang September zurück, aber leider hatte ich schon damals diese Trojaner drauf, wußte nur von nichts. Google hat mir gezeigt, dass die Entfernung was individuelles ist und ich somit Hilfe benötige. Wie hier beschrieben habe ich alle Programme laufen lassen und die Ergebnisse angehängt (defogger, OTL (musste ich auf zwei Datein verteilen), Extras, Gmer). Würde mich sehr freuen wenn Ihr mir hier helfen könntet! Viele Grüße Carsten |
13.01.2013, 22:28 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic Hallo und
__________________Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen? Logfiles im Anhang erschweren die Auswertung massivst Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.
__________________ |
14.01.2013, 07:23 | #3 |
| Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic Hallo Cosinus,
__________________ich habe mich einfach in dem Bereich "Für alle Hilfesuchenden" von Punkt 1 bis 4 durchgearbeitet. Danach folgt nur noch "Bitte nur machen wenn vom Helfer gefordert", sprich da nicht gefordert, habe ich mich damit nicht beschäftigt. Somit blieb nur eine Möglichkeit die Logs zu posten... in dem ich diese hochlade, zumal einem Möglichkeit ja auch beim erstellen des Beitrags gleich angeboten wird. Viele Grüße Carsten |
14.01.2013, 10:30 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
14.01.2013, 17:42 | #5 |
| Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic Hallo Cosinus, habe noch den Scan von Kaspersky vom 12.01.2013. Habe den Bericht angehängt. Vielen Dank für Deine Hilfe! Viele Grüße Carsten |
14.01.2013, 21:41 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic Sagmal was hast du eigentlich nicht mit den CODE-Tags verstanden?! Stand doch dick und fett da, wie du die Logs bitte zu posten hast
__________________ --> Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic |
15.01.2013, 07:46 | #7 |
| Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic Oh, sorry, in der Tat nicht. war gestern etwas hektisch und so ist mir der Teil durch. Soll ich den Scan-Log noch einmal auf diese Weise hochladen? |
15.01.2013, 11:19 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic Nein aber die nächsten Logs bitte Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
15.01.2013, 21:40 | #9 |
| Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic Hat alles soweit wunderbar funktioniert, mit einem überraschenden Ergebnis. Mbar meinte das keine Maleware gefunden wurde und das kein Cleanup notwendig ist. Habe mich genaustens an die Anweisungen gehalten und auch das Database update vor dem Scan gemacht. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016 www.malwarebytes.org Database version: v2013.01.15.13 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Carsten :: CARSTEN-PC [administrator] 15.01.2013 21:32:52 mbar-log-2013-01-15 (21-32-52).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 31234 Time elapsed: 3 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
16.01.2013, 14:39 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
17.01.2013, 20:26 | #11 |
| Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic Hallo Cosinus, hat alles soweit gut funktioniert. Beim aswMBR musste ich den Weg über die Einstellung "none" unter AV scan gehen. aswMBR Log Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-01-17 20:17:40 ----------------------------- 20:17:40.292 OS Version: Windows x64 6.1.7601 Service Pack 1 20:17:40.292 Number of processors: 8 586 0x2A07 20:17:40.292 ComputerName: CARSTEN-PC UserName: Carsten 20:17:40.370 Initialize success 20:17:44.644 AVAST engine defs: 13011700 20:18:07.732 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 20:18:07.732 Disk 0 Vendor: INTEL_SS 2CV1 Size: 76319MB BusType: 3 20:18:07.732 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 20:18:07.732 Disk 1 Vendor: ST315003 CC6H Size: 1430799MB BusType: 3 20:18:07.748 Disk 0 MBR read successfully 20:18:07.748 Disk 0 MBR scan 20:18:07.748 Disk 0 Windows 7 default MBR code 20:18:07.748 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 20:18:07.748 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848 20:18:07.748 Disk 0 scanning C:\windows\system32\drivers 20:18:10.182 Service scanning 20:18:15.876 Modules scanning 20:18:15.876 Disk 0 trace - called modules: 20:18:15.876 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 20:18:15.876 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008e5c790] 20:18:15.876 3 CLASSPNP.SYS[fffff8800205143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80071ad050] 20:18:15.891 Scan finished successfully 20:18:36.811 Disk 0 MBR has been saved successfully to "C:\Users\Carsten\Desktop\MBR.dat" 20:18:36.811 The log file has been saved successfully to "C:\Users\Carsten\Desktop\aswMBR.txt" Code:
ATTFilter 20:19:35.0119 3316 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 20:19:35.0291 3316 ============================================================ 20:19:35.0291 3316 Current date / time: 2013/01/17 20:19:35.0291 20:19:35.0291 3316 SystemInfo: 20:19:35.0291 3316 20:19:35.0291 3316 OS Version: 6.1.7601 ServicePack: 1.0 20:19:35.0291 3316 Product type: Workstation 20:19:35.0291 3316 ComputerName: CARSTEN-PC 20:19:35.0291 3316 UserName: Carsten 20:19:35.0291 3316 Windows directory: C:\windows 20:19:35.0291 3316 System windows directory: C:\windows 20:19:35.0291 3316 Running under WOW64 20:19:35.0291 3316 Processor architecture: Intel x64 20:19:35.0291 3316 Number of processors: 8 20:19:35.0291 3316 Page size: 0x1000 20:19:35.0291 3316 Boot type: Normal boot 20:19:35.0291 3316 ============================================================ 20:19:35.0478 3316 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:19:35.0494 3316 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:19:35.0509 3316 ============================================================ 20:19:35.0509 3316 \Device\Harddisk0\DR0: 20:19:35.0509 3316 MBR partitions: 20:19:35.0509 3316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 20:19:35.0509 3316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800 20:19:35.0509 3316 \Device\Harddisk1\DR1: 20:19:35.0509 3316 MBR partitions: 20:19:35.0509 3316 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAB861800 20:19:35.0509 3316 ============================================================ 20:19:35.0509 3316 C: <-> \Device\Harddisk0\DR0\Partition2 20:19:35.0509 3316 D: <-> \Device\Harddisk1\DR1\Partition1 20:19:35.0509 3316 ============================================================ 20:19:35.0509 3316 Initialize success 20:19:35.0509 3316 ============================================================ 20:20:19.0579 1228 ============================================================ 20:20:19.0579 1228 Scan started 20:20:19.0579 1228 Mode: Manual; SigCheck; TDLFS; 20:20:19.0579 1228 ============================================================ 20:20:19.0642 1228 ================ Scan system memory ======================== 20:20:19.0642 1228 System memory - ok 20:20:19.0642 1228 ================ Scan services ============================= 20:20:19.0673 1228 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 20:20:19.0720 1228 1394ohci - ok 20:20:19.0720 1228 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys 20:20:19.0720 1228 ACPI - ok 20:20:19.0735 1228 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 20:20:19.0751 1228 AcpiPmi - ok 20:20:19.0751 1228 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:20:19.0751 1228 AdobeARMservice - ok 20:20:19.0767 1228 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys 20:20:19.0767 1228 adp94xx - ok 20:20:19.0782 1228 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys 20:20:19.0782 1228 adpahci - ok 20:20:19.0798 1228 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys 20:20:19.0798 1228 adpu320 - ok 20:20:19.0798 1228 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 20:20:19.0845 1228 AeLookupSvc - ok 20:20:19.0845 1228 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys 20:20:19.0860 1228 AFD - ok 20:20:19.0876 1228 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys 20:20:19.0876 1228 agp440 - ok 20:20:19.0876 1228 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe 20:20:19.0891 1228 ALG - ok 20:20:19.0891 1228 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys 20:20:19.0891 1228 aliide - ok 20:20:19.0907 1228 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys 20:20:19.0907 1228 amdide - ok 20:20:19.0907 1228 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys 20:20:19.0923 1228 AmdK8 - ok 20:20:19.0923 1228 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys 20:20:19.0923 1228 AmdPPM - ok 20:20:19.0938 1228 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys 20:20:19.0938 1228 amdsata - ok 20:20:19.0938 1228 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys 20:20:19.0954 1228 amdsbs - ok 20:20:19.0954 1228 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys 20:20:19.0954 1228 amdxata - ok 20:20:19.0969 1228 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys 20:20:19.0985 1228 AppID - ok 20:20:19.0985 1228 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll 20:20:20.0001 1228 AppIDSvc - ok 20:20:20.0016 1228 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll 20:20:20.0032 1228 Appinfo - ok 20:20:20.0032 1228 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:20:20.0047 1228 Apple Mobile Device - ok 20:20:20.0047 1228 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys 20:20:20.0047 1228 arc - ok 20:20:20.0063 1228 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys 20:20:20.0063 1228 arcsas - ok 20:20:20.0063 1228 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 20:20:20.0094 1228 AsyncMac - ok 20:20:20.0094 1228 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys 20:20:20.0094 1228 atapi - ok 20:20:20.0141 1228 [ 3EFD964D52221360AF0673CD61C2F4F5 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys 20:20:20.0203 1228 atikmdag - ok 20:20:20.0203 1228 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 20:20:20.0235 1228 AudioEndpointBuilder - ok 20:20:20.0235 1228 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll 20:20:20.0266 1228 AudioSrv - ok 20:20:20.0281 1228 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe 20:20:20.0297 1228 AVP - ok 20:20:20.0297 1228 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll 20:20:20.0297 1228 AxInstSV - ok 20:20:20.0313 1228 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys 20:20:20.0328 1228 b06bdrv - ok 20:20:20.0328 1228 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys 20:20:20.0344 1228 b57nd60a - ok 20:20:20.0344 1228 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll 20:20:20.0359 1228 BDESVC - ok 20:20:20.0359 1228 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys 20:20:20.0375 1228 Beep - ok 20:20:20.0391 1228 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll 20:20:20.0406 1228 BFE - ok 20:20:20.0422 1228 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll 20:20:20.0453 1228 BITS - ok 20:20:20.0453 1228 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 20:20:20.0469 1228 blbdrive - ok 20:20:20.0469 1228 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 20:20:20.0484 1228 Bonjour Service - ok 20:20:20.0484 1228 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys 20:20:20.0484 1228 bowser - ok 20:20:20.0484 1228 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys 20:20:20.0500 1228 BrFiltLo - ok 20:20:20.0500 1228 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys 20:20:20.0515 1228 BrFiltUp - ok 20:20:20.0515 1228 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll 20:20:20.0531 1228 Browser - ok 20:20:20.0531 1228 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys 20:20:20.0547 1228 Brserid - ok 20:20:20.0547 1228 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 20:20:20.0547 1228 BrSerWdm - ok 20:20:20.0562 1228 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 20:20:20.0562 1228 BrUsbMdm - ok 20:20:20.0562 1228 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 20:20:20.0578 1228 BrUsbSer - ok 20:20:20.0578 1228 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys 20:20:20.0593 1228 BTHMODEM - ok 20:20:20.0593 1228 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll 20:20:20.0609 1228 bthserv - ok 20:20:20.0625 1228 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 20:20:20.0640 1228 cdfs - ok 20:20:20.0640 1228 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys 20:20:20.0656 1228 cdrom - ok 20:20:20.0656 1228 [ CDCAD33F35DA17DB93BC844B02D9EDDF ] CEEBC40A-FDED-4C59-B354-939132350B01 C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe 20:20:20.0656 1228 CEEBC40A-FDED-4C59-B354-939132350B01 - ok 20:20:20.0671 1228 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll 20:20:20.0687 1228 CertPropSvc - ok 20:20:20.0687 1228 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys 20:20:20.0703 1228 circlass - ok 20:20:20.0718 1228 [ 8FEE4423D682394EB436C975D0A3A994 ] cjpcsc C:\windows\SysWOW64\cjpcsc.exe 20:20:20.0734 1228 cjpcsc - ok 20:20:20.0734 1228 [ 06E1F5228399FC49A8D026DA38DB6784 ] cjusb C:\windows\system32\DRIVERS\cjusb.sys 20:20:20.0749 1228 cjusb - ok 20:20:20.0749 1228 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys 20:20:20.0765 1228 CLFS - ok 20:20:20.0765 1228 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:20:20.0765 1228 clr_optimization_v2.0.50727_32 - ok 20:20:20.0781 1228 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:20:20.0781 1228 clr_optimization_v2.0.50727_64 - ok 20:20:20.0796 1228 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:20:20.0796 1228 clr_optimization_v4.0.30319_32 - ok 20:20:20.0796 1228 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:20:20.0812 1228 clr_optimization_v4.0.30319_64 - ok 20:20:20.0812 1228 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys 20:20:20.0812 1228 CmBatt - ok 20:20:20.0827 1228 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys 20:20:20.0827 1228 cmdide - ok 20:20:20.0827 1228 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys 20:20:20.0843 1228 CNG - ok 20:20:20.0859 1228 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys 20:20:20.0859 1228 Compbatt - ok 20:20:20.0859 1228 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys 20:20:20.0874 1228 CompositeBus - ok 20:20:20.0874 1228 COMSysApp - ok 20:20:20.0874 1228 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys 20:20:20.0890 1228 crcdisk - ok 20:20:20.0890 1228 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll 20:20:20.0890 1228 CryptSvc - ok 20:20:20.0905 1228 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll 20:20:20.0937 1228 DcomLaunch - ok 20:20:20.0937 1228 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll 20:20:20.0968 1228 defragsvc - ok 20:20:20.0968 1228 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys 20:20:20.0983 1228 DfsC - ok 20:20:20.0983 1228 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys 20:20:20.0999 1228 dg_ssudbus - ok 20:20:20.0999 1228 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll 20:20:21.0015 1228 Dhcp - ok 20:20:21.0015 1228 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys 20:20:21.0030 1228 discache - ok 20:20:21.0046 1228 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys 20:20:21.0046 1228 Disk - ok 20:20:21.0046 1228 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll 20:20:21.0061 1228 Dnscache - ok 20:20:21.0061 1228 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll 20:20:21.0093 1228 dot3svc - ok 20:20:21.0093 1228 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll 20:20:21.0108 1228 DPS - ok 20:20:21.0124 1228 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 20:20:21.0124 1228 drmkaud - ok 20:20:21.0139 1228 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 20:20:21.0155 1228 DXGKrnl - ok 20:20:21.0155 1228 [ 6BAFD9819D9FEC2EDBAEBC8493C711A4 ] e1cexpress C:\windows\system32\DRIVERS\e1c62x64.sys 20:20:21.0171 1228 e1cexpress - ok 20:20:21.0171 1228 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll 20:20:21.0186 1228 EapHost - ok 20:20:21.0217 1228 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys 20:20:21.0264 1228 ebdrv - ok 20:20:21.0264 1228 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe 20:20:21.0264 1228 EFS - ok 20:20:21.0280 1228 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe 20:20:21.0295 1228 ehRecvr - ok 20:20:21.0295 1228 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe 20:20:21.0311 1228 ehSched - ok 20:20:21.0311 1228 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys 20:20:21.0327 1228 elxstor - ok 20:20:21.0327 1228 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys 20:20:21.0342 1228 ErrDev - ok 20:20:21.0342 1228 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll 20:20:21.0373 1228 EventSystem - ok 20:20:21.0373 1228 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys 20:20:21.0405 1228 exfat - ok 20:20:21.0405 1228 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys 20:20:21.0436 1228 fastfat - ok 20:20:21.0436 1228 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe 20:20:21.0451 1228 Fax - ok 20:20:21.0451 1228 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys 20:20:21.0467 1228 fdc - ok 20:20:21.0467 1228 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll 20:20:21.0483 1228 fdPHost - ok 20:20:21.0483 1228 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll 20:20:21.0514 1228 FDResPub - ok 20:20:21.0514 1228 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 20:20:21.0514 1228 FileInfo - ok 20:20:21.0529 1228 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys 20:20:21.0545 1228 Filetrace - ok 20:20:21.0545 1228 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys 20:20:21.0561 1228 flpydisk - ok 20:20:21.0561 1228 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 20:20:21.0576 1228 FltMgr - ok 20:20:21.0576 1228 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll 20:20:21.0607 1228 FontCache - ok 20:20:21.0607 1228 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:20:21.0607 1228 FontCache3.0.0.0 - ok 20:20:21.0607 1228 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys 20:20:21.0623 1228 FsDepends - ok 20:20:21.0623 1228 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 20:20:21.0623 1228 Fs_Rec - ok 20:20:21.0639 1228 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 20:20:21.0639 1228 fvevol - ok 20:20:21.0654 1228 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys 20:20:21.0654 1228 gagp30kx - ok 20:20:21.0654 1228 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys 20:20:21.0654 1228 GEARAspiWDM - ok 20:20:21.0670 1228 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll 20:20:21.0701 1228 gpsvc - ok 20:20:21.0701 1228 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:20:21.0717 1228 gupdate - ok 20:20:21.0717 1228 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 20:20:21.0717 1228 gupdatem - ok 20:20:21.0717 1228 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 20:20:21.0732 1228 hcw85cir - ok 20:20:21.0732 1228 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 20:20:21.0748 1228 HdAudAddService - ok 20:20:21.0748 1228 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys 20:20:21.0763 1228 HDAudBus - ok 20:20:21.0763 1228 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys 20:20:21.0779 1228 HidBatt - ok 20:20:21.0779 1228 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys 20:20:21.0779 1228 HidBth - ok 20:20:21.0795 1228 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys 20:20:21.0795 1228 HidIr - ok 20:20:21.0795 1228 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll 20:20:21.0826 1228 hidserv - ok 20:20:21.0826 1228 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 20:20:21.0841 1228 HidUsb - ok 20:20:21.0841 1228 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll 20:20:21.0857 1228 hkmsvc - ok 20:20:21.0857 1228 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll 20:20:21.0873 1228 HomeGroupListener - ok 20:20:21.0873 1228 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll 20:20:21.0888 1228 HomeGroupProvider - ok 20:20:21.0888 1228 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 20:20:21.0904 1228 HpSAMD - ok 20:20:21.0904 1228 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys 20:20:21.0935 1228 HTTP - ok 20:20:21.0935 1228 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 20:20:21.0951 1228 hwpolicy - ok 20:20:21.0951 1228 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 20:20:21.0951 1228 i8042prt - ok 20:20:21.0966 1228 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 20:20:21.0966 1228 iaStor - ok 20:20:21.0982 1228 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 20:20:21.0982 1228 IAStorDataMgrSvc - ok 20:20:21.0982 1228 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys 20:20:21.0997 1228 iaStorV - ok 20:20:22.0013 1228 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:20:22.0029 1228 idsvc - ok 20:20:22.0029 1228 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys 20:20:22.0029 1228 iirsp - ok 20:20:22.0044 1228 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll 20:20:22.0075 1228 IKEEXT - ok 20:20:22.0091 1228 [ F5872A11EB4F6DB170D636CD4E53CA9F ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys 20:20:22.0122 1228 IntcAzAudAddService - ok 20:20:22.0122 1228 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys 20:20:22.0138 1228 intelide - ok 20:20:22.0138 1228 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 20:20:22.0138 1228 intelppm - ok 20:20:22.0138 1228 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll 20:20:22.0169 1228 IPBusEnum - ok 20:20:22.0169 1228 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 20:20:22.0185 1228 IpFilterDriver - ok 20:20:22.0200 1228 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll 20:20:22.0216 1228 iphlpsvc - ok 20:20:22.0216 1228 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 20:20:22.0231 1228 IPMIDRV - ok 20:20:22.0231 1228 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys 20:20:22.0247 1228 IPNAT - ok 20:20:22.0263 1228 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 20:20:22.0263 1228 iPod Service - ok 20:20:22.0278 1228 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys 20:20:22.0278 1228 IRENUM - ok 20:20:22.0278 1228 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys 20:20:22.0294 1228 isapnp - ok 20:20:22.0294 1228 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 20:20:22.0309 1228 iScsiPrt - ok 20:20:22.0309 1228 [ 1DED0D0AA513E2A5862B20A520D3A1E1 ] JME Keyboard C:\Windows\jmesoft\Service.exe 20:20:22.0309 1228 JME Keyboard ( UnsignedFile.Multi.Generic ) - warning 20:20:22.0309 1228 JME Keyboard - detected UnsignedFile.Multi.Generic (1) 20:20:22.0309 1228 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 20:20:22.0325 1228 kbdclass - ok 20:20:22.0325 1228 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys 20:20:22.0325 1228 kbdhid - ok 20:20:22.0341 1228 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe 20:20:22.0341 1228 KeyIso - ok 20:20:22.0341 1228 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\windows\system32\DRIVERS\kl1.sys 20:20:22.0356 1228 kl1 - ok 20:20:22.0372 1228 [ 65F3B81FA285EAB641F5E6EF7AEB984D ] KLIF C:\windows\system32\DRIVERS\klif.sys 20:20:22.0372 1228 KLIF - ok 20:20:22.0387 1228 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\windows\system32\DRIVERS\klim6.sys 20:20:22.0387 1228 KLIM6 - ok 20:20:22.0387 1228 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\windows\system32\DRIVERS\klkbdflt.sys 20:20:22.0403 1228 klkbdflt - ok 20:20:22.0403 1228 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\windows\system32\DRIVERS\klmouflt.sys 20:20:22.0419 1228 klmouflt - ok 20:20:22.0419 1228 [ A8081ED8D48FA611D11DB97F49A5343D ] kltdi C:\windows\system32\DRIVERS\kltdi.sys 20:20:22.0419 1228 kltdi - ok 20:20:22.0434 1228 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\windows\system32\DRIVERS\kneps.sys 20:20:22.0434 1228 kneps - ok 20:20:22.0434 1228 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 20:20:22.0450 1228 KSecDD - ok 20:20:22.0450 1228 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 20:20:22.0450 1228 KSecPkg - ok 20:20:22.0465 1228 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys 20:20:22.0481 1228 ksthunk - ok 20:20:22.0481 1228 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll 20:20:22.0512 1228 KtmRm - ok 20:20:22.0512 1228 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll 20:20:22.0543 1228 LanmanServer - ok 20:20:22.0543 1228 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll 20:20:22.0559 1228 LanmanWorkstation - ok 20:20:22.0575 1228 [ 57EAD1CA5C1FFC88905FD96B119BB286 ] LenovoCOMSvc C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe 20:20:22.0575 1228 LenovoCOMSvc ( UnsignedFile.Multi.Generic ) - warning 20:20:22.0575 1228 LenovoCOMSvc - detected UnsignedFile.Multi.Generic (1) 20:20:22.0575 1228 [ E5BEC70311434BA4BD87CD64F2B24356 ] LitModeCtrl C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe 20:20:22.0575 1228 LitModeCtrl ( UnsignedFile.Multi.Generic ) - warning 20:20:22.0575 1228 LitModeCtrl - detected UnsignedFile.Multi.Generic (1) 20:20:22.0575 1228 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 20:20:22.0606 1228 lltdio - ok 20:20:22.0606 1228 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll 20:20:22.0637 1228 lltdsvc - ok 20:20:22.0637 1228 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll 20:20:22.0653 1228 lmhosts - ok 20:20:22.0668 1228 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys 20:20:22.0668 1228 LSI_FC - ok 20:20:22.0668 1228 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys 20:20:22.0684 1228 LSI_SAS - ok 20:20:22.0684 1228 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys 20:20:22.0684 1228 LSI_SAS2 - ok 20:20:22.0699 1228 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys 20:20:22.0699 1228 LSI_SCSI - ok 20:20:22.0699 1228 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys 20:20:22.0731 1228 luafv - ok 20:20:22.0731 1228 [ 4A503882318BB2F59218D401614E6AF6 ] lvpepf64 C:\windows\system32\DRIVERS\lv302a64.sys 20:20:22.0731 1228 lvpepf64 - ok 20:20:22.0731 1228 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\windows\system32\DRIVERS\LVPr2M64.sys 20:20:22.0746 1228 LVPr2M64 - ok 20:20:22.0746 1228 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\windows\system32\DRIVERS\LVPr2M64.sys 20:20:22.0746 1228 LVPr2Mon - ok 20:20:22.0746 1228 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 20:20:22.0762 1228 LVPrcS64 - ok 20:20:22.0762 1228 [ 125AE13C293889001B8456CF3EB04A40 ] LVRS64 C:\windows\system32\DRIVERS\lvrs64.sys 20:20:22.0777 1228 LVRS64 - ok 20:20:22.0777 1228 [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64 C:\windows\system32\drivers\LVUSBS64.sys 20:20:22.0777 1228 LVUSBS64 - ok 20:20:22.0777 1228 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 20:20:22.0793 1228 Mcx2Svc - ok 20:20:22.0793 1228 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys 20:20:22.0793 1228 megasas - ok 20:20:22.0809 1228 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys 20:20:22.0809 1228 MegaSR - ok 20:20:22.0824 1228 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys 20:20:22.0824 1228 MEIx64 - ok 20:20:22.0824 1228 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll 20:20:22.0855 1228 MMCSS - ok 20:20:22.0855 1228 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys 20:20:22.0871 1228 Modem - ok 20:20:22.0871 1228 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys 20:20:22.0887 1228 monitor - ok 20:20:22.0887 1228 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 20:20:22.0887 1228 mouclass - ok 20:20:22.0902 1228 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 20:20:22.0902 1228 mouhid - ok 20:20:22.0902 1228 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys 20:20:22.0918 1228 mountmgr - ok 20:20:22.0918 1228 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys 20:20:22.0933 1228 mpio - ok 20:20:22.0933 1228 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 20:20:22.0949 1228 mpsdrv - ok 20:20:22.0965 1228 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll 20:20:22.0996 1228 MpsSvc - ok 20:20:22.0996 1228 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 20:20:23.0011 1228 MRxDAV - ok 20:20:23.0011 1228 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 20:20:23.0011 1228 mrxsmb - ok 20:20:23.0027 1228 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 20:20:23.0027 1228 mrxsmb10 - ok 20:20:23.0043 1228 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 20:20:23.0043 1228 mrxsmb20 - ok 20:20:23.0043 1228 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys 20:20:23.0058 1228 msahci - ok 20:20:23.0058 1228 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys 20:20:23.0058 1228 msdsm - ok 20:20:23.0074 1228 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe 20:20:23.0074 1228 MSDTC - ok 20:20:23.0074 1228 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys 20:20:23.0105 1228 Msfs - ok 20:20:23.0105 1228 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 20:20:23.0121 1228 mshidkmdf - ok 20:20:23.0121 1228 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys 20:20:23.0136 1228 msisadrv - ok 20:20:23.0136 1228 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll 20:20:23.0167 1228 MSiSCSI - ok 20:20:23.0167 1228 msiserver - ok 20:20:23.0167 1228 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 20:20:23.0183 1228 MSKSSRV - ok 20:20:23.0183 1228 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 20:20:23.0214 1228 MSPCLOCK - ok 20:20:23.0214 1228 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 20:20:23.0230 1228 MSPQM - ok 20:20:23.0245 1228 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys 20:20:23.0245 1228 MsRPC - ok 20:20:23.0261 1228 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys 20:20:23.0261 1228 mssmbios - ok 20:20:23.0261 1228 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 20:20:23.0292 1228 MSTEE - ok 20:20:23.0292 1228 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys 20:20:23.0292 1228 MTConfig - ok 20:20:23.0308 1228 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys 20:20:23.0308 1228 Mup - ok 20:20:23.0308 1228 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll 20:20:23.0339 1228 napagent - ok 20:20:23.0339 1228 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 20:20:23.0355 1228 NativeWifiP - ok 20:20:23.0370 1228 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys 20:20:23.0386 1228 NDIS - ok 20:20:23.0386 1228 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 20:20:23.0401 1228 NdisCap - ok 20:20:23.0417 1228 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 20:20:23.0433 1228 NdisTapi - ok 20:20:23.0433 1228 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 20:20:23.0448 1228 Ndisuio - ok 20:20:23.0464 1228 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 20:20:23.0479 1228 NdisWan - ok 20:20:23.0479 1228 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 20:20:23.0511 1228 NDProxy - ok 20:20:23.0511 1228 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 20:20:23.0526 1228 NetBIOS - ok 20:20:23.0542 1228 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 20:20:23.0557 1228 NetBT - ok 20:20:23.0557 1228 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe 20:20:23.0573 1228 Netlogon - ok 20:20:23.0573 1228 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll 20:20:23.0604 1228 Netman - ok 20:20:23.0604 1228 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll 20:20:23.0635 1228 netprofm - ok 20:20:23.0635 1228 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:20:23.0651 1228 NetTcpPortSharing - ok 20:20:23.0651 1228 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys 20:20:23.0651 1228 nfrd960 - ok 20:20:23.0651 1228 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll 20:20:23.0667 1228 NlaSvc - ok 20:20:23.0667 1228 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys 20:20:23.0698 1228 Npfs - ok 20:20:23.0698 1228 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll 20:20:23.0713 1228 nsi - ok 20:20:23.0713 1228 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 20:20:23.0745 1228 nsiproxy - ok 20:20:23.0760 1228 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys 20:20:23.0791 1228 Ntfs - ok 20:20:23.0791 1228 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys 20:20:23.0807 1228 Null - ok 20:20:23.0807 1228 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys 20:20:23.0823 1228 nusb3hub - ok 20:20:23.0823 1228 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys 20:20:23.0838 1228 nusb3xhc - ok 20:20:23.0838 1228 [ 10204955027011E08A9DC27737A48A54 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys 20:20:23.0838 1228 NVHDA - ok 20:20:23.0947 1228 [ 02E6E2A36BD753C36E9AAF79C3AADB51 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys 20:20:24.0072 1228 nvlddmkm - ok 20:20:24.0072 1228 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys 20:20:24.0072 1228 nvraid - ok 20:20:24.0088 1228 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys 20:20:24.0088 1228 nvstor - ok 20:20:24.0103 1228 [ 06BBEF008EBBDD160BAE9791D0E8C558 ] NVSvc C:\windows\system32\nvvsvc.exe 20:20:24.0119 1228 NVSvc - ok 20:20:24.0135 1228 [ 7E22DE30E222BFDFCEC7E77032BAF3CD ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 20:20:24.0181 1228 nvUpdatusService - ok 20:20:24.0181 1228 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys 20:20:24.0181 1228 nv_agp - ok 20:20:24.0197 1228 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 20:20:24.0197 1228 ohci1394 - ok 20:20:24.0197 1228 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:20:24.0213 1228 ose - ok 20:20:24.0244 1228 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:20:24.0322 1228 osppsvc - ok 20:20:24.0322 1228 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll 20:20:24.0337 1228 p2pimsvc - ok 20:20:24.0337 1228 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll 20:20:24.0353 1228 p2psvc - ok 20:20:24.0353 1228 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys 20:20:24.0369 1228 Parport - ok 20:20:24.0369 1228 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys 20:20:24.0369 1228 partmgr - ok 20:20:24.0384 1228 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll 20:20:24.0384 1228 PcaSvc - ok 20:20:24.0400 1228 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys 20:20:24.0400 1228 pci - ok 20:20:24.0400 1228 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys 20:20:24.0415 1228 pciide - ok 20:20:24.0415 1228 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys 20:20:24.0431 1228 pcmcia - ok 20:20:24.0431 1228 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys 20:20:24.0431 1228 pcw - ok 20:20:24.0447 1228 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys 20:20:24.0478 1228 PEAUTH - ok 20:20:24.0493 1228 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe 20:20:24.0509 1228 PerfHost - ok 20:20:24.0525 1228 [ AE0B94363DA0F60D42B9D05B352F61ED ] PID_PEPI C:\windows\system32\DRIVERS\LV302V64.SYS 20:20:24.0556 1228 PID_PEPI - ok 20:20:24.0571 1228 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll 20:20:24.0603 1228 pla - ok 20:20:24.0618 1228 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll 20:20:24.0634 1228 PlugPlay - ok 20:20:24.0634 1228 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 20:20:24.0634 1228 PNRPAutoReg - ok 20:20:24.0649 1228 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll 20:20:24.0649 1228 PNRPsvc - ok 20:20:24.0665 1228 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll 20:20:24.0681 1228 PolicyAgent - ok 20:20:24.0696 1228 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll 20:20:24.0712 1228 Power - ok 20:20:24.0712 1228 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 20:20:24.0743 1228 PptpMiniport - ok 20:20:24.0743 1228 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys 20:20:24.0743 1228 Processor - ok 20:20:24.0759 1228 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll 20:20:24.0759 1228 ProfSvc - ok 20:20:24.0759 1228 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe 20:20:24.0774 1228 ProtectedStorage - ok 20:20:24.0774 1228 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys 20:20:24.0805 1228 Psched - ok 20:20:24.0805 1228 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys 20:20:24.0805 1228 PxHlpa64 - ok 20:20:24.0821 1228 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys 20:20:24.0852 1228 ql2300 - ok 20:20:24.0852 1228 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys 20:20:24.0852 1228 ql40xx - ok 20:20:24.0868 1228 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll 20:20:24.0883 1228 QWAVE - ok 20:20:24.0883 1228 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 20:20:24.0883 1228 QWAVEdrv - ok 20:20:24.0899 1228 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 20:20:24.0915 1228 RasAcd - ok 20:20:24.0915 1228 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 20:20:24.0930 1228 RasAgileVpn - ok 20:20:24.0946 1228 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll 20:20:24.0961 1228 RasAuto - ok 20:20:24.0961 1228 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 20:20:24.0993 1228 Rasl2tp - ok 20:20:24.0993 1228 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll 20:20:25.0024 1228 RasMan - ok 20:20:25.0024 1228 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 20:20:25.0039 1228 RasPppoe - ok 20:20:25.0039 1228 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 20:20:25.0071 1228 RasSstp - ok 20:20:25.0071 1228 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 20:20:25.0102 1228 rdbss - ok 20:20:25.0102 1228 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys 20:20:25.0102 1228 rdpbus - ok 20:20:25.0117 1228 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 20:20:25.0133 1228 RDPCDD - ok 20:20:25.0133 1228 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 20:20:25.0164 1228 RDPENCDD - ok 20:20:25.0164 1228 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 20:20:25.0180 1228 RDPREFMP - ok 20:20:25.0180 1228 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys 20:20:25.0195 1228 RdpVideoMiniport - ok 20:20:25.0195 1228 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys 20:20:25.0211 1228 RDPWD - ok 20:20:25.0211 1228 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 20:20:25.0211 1228 rdyboost - ok 20:20:25.0227 1228 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll 20:20:25.0242 1228 RemoteAccess - ok 20:20:25.0242 1228 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll 20:20:25.0273 1228 RemoteRegistry - ok 20:20:25.0273 1228 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 20:20:25.0305 1228 RpcEptMapper - ok 20:20:25.0305 1228 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe 20:20:25.0305 1228 RpcLocator - ok 20:20:25.0320 1228 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll 20:20:25.0336 1228 RpcSs - ok 20:20:25.0336 1228 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 20:20:25.0367 1228 rspndr - ok 20:20:25.0367 1228 [ 9BEB5F18A418FF70659CE2E356829568 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys 20:20:25.0383 1228 RSUSBSTOR - ok 20:20:25.0383 1228 [ 09A8BA290DB61D2D5C419A06A2E54D20 ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys 20:20:25.0398 1228 RTL8192Ce - ok 20:20:25.0414 1228 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe 20:20:25.0414 1228 SamSs - ok 20:20:25.0414 1228 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys 20:20:25.0429 1228 sbp2port - ok 20:20:25.0429 1228 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll 20:20:25.0445 1228 SCardSvr - ok 20:20:25.0461 1228 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 20:20:25.0476 1228 scfilter - ok 20:20:25.0492 1228 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll 20:20:25.0523 1228 Schedule - ok 20:20:25.0523 1228 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll 20:20:25.0539 1228 SCPolicySvc - ok 20:20:25.0554 1228 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll 20:20:25.0554 1228 SDRSVC - ok 20:20:25.0554 1228 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys 20:20:25.0585 1228 secdrv - ok 20:20:25.0585 1228 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll 20:20:25.0601 1228 seclogon - ok 20:20:25.0617 1228 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll 20:20:25.0632 1228 SENS - ok 20:20:25.0632 1228 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll 20:20:25.0648 1228 SensrSvc - ok 20:20:25.0648 1228 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys 20:20:25.0648 1228 Serenum - ok 20:20:25.0663 1228 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys 20:20:25.0663 1228 Serial - ok 20:20:25.0663 1228 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys 20:20:25.0679 1228 sermouse - ok 20:20:25.0679 1228 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll 20:20:25.0710 1228 SessionEnv - ok 20:20:25.0710 1228 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys 20:20:25.0710 1228 sffdisk - ok 20:20:25.0726 1228 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 20:20:25.0726 1228 sffp_mmc - ok 20:20:25.0726 1228 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 20:20:25.0741 1228 sffp_sd - ok 20:20:25.0741 1228 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys 20:20:25.0757 1228 sfloppy - ok 20:20:25.0757 1228 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll 20:20:25.0788 1228 SharedAccess - ok 20:20:25.0788 1228 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll 20:20:25.0804 1228 ShellHWDetection - ok 20:20:25.0819 1228 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys 20:20:25.0819 1228 SiSRaid2 - ok 20:20:25.0819 1228 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys 20:20:25.0835 1228 SiSRaid4 - ok 20:20:25.0835 1228 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys 20:20:25.0851 1228 Smb - ok 20:20:25.0866 1228 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe 20:20:25.0866 1228 SNMPTRAP - ok 20:20:25.0866 1228 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys 20:20:25.0882 1228 spldr - ok 20:20:25.0882 1228 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe 20:20:25.0897 1228 Spooler - ok 20:20:25.0929 1228 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe 20:20:25.0991 1228 sppsvc - ok 20:20:25.0991 1228 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll 20:20:26.0007 1228 sppuinotify - ok 20:20:26.0007 1228 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys 20:20:26.0022 1228 srv - ok 20:20:26.0038 1228 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys 20:20:26.0038 1228 srv2 - ok 20:20:26.0053 1228 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 20:20:26.0053 1228 srvnet - ok 20:20:26.0069 1228 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 20:20:26.0085 1228 SSDPSRV - ok 20:20:26.0085 1228 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll 20:20:26.0116 1228 SstpSvc - ok 20:20:26.0116 1228 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys 20:20:26.0116 1228 ssudmdm - ok 20:20:26.0209 1228 [ E4AEA6FC64A979375149B86882CA2100 ] StarMoney 8.0 OnlineUpdate D:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe 20:20:26.0209 1228 StarMoney 8.0 OnlineUpdate - ok 20:20:26.0225 1228 Steam Client Service - ok 20:20:26.0225 1228 [ 9E1222C417291BC836210743624A8E5E ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 20:20:26.0241 1228 Stereo Service - ok 20:20:26.0241 1228 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys 20:20:26.0241 1228 stexstor - ok 20:20:26.0256 1228 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll 20:20:26.0272 1228 stisvc - ok 20:20:26.0272 1228 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys 20:20:26.0272 1228 swenum - ok 20:20:26.0287 1228 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll 20:20:26.0319 1228 swprv - ok 20:20:26.0319 1228 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll 20:20:26.0350 1228 SysMain - ok 20:20:26.0365 1228 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll 20:20:26.0365 1228 TabletInputService - ok 20:20:26.0428 1228 [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe 20:20:26.0506 1228 TabletServicePen - ok 20:20:26.0521 1228 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll 20:20:26.0537 1228 TapiSrv - ok 20:20:26.0537 1228 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll 20:20:26.0568 1228 TBS - ok 20:20:26.0584 1228 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys 20:20:26.0615 1228 Tcpip - ok 20:20:26.0631 1228 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 20:20:26.0662 1228 TCPIP6 - ok 20:20:26.0662 1228 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 20:20:26.0662 1228 tcpipreg - ok 20:20:26.0677 1228 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 20:20:26.0677 1228 TDPIPE - ok 20:20:26.0677 1228 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 20:20:26.0693 1228 TDTCP - ok 20:20:26.0693 1228 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys 20:20:26.0709 1228 tdx - ok 20:20:26.0740 1228 [ 05582967E81703010239C2458211A2B7 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 20:20:26.0771 1228 TeamViewer7 - ok 20:20:26.0771 1228 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys 20:20:26.0771 1228 TermDD - ok 20:20:26.0787 1228 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll 20:20:26.0818 1228 TermService - ok 20:20:26.0818 1228 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll 20:20:26.0833 1228 Themes - ok 20:20:26.0833 1228 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll 20:20:26.0849 1228 THREADORDER - ok 20:20:26.0865 1228 [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe 20:20:26.0865 1228 TouchServicePen - ok 20:20:26.0865 1228 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll 20:20:26.0896 1228 TrkWks - ok 20:20:26.0896 1228 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 20:20:26.0927 1228 TrustedInstaller - ok 20:20:26.0927 1228 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 20:20:26.0943 1228 tssecsrv - ok 20:20:26.0943 1228 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 20:20:26.0958 1228 TsUsbFlt - ok 20:20:26.0958 1228 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys 20:20:26.0974 1228 TsUsbGD - ok 20:20:26.0974 1228 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 20:20:26.0989 1228 tunnel - ok 20:20:26.0989 1228 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys 20:20:27.0005 1228 uagp35 - ok 20:20:27.0005 1228 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys 20:20:27.0036 1228 udfs - ok 20:20:27.0036 1228 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe 20:20:27.0036 1228 UI0Detect - ok 20:20:27.0052 1228 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 20:20:27.0052 1228 uliagpkx - ok 20:20:27.0052 1228 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys 20:20:27.0067 1228 umbus - ok 20:20:27.0067 1228 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys 20:20:27.0067 1228 UmPass - ok 20:20:27.0083 1228 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll 20:20:27.0099 1228 upnphost - ok 20:20:27.0099 1228 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys 20:20:27.0114 1228 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning 20:20:27.0114 1228 USBAAPL64 - detected UnsignedFile.Multi.Generic (1) 20:20:27.0114 1228 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys 20:20:27.0130 1228 usbaudio - ok 20:20:27.0130 1228 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 20:20:27.0130 1228 usbccgp - ok 20:20:27.0130 1228 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys 20:20:27.0145 1228 usbcir - ok 20:20:27.0145 1228 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys 20:20:27.0161 1228 usbehci - ok 20:20:27.0161 1228 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 20:20:27.0177 1228 usbhub - ok 20:20:27.0177 1228 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys 20:20:27.0192 1228 usbohci - ok 20:20:27.0192 1228 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 20:20:27.0192 1228 usbprint - ok 20:20:27.0192 1228 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys 20:20:27.0208 1228 usbscan - ok 20:20:27.0208 1228 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 20:20:27.0223 1228 USBSTOR - ok 20:20:27.0223 1228 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys 20:20:27.0223 1228 usbuhci - ok 20:20:27.0239 1228 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll 20:20:27.0255 1228 UxSms - ok 20:20:27.0255 1228 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe 20:20:27.0270 1228 VaultSvc - ok 20:20:27.0270 1228 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 20:20:27.0270 1228 vdrvroot - ok 20:20:27.0286 1228 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe 20:20:27.0301 1228 vds - ok 20:20:27.0317 1228 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys 20:20:27.0317 1228 vga - ok 20:20:27.0317 1228 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys 20:20:27.0348 1228 VgaSave - ok 20:20:27.0348 1228 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys 20:20:27.0364 1228 vhdmp - ok 20:20:27.0364 1228 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys 20:20:27.0364 1228 viaide - ok 20:20:27.0364 1228 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys 20:20:27.0379 1228 volmgr - ok 20:20:27.0379 1228 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys 20:20:27.0395 1228 volmgrx - ok 20:20:27.0395 1228 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys 20:20:27.0411 1228 volsnap - ok 20:20:27.0411 1228 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys 20:20:27.0411 1228 vsmraid - ok 20:20:27.0426 1228 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe 20:20:27.0473 1228 VSS - ok 20:20:27.0473 1228 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 20:20:27.0489 1228 vwifibus - ok 20:20:27.0489 1228 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 20:20:27.0504 1228 vwififlt - ok 20:20:27.0504 1228 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll 20:20:27.0535 1228 W32Time - ok 20:20:27.0535 1228 [ FE75777289278A4941FE6139E82B3BD9 ] wacmoumonitor C:\windows\system32\DRIVERS\wacmoumonitor.sys 20:20:27.0535 1228 wacmoumonitor - ok 20:20:27.0535 1228 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\windows\system32\DRIVERS\wacommousefilter.sys 20:20:27.0551 1228 wacommousefilter - ok 20:20:27.0551 1228 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys 20:20:27.0551 1228 WacomPen - ok 20:20:27.0567 1228 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\windows\system32\DRIVERS\wacomvhid.sys 20:20:27.0567 1228 wacomvhid - ok 20:20:27.0567 1228 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 20:20:27.0582 1228 WANARP - ok 20:20:27.0598 1228 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 20:20:27.0613 1228 Wanarpv6 - ok 20:20:27.0629 1228 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe 20:20:27.0645 1228 WatAdminSvc - ok 20:20:27.0660 1228 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe 20:20:27.0691 1228 wbengine - ok 20:20:27.0691 1228 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 20:20:27.0707 1228 WbioSrvc - ok 20:20:27.0707 1228 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll 20:20:27.0723 1228 wcncsvc - ok 20:20:27.0723 1228 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 20:20:27.0738 1228 WcsPlugInService - ok 20:20:27.0738 1228 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys 20:20:27.0738 1228 Wd - ok 20:20:27.0754 1228 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 20:20:27.0769 1228 Wdf01000 - ok 20:20:27.0769 1228 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll 20:20:27.0801 1228 WdiServiceHost - ok 20:20:27.0801 1228 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll 20:20:27.0801 1228 WdiSystemHost - ok 20:20:27.0816 1228 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll 20:20:27.0832 1228 WebClient - ok 20:20:27.0832 1228 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll 20:20:27.0847 1228 Wecsvc - ok 20:20:27.0863 1228 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll 20:20:27.0879 1228 wercplsupport - ok 20:20:27.0879 1228 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll 20:20:27.0910 1228 WerSvc - ok 20:20:27.0910 1228 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 20:20:27.0925 1228 WfpLwf - ok 20:20:27.0925 1228 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys 20:20:27.0941 1228 WIMMount - ok 20:20:27.0941 1228 WinDefend - ok 20:20:27.0941 1228 WinHttpAutoProxySvc - ok 20:20:27.0957 1228 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 20:20:27.0972 1228 Winmgmt - ok 20:20:27.0988 1228 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll 20:20:28.0035 1228 WinRM - ok 20:20:28.0035 1228 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys 20:20:28.0050 1228 WinUsb - ok 20:20:28.0066 1228 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll 20:20:28.0081 1228 Wlansvc - ok 20:20:28.0081 1228 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 20:20:28.0081 1228 wlcrasvc - ok 20:20:28.0113 1228 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:20:28.0144 1228 wlidsvc - ok 20:20:28.0144 1228 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\windows\system32\drivers\WmBEnum.sys 20:20:28.0159 1228 WmBEnum - ok 20:20:28.0159 1228 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\windows\system32\drivers\WmFilter.sys 20:20:28.0159 1228 WmFilter - ok 20:20:28.0159 1228 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys 20:20:28.0175 1228 WmiAcpi - ok 20:20:28.0175 1228 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 20:20:28.0191 1228 wmiApSrv - ok 20:20:28.0191 1228 WMPNetworkSvc - ok 20:20:28.0191 1228 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\windows\system32\drivers\WmVirHid.sys 20:20:28.0191 1228 WmVirHid - ok 20:20:28.0191 1228 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\windows\system32\drivers\WmXlCore.sys 20:20:28.0206 1228 WmXlCore - ok 20:20:28.0206 1228 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll 20:20:28.0222 1228 WPCSvc - ok 20:20:28.0222 1228 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 20:20:28.0222 1228 WPDBusEnum - ok 20:20:28.0237 1228 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 20:20:28.0253 1228 ws2ifsl - ok 20:20:28.0253 1228 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll 20:20:28.0269 1228 wscsvc - ok 20:20:28.0269 1228 WSearch - ok 20:20:28.0269 1228 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys 20:20:28.0284 1228 wsvd - ok 20:20:28.0300 1228 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll 20:20:28.0347 1228 wuauserv - ok 20:20:28.0347 1228 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys 20:20:28.0347 1228 WudfPf - ok 20:20:28.0362 1228 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 20:20:28.0362 1228 WUDFRd - ok 20:20:28.0362 1228 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll 20:20:28.0378 1228 wudfsvc - ok 20:20:28.0378 1228 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll 20:20:28.0393 1228 WwanSvc - ok 20:20:28.0393 1228 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys 20:20:28.0409 1228 yukonw7 - ok 20:20:28.0409 1228 ================ Scan global =============================== 20:20:28.0425 1228 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll 20:20:28.0425 1228 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll 20:20:28.0425 1228 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll 20:20:28.0425 1228 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll 20:20:28.0440 1228 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe 20:20:28.0440 1228 [Global] - ok 20:20:28.0440 1228 ================ Scan MBR ================================== 20:20:28.0440 1228 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 20:20:28.0487 1228 \Device\Harddisk0\DR0 - ok 20:20:28.0518 1228 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 20:20:28.0659 1228 \Device\Harddisk1\DR1 - ok 20:20:28.0659 1228 ================ Scan VBR ================================== 20:20:28.0659 1228 [ CB8C6E5BCEE705F70E350C7D0C67E96A ] \Device\Harddisk0\DR0\Partition1 20:20:28.0659 1228 \Device\Harddisk0\DR0\Partition1 - ok 20:20:28.0659 1228 [ E423CF4B5095EE190EECA1E7743BD6B6 ] \Device\Harddisk0\DR0\Partition2 20:20:28.0659 1228 \Device\Harddisk0\DR0\Partition2 - ok 20:20:28.0659 1228 [ A846DFB7D0039BD93108BD915C96DA4F ] \Device\Harddisk1\DR1\Partition1 20:20:28.0659 1228 \Device\Harddisk1\DR1\Partition1 - ok 20:20:28.0659 1228 ============================================================ 20:20:28.0659 1228 Scan finished 20:20:28.0659 1228 ============================================================ 20:20:28.0659 3940 Detected object count: 4 20:20:28.0659 3940 Actual detected object count: 4 20:21:11.0746 3940 JME Keyboard ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:11.0746 3940 JME Keyboard ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:11.0746 3940 LenovoCOMSvc ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:11.0746 3940 LenovoCOMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:11.0746 3940 LitModeCtrl ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:11.0746 3940 LitModeCtrl ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:21:11.0746 3940 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user 20:21:11.0746 3940 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
18.01.2013, 12:20 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic Unauffällig adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
19.01.2013, 11:06 | #13 |
| Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic Guten Morgen, hier das Ergebnis vom adwcleaner. Code:
ATTFilter # AdwCleaner v2.106 - Datei am 19/01/2013 um 11:04:51 erstellt # Aktualisiert am 17/01/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Carsten - CARSTEN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Carsten\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gefunden : C:\Program Files (x86)\Common Files\spigot Ordner Gefunden : C:\ProgramData\boost_interprocess Ordner Gefunden : C:\ProgramData\InstallMate Ordner Gefunden : C:\ProgramData\Partner Ordner Gefunden : C:\Users\Carsten\AppData\LocalLow\pdfforge Ordner Gefunden : C:\Users\Carsten\AppData\LocalLow\Search Settings Ordner Gefunden : C:\Users\Carsten\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\pdfforge Schlüssel Gefunden : HKCU\Software\Search Settings Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gefunden : HKLM\Software\pdfforge Schlüssel Gefunden : HKLM\Software\Search Settings Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}] Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v24.0.1312.52 Datei : C:\Users\Carsten\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [2271 octets] - [19/01/2013 11:04:51] ########## EOF - C:\AdwCleaner[R1].txt - [2331 octets] ########## |
20.01.2013, 19:27 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
21.01.2013, 19:54 | #15 |
| Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic Hallo Cosinus, hat soweit wieder alles wunderbar geklappt! Vielen Dank für Deine Unterstützung und Gedult! Scheint ja was größere zu sein. adwCleaner Code:
ATTFilter # AdwCleaner v2.106 - Datei am 21/01/2013 um 19:39:49 erstellt # Aktualisiert am 17/01/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Carsten - CARSTEN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Carsten\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot Ordner Gelöscht : C:\ProgramData\boost_interprocess Ordner Gelöscht : C:\ProgramData\InstallMate Ordner Gelöscht : C:\ProgramData\Partner Ordner Gelöscht : C:\Users\Carsten\AppData\LocalLow\pdfforge Ordner Gelöscht : C:\Users\Carsten\AppData\LocalLow\Search Settings Ordner Gelöscht : C:\Users\Carsten\AppData\Roaming\pdfforge ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\pdfforge Schlüssel Gelöscht : HKCU\Software\Search Settings Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : HKLM\Software\pdfforge Schlüssel Gelöscht : HKLM\Software\Search Settings Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}] Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Google Chrome v24.0.1312.52 Datei : C:\Users\Carsten\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [2398 octets] - [19/01/2013 11:04:51] AdwCleaner[S1].txt - [2333 octets] - [21/01/2013 19:39:49] ########## EOF - C:\AdwCleaner[S1].txt - [2393 octets] ########## Code:
ATTFilter OTL Extras logfile created on: 21.01.2013 19:43:22 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carsten\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 79,00% Memory free 15,96 Gb Paging File | 14,21 Gb Available in Paging File | 89,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,43 Gb Total Space | 33,08 Gb Free Space | 44,45% Space Free | Partition Type: NTFS Drive D: | 1372,19 Gb Total Space | 1233,34 Gb Free Space | 89,88% Space Free | Partition Type: NTFS Computer Name: CARSTEN-PC | User Name: Carsten | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "D:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "D:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "D:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "D:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CCADD8B-1865-432A-8FD0-5CAC5D921607}" = lport=138 | protocol=17 | dir=in | app=system | "{402EE530-A7D5-4396-9D18-64DF41CF9C3E}" = rport=139 | protocol=6 | dir=out | app=system | "{457F91AF-D062-4E06-A580-AF8D53CCBD7F}" = lport=6004 | protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\outlook.exe | "{54A3E0F9-B8DD-4120-9EC6-B6A0A7355B3B}" = lport=139 | protocol=6 | dir=in | app=system | "{5E66D802-4C0C-4E74-9C02-BB88E983EBBD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{68E49D02-2D69-4211-968E-80A6FA5B9814}" = rport=138 | protocol=17 | dir=out | app=system | "{8F85CBDB-B967-4F02-ACA1-63340D8BEAF4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8FDF4870-531F-4671-A6A5-D6256BBA2219}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{910ED349-D3D4-46A2-A9B9-6CB7C81166B1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{91C13623-9A24-4E37-A716-05D5AAFC9E4A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{A64EFBC9-1ADC-4CB3-87B7-ADAE31E91808}" = rport=445 | protocol=6 | dir=out | app=system | "{CAFE1F97-3F71-4881-82E3-CD8EDED77886}" = lport=137 | protocol=17 | dir=in | app=system | "{CD8DB601-01E5-4012-9871-4F5A9D2C7378}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{DB2030C7-76C3-405E-860E-60F87DB3B131}" = lport=445 | protocol=6 | dir=in | app=system | "{E9D47490-1B8E-4840-87DA-C7A6D6827049}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{002AEE9D-69CA-4BCC-8A52-55C5E88C4AFE}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe | "{03BDE98A-362D-4A45-9F12-06DA3A0ADF0D}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe | "{0DC3EEF0-4C1C-431F-9621-92DF4B9F6346}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft office\office14\onenote.exe | "{1A8031D1-DF7E-4B02-8B57-1C0ED77900AE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{22D24D96-0887-41B8-8924-E7CAEAEF9744}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{25729726-420E-4E96-923E-1049A56B1EAD}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{345B5902-5AF0-4747-9995-B19DE40E1922}" = protocol=6 | dir=in | app=d:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | "{35915869-74BA-4EDE-93BB-4AE32024265D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{3DA90462-3382-49CA-B717-3FAA25EFC73C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | "{3F8269D6-E62D-4969-B875-D3D3E9A79441}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{41F68097-1288-4729-9490-2BFB249A16CE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{4380BD6D-9117-4BB2-A38A-C80CE9445978}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{43941908-A0ED-44CA-A306-1111AF93CD98}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{467760A2-56CB-49AB-A7DC-3F824376DBDA}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | "{4D4CBF75-A125-40F8-97EE-289DE844E223}" = protocol=17 | dir=in | app=d:\program files (x86)\microsoft games\microsoft flight\flight.exe | "{5230A394-C653-435D-B2AC-A8AB47D16C97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5656C3D1-6735-4EBC-92C6-A9B938285B71}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{56904617-D8F0-4AFB-8512-7A1241D5E114}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{56FC13EB-F21E-49A4-8FA2-97E7767C4A3D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{5893E576-5BFE-4CDB-B596-D243BF0948F6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{797B51EB-F7DC-42C4-A4BF-21C355A6E1E5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7C122A8B-EDC5-498A-8F93-6463195CA8E3}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe | "{810E9704-F45B-4CF9-8010-FF1D840328F7}" = protocol=17 | dir=in | app=d:\program files (x86)\starmoney 8.0\ouservice\starmoneyonlineupdate.exe | "{8303EC02-DDD4-4A1E-B918-DA6803C8F867}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B5809DD9-0CFC-49CC-AD16-54E74EB1B6CB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{C0ED8129-0A2E-4FD1-863E-E832250D0017}" = protocol=6 | dir=in | app=d:\program files (x86)\starmoney 8.0\app\starmoney.exe | "{CCEDBC4C-B448-40A9-BEF4-21B59982E534}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D2C2B438-B639-4A0D-BEF0-D6F5EA9064D1}" = protocol=17 | dir=in | app=d:\program files (x86)\starmoney 8.0\app\starmoney.exe | "{D7233268-3517-42CB-9034-C77147B145B1}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | "{DA93737C-CAA8-40EA-823F-0DBBBCBB580F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E79F0A61-D8FB-443F-BAD3-C0DCDDBE378E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{E95461E2-E4FC-49AB-948D-157F0D34F821}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F313CAC1-39A0-4800-A637-C8B14F487294}" = protocol=6 | dir=in | app=d:\program files (x86)\microsoft games\microsoft flight\flight.exe | "TCP Query User{3B8492F8-5745-405C-B962-F2879A5FDF46}D:\program files (x86)\password safe and repository 6\psr.exe" = protocol=6 | dir=in | app=d:\program files (x86)\password safe and repository 6\psr.exe | "UDP Query User{F5A5092D-522D-4FFA-8E5D-ED6AB43F41F2}D:\program files (x86)\password safe and repository 6\psr.exe" = protocol=17 | dir=in | app=d:\program files (x86)\password safe and repository 6\psr.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes "{10668AA3-490D-46C1-B606-A621451998EF}" = Password Safe and Repository 6 "{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10 "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit) "{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System "{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit) "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B76E8F60-D517-44B1-BFCD-B6C153A60F1B}" = revoSleep "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Pen Tablet Driver" = Bamboo "PROSet" = Intel(R) Network Connections Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012 "{102FDF49-C7E3-4798-83AB-2855194C02E1}" = Integrity Tool "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{32F9BACF-FCD3-4B6A-AD85-255A449B6FA5}" = Roxio BackOnTrack "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{398E4B12-9DF4-40E7-901C-494C6E99D2DC}" = StarMoney "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go "{45970CD1-D599-47D4-938F-3E9800D54ED1}" = Lenovo Treiber- und Anwendungsinstallation "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{62ED340C-678A-4841-8BD5-641410122538}" = AusweisApp "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E1C7A27-2E8E-423D-8BC1-539E939CD1D0}" = StarMoney 8.0 "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{816F9A97-9889-43DA-A394-7AA45DD68BA0}" = Power Dial "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E28602-B57A-4487-AA65-97BB5C97AD00}" = StarMoney "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{96B3C2A3-ADD6-4E63-89D3-1E3AC115D3FA}" = pdfforge Toolbar v6.0 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9D8BAA74-5B7D-11E2-8273-984BE15F174E}" = Evernote v. 4.6.1 "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B266E062-D6C5-485B-B426-51B152B041A6}" = Lenovo Tinian Fn PS/2 Keyboard Driver "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D3063097-EC84-4D21-84A4-9D852E974355}" = LVT "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer 2013 "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29CBF73-C211-4616-898A-379A2679F990}" = ThemeWallpaper "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Any Video Converter_is1" = Any Video Converter 3.3.3 "GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}" = Microsoft Flight "Google Calendar Sync" = Google Calendar Sync "Google Chrome" = Google Chrome "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Lenovo Power2Go "InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo Rescue System "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013 "Intel(R) Solid-State Drive Toolbox" = Intel(R) Solid-State Drive Toolbox "KeyFinder_is1" = Magical Jelly Bean KeyFinder "LiveReg" = LiveReg (Symantec Corporation) "LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation) "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "NAVIGON Fresh" = NAVIGON Fresh 3.4.1 "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.SingleImage" = Microsoft Office Home and Business 2010 "Steam App 43110" = Metro 2033 "Steam App 63950" = IL-2 Sturmovik: Cliffs of Dover "SystemRequirementsLab" = System Requirements Lab "TeamViewer 7" = TeamViewer 7 "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4289525601-3959073678-4133125474-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe "MyFreeCodec" = MyFreeCodec ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 04.08.2012 03:39:44 | Computer Name = Carsten-PC | Source = WinMgmt | ID = 10 Description = Error - 05.08.2012 04:24:38 | Computer Name = Carsten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Power Dial\MFC80.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 05.08.2012 04:24:38 | Computer Name = Carsten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Power Dial\MFC80.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 05.08.2012 04:24:41 | Computer Name = Carsten-PC | Source = WinMgmt | ID = 10 Description = Error - 07.08.2012 14:02:10 | Computer Name = Carsten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Power Dial\MFC80.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 07.08.2012 14:02:10 | Computer Name = Carsten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Power Dial\MFC80.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 07.08.2012 14:02:12 | Computer Name = Carsten-PC | Source = WinMgmt | ID = 10 Description = Error - 09.08.2012 03:34:43 | Computer Name = Carsten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Power Dial\MFC80.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 09.08.2012 03:34:43 | Computer Name = Carsten-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Power Dial\MFC80.DLL". Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 09.08.2012 03:34:46 | Computer Name = Carsten-PC | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 14.08.2012 14:30:07 | Computer Name = Carsten-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "LitModeCtrl" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 14.08.2012 14:30:07 | Computer Name = Carsten-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "LitModeCtrl" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 14.08.2012 15:05:43 | Computer Name = Carsten-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "LitModeCtrl" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 14.08.2012 15:43:52 | Computer Name = Carsten-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "LitModeCtrl" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 14.08.2012 15:44:03 | Computer Name = Carsten-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "LitModeCtrl" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 23.08.2012 09:36:37 | Computer Name = Carsten-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "LitModeCtrl" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 23.08.2012 09:36:37 | Computer Name = Carsten-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "LitModeCtrl" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 23.08.2012 14:06:06 | Computer Name = Carsten-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "LitModeCtrl" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 23.08.2012 14:39:42 | Computer Name = Carsten-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "LitModeCtrl" hat einen ungültigen aktuellen Status gemeldet: 32 Error - 23.08.2012 14:39:53 | Computer Name = Carsten-PC | Source = Service Control Manager | ID = 7016 Description = Der Dienst "LitModeCtrl" hat einen ungültigen aktuellen Status gemeldet: 32 < End of report > Code:
ATTFilter OTL logfile created on: 21.01.2013 19:43:22 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Carsten\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 79,00% Memory free 15,96 Gb Paging File | 14,21 Gb Available in Paging File | 89,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,43 Gb Total Space | 33,08 Gb Free Space | 44,45% Space Free | Partition Type: NTFS Drive D: | 1372,19 Gb Total Space | 1233,34 Gb Free Space | 89,88% Space Free | Partition Type: NTFS Computer Name: CARSTEN-PC | User Name: Carsten | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Carsten\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) PRC - D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) PRC - D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - D:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - D:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) PRC - C:\Windows\jmesoft\JME_LOAD.exe () PRC - C:\Windows\jmesoft\hotkey.exe (Lenovo) PRC - C:\Windows\jmesoft\Service.exe () PRC - D:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Programme\Lenovo\Power Dial\LitModeSwitch.exe (Lenovo) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\Lenovo\Power Dial\LitModeCtrl.exe (Lenovo) PRC - C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe () PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () PRC - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe () PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) PRC - C:\Programme\Lenovo\Power Dial\LenovoCOMSvc.exe (Lenovo) ========== Modules (No Company Name) ========== MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab2d590a7a1566fe78e3275a90a30ceb\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Evernote\Evernote\libxml2.dll () MOD - C:\Program Files (x86)\Evernote\Evernote\libtidy.dll () MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll () MOD - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe () MOD - C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe () MOD - C:\Programme\Lenovo\Power Dial\LitModeSwitchRes.dll () MOD - C:\Windows\jmesoft\VistaVolume.dll () ========== Services (SafeList) ========== SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (StarMoney 8.0 OnlineUpdate) -- D:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe () SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (LitModeCtrl) -- C:\Programme\Lenovo\Power Dial\LitModeCtrl.exe (Lenovo) SRV - (CEEBC40A-FDED-4C59-B354-939132350B01) -- C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (LVPrcS64) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LenovoCOMSvc) -- C:\Programme\Lenovo\Power Dial\LenovoCOMSvc.exe (Lenovo) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab) DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab) DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab) DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab) DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT) DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192Ce.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.) DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4289525601-3959073678-4133125474-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND IE - HKU\S-1-5-21-4289525601-3959073678-4133125474-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-4289525601-3959073678-4133125474-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4289525601-3959073678-4133125474-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\S-1-5-21-4289525601-3959073678-4133125474-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4289525601-3959073678-4133125474-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-4289525601-3959073678-4133125474-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND IE - HKU\S-1-5-21-4289525601-3959073678-4133125474-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data] IE - HKU\S-1-5-21-4289525601-3959073678-4133125474-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LEND&bmod=LEND IE - HKU\S-1-5-21-4289525601-3959073678-4133125474-1002\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4289525601-3959073678-4133125474-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.21 09:40:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.21 09:40:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.21 09:40:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.21 09:40:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.21 09:40:01 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Carsten\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\ CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Carsten\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\ CHR - Extension: Virtuelle Tastatur = C:\Users\Carsten\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\ CHR - Extension: Anti-Banner = C:\Users\Carsten\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (AusweisApp 1.7.0.0) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - D:\Program Files (x86)\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-4289525601-3959073678-4133125474-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo) O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe () O4 - HKLM..\Run: [KiesTrayAgent] D:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () O4 - HKLM..\Run: [ModeSwitch] C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe (Lenovo) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4289525601-3959073678-4133125474-1001..\Run: [] D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-4289525601-3959073678-4133125474-1001..\Run: [KiesAirMessage] D:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics) O4 - HKU\S-1-5-21-4289525601-3959073678-4133125474-1001..\Run: [KiesPDLR] D:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-4289525601-3959073678-4133125474-1001..\Run: [KiesPreload] D:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-4289525601-3959073678-4133125474-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4289525601-3959073678-4133125474-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O4 - Startup: C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = D:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html () O8:64bit: - Extra context menu item: Zu Evernote 4 hinzufügen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html () O8 - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html () O8 - Extra context menu item: Zu Evernote 4 hinzufügen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html () O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FA7145B-5D35-43F8-8DA6-D4A259C4B076}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C39F0F18-FB9D-431E-ADCB-243A0854C618}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.20 15:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Magical Jelly Bean [2013.01.20 15:22:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder [2013.01.17 21:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2013.01.17 20:09:31 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Carsten\Desktop\tdsskiller.exe [2013.01.17 20:07:07 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Carsten\Desktop\aswMBR.exe [2013.01.15 21:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.15 21:27:11 | 000,000,000 | ---D | C] -- C:\Users\Carsten\Desktop\mbar-1.01.0.1016 [2013.01.13 20:26:00 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll [2013.01.13 20:26:00 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll [2013.01.13 20:26:00 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll [2013.01.13 20:26:00 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll [2013.01.13 20:26:00 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs [2013.01.13 20:26:00 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs [2013.01.13 20:26:00 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs [2013.01.13 20:26:00 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs [2013.01.13 20:26:00 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs [2013.01.13 20:26:00 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs [2013.01.13 20:26:00 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs [2013.01.13 20:26:00 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs [2013.01.13 20:26:00 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs [2013.01.13 20:26:00 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs [2013.01.13 20:26:00 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs [2013.01.13 20:26:00 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs [2013.01.13 20:26:00 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs [2013.01.13 20:26:00 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs [2013.01.13 20:26:00 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs [2013.01.13 20:26:00 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs [2013.01.13 20:26:00 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs [2013.01.13 20:26:00 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs [2013.01.13 20:26:00 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs [2013.01.13 20:26:00 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs [2013.01.13 20:25:59 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs [2013.01.13 20:25:59 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs [2013.01.13 20:25:59 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs [2013.01.13 20:25:59 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs [2013.01.13 20:25:59 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs [2013.01.13 20:25:59 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs [2013.01.13 20:25:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs [2013.01.13 20:25:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs [2013.01.13 20:25:55 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2013.01.13 20:25:55 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2013.01.13 20:25:55 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2013.01.13 20:25:55 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2013.01.13 20:25:55 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2013.01.13 20:25:55 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2013.01.13 20:25:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2013.01.13 20:25:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2013.01.13 20:25:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2013.01.13 20:25:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2013.01.13 20:25:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2013.01.13 20:25:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.13 20:25:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.13 20:25:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.13 20:25:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.13 20:25:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2013.01.13 20:25:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.13 20:25:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.13 20:25:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.13 20:25:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.13 20:25:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.13 20:25:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.13 20:25:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.13 20:25:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.13 20:25:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.13 20:25:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.13 20:25:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.13 20:25:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.13 20:25:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.13 20:25:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.13 20:25:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2013.01.13 20:25:52 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2013.01.13 20:25:47 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll [2013.01.13 20:25:47 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2013.01.13 20:25:47 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll [2013.01.13 20:25:47 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe [2013.01.13 18:22:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Carsten\Desktop\OTL.exe [2012.12.28 20:09:30 | 000,000,000 | ---D | C] -- C:\Users\Carsten\AppData\Local\{7EF4B7F6-B561-4B39-9C8F-3963D3EF2E66} [2012.12.24 11:36:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump [2012.12.24 11:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec [2012.12.24 11:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyFree Codec [2012.12.24 11:21:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer 2013 ========== Files - Modified Within 30 Days ========== [2013.01.21 19:41:20 | 000,000,002 | ---- | M] () -- C:\windows\SysNative\drives.rev [2013.01.21 19:41:13 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.21 19:41:09 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat [2013.01.21 19:40:43 | 000,643,156 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.01.21 19:40:43 | 000,614,722 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.01.21 19:40:43 | 000,126,552 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.01.21 19:40:43 | 000,103,234 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.01.21 19:40:38 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.21 19:40:38 | 000,020,688 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.20 17:56:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.20 16:36:59 | 001,507,502 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.01.20 15:10:05 | 000,000,975 | ---- | M] () -- C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2013.01.19 11:03:34 | 000,574,677 | ---- | M] () -- C:\Users\Carsten\Desktop\adwcleaner.exe [2013.01.17 20:18:36 | 000,000,512 | ---- | M] () -- C:\Users\Carsten\Desktop\MBR.dat [2013.01.17 20:09:35 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Carsten\Desktop\tdsskiller.exe [2013.01.17 20:08:08 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Carsten\Desktop\aswMBR.exe [2013.01.15 21:17:07 | 013,462,931 | ---- | M] () -- C:\Users\Carsten\Desktop\mbar-1.01.0.1016.zip [2013.01.13 20:33:31 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.01.13 20:33:31 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.13 20:31:37 | 000,365,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.01.13 18:31:58 | 000,365,568 | ---- | M] () -- C:\Users\Carsten\Desktop\gmer-2.0.18444.exe [2013.01.13 18:22:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Carsten\Desktop\OTL.exe [2013.01.13 18:21:31 | 000,000,000 | ---- | M] () -- C:\Users\Carsten\defogger_reenable [2013.01.13 18:20:04 | 000,050,477 | ---- | M] () -- C:\Users\Carsten\Desktop\Defogger.exe [2013.01.12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.01.12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2012.12.24 11:26:12 | 000,000,675 | ---- | M] () -- C:\windows\wiso.ini [2012.12.24 11:23:31 | 000,000,990 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk ========== Files Created - No Company Name ========== [2013.01.19 11:03:34 | 000,574,677 | ---- | C] () -- C:\Users\Carsten\Desktop\adwcleaner.exe [2013.01.17 20:18:36 | 000,000,512 | ---- | C] () -- C:\Users\Carsten\Desktop\MBR.dat [2013.01.15 21:16:59 | 013,462,931 | ---- | C] () -- C:\Users\Carsten\Desktop\mbar-1.01.0.1016.zip [2013.01.13 18:31:58 | 000,365,568 | ---- | C] () -- C:\Users\Carsten\Desktop\gmer-2.0.18444.exe [2013.01.13 18:21:31 | 000,000,000 | ---- | C] () -- C:\Users\Carsten\defogger_reenable [2013.01.13 18:20:04 | 000,050,477 | ---- | C] () -- C:\Users\Carsten\Desktop\Defogger.exe [2012.12.24 11:23:31 | 000,000,990 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2012.01.15 16:42:27 | 000,430,080 | ---- | C] ( ) -- C:\windows\SysWow64\LMUD1O32comc.dll [2012.01.15 16:09:17 | 000,000,675 | ---- | C] () -- C:\windows\wiso.ini [2012.01.14 14:48:15 | 000,000,394 | ---- | C] () -- C:\windows\hbcikrnl.ini [2012.01.14 14:48:10 | 000,167,936 | ---- | C] () -- C:\windows\SysWow64\SerialXP.dll [2012.01.14 14:48:10 | 000,027,648 | ---- | C] () -- C:\windows\SysWow64\win32com.dll [2012.01.14 12:10:34 | 001,526,976 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\windows\SysWow64\nvStreaming.exe [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat [2011.09.21 07:08:37 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe [2011.09.21 07:08:37 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe [2011.09.21 06:14:22 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2011.09.21 06:12:48 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2011.02.12 20:35:47 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
Themen zu Trojaner HEUR:Exploit.Java.CVE-2012-0507.gen und HEUR:Exploit.Java.Generic |
backups, bericht, beseitigen, datei, datein, entfernung, ergebnisse, exploit, extras, freue, gefunde, gmer, google, hallo zusammen, heur, heur:, heur:exploit.java.cve-2012-0507.gen, heur:exploit.java.generic, hoffe, java., kaspersky, laufen, programme, rojaner gefunden, september, troja, trojaner, verteilen, warum, zusammen, zweimal |