| |
| |||||||
Log-Analyse und Auswertung: PC sauber? Spybot kann Funde nicht bereinigenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.01.2013, 18:24
| #1 |
 |  PC sauber? Spybot kann Funde nicht bereinigen Hey liebe Trojaners  ,erstmal danke, dass es Euch gibt, ihr seid ein Lichtblick in der Welt, konntet mir schon einige Male helfen. Ich habe keine akuten Probleme, aber die aktuell vorliegende Installation musste ich schon ein paar mal von Bösewichten befreien, alles immer self-made, somit war ich nie sicher ob denn wirklich alles weg ist. Nun hab' ich mich mal wieder aufgemacht und diverse Anti-Malware-Programme etc. durchlaufen lassen und festgestellt, dass Spybot einige Funde nicht beheben kann. Ich will einfach von Profis mal das System angeschaut bekommen, denn ich vermute, dass da noch Leichen schlummern....... Der Quick-Scan von " Malwarebytes Anti-Malware " war übrigens ergebnislos. Die OTL-Log war 2kb größer als die erlaubte maximale Upload-Größe, daher hab' ich sie geteilt. Vielen Dank schon mal für jegliche Mühe! Gruß, Fritschii |
|
18.01.2013, 15:25
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PC sauber? Spybot kann Funde nicht bereinigen Hallo und
__________________ Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen? Logfiles im Anhang erschweren die Auswertung massivst Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
19.01.2013, 19:45
| #3 |
| | PC sauber? Spybot kann Funde nicht bereinigen Ich habe versucht die Anleitung zur Thread-Erstellung so ganau wie möglich zu befolgen, wofür ich folgendes gemacht habe:
__________________In der "Log-Analyse und Auswertung"-Rubrik habe ich die "Ankündigung: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" geöffnet, dort bei "Bitte unbedingt lesen und Beachten!" dem Link "http://www.trojaner-board.de/69886-f...-beachten.html" zur Anleitung von "Sunny" gefolgt. Dort heißt es am Ende von Punkt "3": Code:
ATTFilter Erstelle ein neues Thema und poste den Inhalt von
OTL.txt
EXTRAS.txt
Gmer.txt
Um Deine Frage also zumindest was meine Vorgehensweise betrifft zu beantworten, so hätte Deine Anleitung zum Inhaltposten, die Du mir hier als Antwort gegeben hast, in Sunnys Anleitung stehen müssen. Übrigens habe ich festgestellt, dass anscheinend automatisch Titel für die Codes erstellt werden, zumindest für OTL. Wenn ihr für alle Codes auch noch passende Überschriften haben wollt, könnte man das in Deine Anleitung mit aufnehmen. Ich gehe mal davon aus, dass Du mir versuchen wirst zu helfen nachdem ich meine Anhänge als Code gepostet habe, darum tu ich das jetzt hier. Für die Spybot-Logfile war die zulässige Beitragslänge überschritten und nachdem diese von Euch sowieso nicht explizit angefordert ist, lass ich die jetzt raus (ist ja als Anhang oben enthalten), womit die Beitragslänge nun zulässig wurde. Nun, nachdem ich ein braver User war, hoffe ich auf Hilfe  Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:29 on 15/01/2013 (Oraleva)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 15.01.2013 16:35:58 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,07% Memory free 15,99 Gb Paging File | 14,14 Gb Available in Paging File | 88,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 19,51 Gb Free Space | 20,00% Space Free | Partition Type: NTFS Drive D: | 833,86 Gb Total Space | 100,17 Gb Free Space | 12,01% Space Free | Partition Type: NTFS Drive I: | 1863,01 Gb Total Space | 1148,36 Gb Free Space | 61,64% Space Free | Partition Type: NTFS Computer Name: NIGHTFALL | User Name: Oraleva | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.15 16:28:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe PRC - [2012.12.18 15:28:26 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012.12.18 06:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:12:20 | 003,084,688 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG 2013\avgui.exe PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG 2013\avgidsagent.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG 2013\avgwdsvc.exe PRC - [2012.09.26 15:56:20 | 000,522,232 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012.08.07 20:20:56 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe PRC - [2012.08.07 20:20:48 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2011.12.30 11:27:34 | 000,074,752 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe PRC - [2010.09.09 14:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] ( ASUSTeK Computer Inc.) -- C:\Treiber\EPU\EPU.exe PRC - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe ========== Modules (No Company Name) ========== MOD - [2012.12.18 15:28:44 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Treiber\EPU\pngio.dll MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Treiber\EPU\AsSpindownTimeout.dll MOD - [2009.09.30 04:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Treiber\EPU\AsusService.dll MOD - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.07.28 03:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.01.11 18:43:12 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 06:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:12:20 | 003,084,688 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG 2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG 2013\avgwdsvc.exe -- (avgwd) SRV - [2012.09.26 15:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012.08.07 20:20:56 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB) SRV - [2012.08.07 20:20:48 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.08.06 11:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.02.29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.12.30 11:27:34 | 000,074,752 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2011.09.18 00:10:40 | 000,167,936 | ---- | M] (Softomotive) [On_Demand | Stopped] -- C:\Programme\WinAutomation\WinAutomation.ServiceAgent.exe -- (WinAutomation Service) SRV - [2010.12.14 16:17:12 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.11.02 15:38:32 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.26 15:45:44 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.28 05:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.28 02:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.06.07 16:25:20 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.05.27 17:18:08 | 000,103,512 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stdriver64.sys -- (stdriver) DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.10 01:38:43 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.10.10 01:38:43 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.23 04:11:05 | 000,037,888 | ---- | M] (IC Plus Corp. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfnd51.sys -- (ip100Avista) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.04.27 02:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.04.27 02:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.03.02 12:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2010.01.11 12:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2012.12.14 15:53:18 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys -- (a2acc) DRV - [2012.03.05 15:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2011.05.19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 4E 67 51 BA D5 CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:1.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com')%20%7B%20return%20'PROXY%20us05.personalitycores.com%3A8000'%3B%7D%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.11 17:38:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 18:43:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 18:43:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 18:43:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.11 18:43:10 | 000,000,000 | ---D | M] [2011.02.26 14:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Extensions [2013.01.11 19:28:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Firefox\Profiles\q9kd1fj1.default\extensions [2013.01.11 17:54:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Firefox\Profiles\q9kd1fj1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.01.11 19:28:52 | 000,300,446 | ---- | M] () (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\firefox\profiles\q9kd1fj1.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013.01.07 15:56:49 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\firefox\profiles\q9kd1fj1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013.01.11 18:43:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.11 18:43:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.01.11 17:38:03 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2013.01.11 18:43:12 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.10 17:46:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 14:36:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.10 17:46:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.11.10 17:46:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.10 17:46:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.10 17:46:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.01.14 22:54:29 | 000,888,494 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15286 more lines... O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Programme\Classic Shell\ClassicStartMenu.exe (IvoSoft) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG 2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [Six Engine] C:\Treiber\EPU\EPU.exe ( ASUSTeK Computer Inc.) O4 - HKLM..\Run: [StartCCC] C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files (x86)\Portable Offline Browser\Add_UrlO.htm () O8:64bit: - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files (x86)\Portable Offline Browser\Add_AllO.htm () O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files (x86)\Portable Offline Browser\Add_UrlO.htm () O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files (x86)\Portable Offline Browser\Add_AllO.htm () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.10.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0991080A-0A03-479D-9950-7F865179AD56}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72E52CF6-1902-46CB-8434-BE0DB963E4A2}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d668de71-e08e-11e1-81fa-bcaec52abc04}\Shell - "" = AutoRun O33 - MountPoints2\{d668de71-e08e-11e1-81fa-bcaec52abc04}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{d668dede-e08e-11e1-81fa-bcaec52abc04}\Shell - "" = AutoRun O33 - MountPoints2\{d668dede-e08e-11e1-81fa-bcaec52abc04}\Shell\AutoRun\command - "" = E:\ME1_DE.exe O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.11 18:43:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.11 15:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.01.03 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.01.03 21:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.01.03 21:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.01.03 21:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012.12.22 03:07:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.20 17:19:23 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.20 17:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.18 04:16:13 | 000,397,312 | ---- | C] (Koyote Soft) -- C:\Windows\SysWow64\TubeFinder.exe [2012.12.18 04:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter [2012.12.18 04:16:12 | 000,000,000 | ---D | C] -- C:\Users\Oraleva\AppData\Roaming\FreeFLVConverter [2012.12.18 04:15:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.15 16:38:28 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.15 16:38:28 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.15 16:30:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.15 16:30:47 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys [2013.01.15 16:29:05 | 000,000,020 | ---- | M] () -- C:\Users\Oraleva\defogger_reenable [2013.01.15 15:35:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.14 22:54:29 | 000,888,494 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.01.14 19:53:45 | 001,622,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.14 19:53:45 | 000,700,358 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.14 19:53:45 | 000,655,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.14 19:53:45 | 000,149,154 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.14 19:53:45 | 000,121,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.11 15:31:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.01.11 15:24:07 | 000,415,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 17:27:53 | 001,598,970 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.07 22:54:30 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect Deluxe Edition.lnk [2012.12.25 05:04:51 | 000,000,598 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk [2012.12.20 17:32:04 | 000,007,609 | ---- | M] () -- C:\Users\Oraleva\AppData\Local\Resmon.ResmonCfg [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.15 16:29:05 | 000,000,020 | ---- | C] () -- C:\Users\Oraleva\defogger_reenable [2013.01.07 22:54:30 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect Deluxe Edition.lnk [2013.01.03 21:31:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.25 05:04:51 | 000,000,598 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk [2012.12.20 17:32:04 | 000,007,609 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\Resmon.ResmonCfg [2012.12.20 17:19:24 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.18 04:16:18 | 000,001,177 | ---- | C] () -- C:\Users\Oraleva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free FLV Converter.lnk [2012.12.18 04:16:12 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx [2012.12.18 04:16:12 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb [2012.12.18 04:16:12 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx [2012.11.07 15:49:00 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2012.08.07 20:20:49 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.08.07 20:20:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.06.21 09:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.06.11 05:18:14 | 000,019,002 | ---- | C] () -- C:\Users\Oraleva\.recently-used.xbel [2012.05.24 22:09:56 | 000,114,688 | ---- | C] () -- C:\Windows\Lavish.dll [2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.31 15:00:29 | 000,010,639 | ---- | C] () -- C:\Users\Oraleva\WiehlerZ_elster_2048.pfx [2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.29 08:28:08 | 000,000,798 | ---- | C] () -- C:\Windows\wiso.ini [2012.02.19 18:46:33 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2012.02.19 18:46:33 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2012.01.06 21:49:45 | 000,000,393 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\HamsterVideoConverterSettings.cfg [2012.01.06 20:11:52 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.01.06 20:11:52 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.01.06 20:11:52 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.01.06 20:11:52 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2012.01.06 20:11:51 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.01.06 19:23:55 | 000,007,680 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.12 18:00:09 | 000,001,526 | ---- | C] () -- C:\Users\Oraleva\AppData\Roaming\No23 Recorder.lnk [2011.11.08 16:21:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.06.24 23:33:01 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011.06.24 23:33:00 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011.06.24 23:33:00 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011.06.24 23:11:35 | 000,027,089 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011.04.02 13:03:14 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyserv.dll [2011.04.02 13:03:14 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyusb1.dll [2011.04.02 13:03:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhbn3.dll [2011.04.02 13:03:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomc.dll [2011.04.02 13:03:14 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypmui.dll [2011.04.02 13:03:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcylmpm.dll [2011.04.02 13:03:14 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycoms.exe [2011.04.02 13:03:14 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomm.dll [2011.04.02 13:03:14 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyinpa.dll [2011.04.02 13:03:14 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyiesc.dll [2011.04.02 13:03:14 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyih.exe [2011.04.02 13:03:14 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcycomx.dll [2011.04.02 13:03:14 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycfg.exe [2011.04.02 13:03:14 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcyinst.dll [2011.04.02 13:03:14 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyppls.exe [2011.04.02 13:03:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyprox.dll [2011.04.02 13:03:14 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypplc.dll [2011.03.20 18:51:08 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2011.03.08 13:08:07 | 001,598,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.01 19:12:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.26 01:17:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.02.26 00:30:19 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.02.26 00:30:19 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.02.26 00:30:17 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.02.26 00:30:17 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011.02.25 23:55:21 | 000,030,974 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.02.25 23:52:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.12.23 08:55:05 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Acoustica [2012.05.02 02:59:11 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Advanced Combat Tracker [2012.01.06 20:32:41 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Ashampoo [2013.01.10 17:21:26 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Audacity [2011.11.06 17:32:43 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\AVG2012 [2012.12.13 22:50:54 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\AVG2013 [2011.05.31 12:11:48 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Canneverbe Limited [2012.03.01 20:31:27 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Canon [2012.11.28 01:31:47 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Crossword Compiler Deutsch 8 [2012.08.07 14:28:36 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\DAEMON Tools [2013.01.14 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\DAEMON Tools Lite [2012.08.07 14:28:36 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\DAEMON Tools Pro [2012.06.25 23:41:49 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Dropbox [2012.05.27 17:03:20 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\DVDVideoSoft [2012.08.04 12:58:51 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\FileZilla [2013.01.08 02:20:37 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\foobar2000 [2012.12.20 01:18:53 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\FreeFLVConverter [2012.06.10 04:11:11 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\gtk-2.0 [2011.02.26 23:57:07 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\LockHunter [2012.08.31 14:33:23 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\LolClient [2011.07.26 18:36:02 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Notepad++ [2011.12.01 15:20:19 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\POB [2012.12.13 22:16:43 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\TuneUp Software [2011.12.10 04:37:35 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\UAs [2012.12.12 04:11:26 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Ubisoft [2011.09.05 23:23:31 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Unity [2011.12.03 05:38:31 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\VDownloader [2012.01.06 19:22:54 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Video DVD Maker FREE [2011.11.06 18:05:47 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\Xilisoft [2011.12.10 04:37:35 | 000,000,000 | ---D | M] -- C:\Users\Oraleva\AppData\Roaming\xmldm ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.01.2013 16:35:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,07% Memory free
15,99 Gb Paging File | 14,14 Gb Available in Paging File | 88,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 19,51 Gb Free Space | 20,00% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 100,17 Gb Free Space | 12,01% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 1148,36 Gb Free Space | 61,64% Space Free | Partition Type: NTFS
Computer Name: NIGHTFALL | User Name: Oraleva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to playlist] -- "C:\Program Files (x86)\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to playlist] -- "C:\Program Files (x86)\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E241E2F-D648-4A90-9903-CDC3288418C4}" = lport=137 | protocol=17 | dir=in | app=system |
"{0ED54C44-85D3-4B4E-9BCA-EDE056CDB6B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{161473B2-340C-48B1-A63A-597A4637E1CC}" = rport=138 | protocol=17 | dir=out | app=system |
"{356C42EB-2EE2-46B8-98D0-A29381AE1B60}" = lport=138 | protocol=17 | dir=in | app=system |
"{46E25BB4-321B-4A28-BCA5-7946876A59F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6C3C665F-A0D7-4EF9-924A-7A717B025898}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6EE50CD5-E6D4-4A56-8656-69A5CF192C66}" = lport=139 | protocol=6 | dir=in | app=system |
"{98D466BA-423A-45A9-ACC9-FB1F8DE99DC6}" = rport=139 | protocol=6 | dir=out | app=system |
"{9FDEEB32-05FF-4E9B-B8D5-9FD1EB9CA812}" = rport=445 | protocol=6 | dir=out | app=system |
"{A834399E-A280-42E5-BC37-0067CF41A34D}" = lport=445 | protocol=6 | dir=in | app=system |
"{B0559A10-B482-4D4E-9E02-D8F2429CBFBB}" = rport=137 | protocol=17 | dir=out | app=system |
"{CED7293A-C683-463F-AF4D-3D042DE3D32C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C87976-1071-4FF8-BB1F-12F832B9D656}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{04B93F66-CC9A-4A26-928D-2DE3CFEF1CAB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2B6238AB-AD3F-4648-A63C-201EE0FC2F59}" = protocol=6 | dir=in | app=c:\program files (x86)\avg 2013\avgdiagex.exe |
"{4371750A-C02B-4EA0-911C-07D2A330EBA8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{52C26434-7AFD-4661-9A83-F9F32ACFEE2B}" = protocol=58 | dir=in | app=system |
"{6A61D799-AB1E-4DAA-BB2E-AEFB9ECB9746}" = dir=in | name=lisa pc |
"{72D7C9D7-BA9C-438C-8B85-990184FC8910}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A5F29929-E36D-49F7-9AFB-AF533174C737}" = protocol=17 | dir=in | app=c:\program files (x86)\avg 2013\avgdiagex.exe |
"{DD2D2D60-118F-4249-8A91-CAEFB054CD27}" = protocol=6 | dir=in | app=c:\program files (x86)\avg 2013\avgnsa.exe |
"{E3D3E0D4-3928-4F87-BDB5-DF9010805AE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EFF03BBE-152D-48E7-A711-362DE1DE1F2F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg 2013\avgnsa.exe |
"{FE20DE68-5F3C-449A-81DB-081A44A25F8F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"TCP Query User{10CAB2F0-4F68-4162-9B50-C7DB400DFBDF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{14EF3ACF-9647-4DC2-B237-4D0B02661A9A}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{297E2A22-1418-440E-B96C-6DEAA3FB58EA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{42426BF4-1288-4D96-962F-E89D4E084FCC}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{66A0F974-5E12-4E9D-A123-B1C6B6BA9804}" = Classic Shell
"{67F5E390-8E09-4AE4-B7F2-705AFD23D86D}" = WinAutomation
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013
"{D2FEF059-3942-4E50-B825-4E208DBC63F2}_is1" = Half-Life Singleplayer Edition 2012
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F91E2EF2-CD31-4727-816F-F73F772F5FE6}" = AVG 2013
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2013
"CCleaner" = CCleaner
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3844035A-9429-4E54-86B0-6EE3778BA3FB}_is1" = The Elder Scrolls V: Skyrim
"{39AE731B-85B7-4004-8FF7-58989943A68B}" = GoGear SA19xx Device Manager
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3BB70E64-28C9-4FA9-B702-C30D29CC7B74}_is1" = Broken Sword 2 Remastered version 1.0
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A5C7818C-27AC-4A71-BEDF-BA5652D2CC36}_is1" = Mass Effect Deluxe Edition
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.6.943
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5E66589-11D4-4DE5-90F3-1AD5E98ABD3E}" = Civilization III - Play the World v1.27F
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"5513-1208-7298-9440" = JDownloader 0.9
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Acoustica Premium Edition_is1" = Acoustica Premium Edition 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.60
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AudibleManager" = AudibleManager
"BOSS" = BOSS
"Broken Sword: Shadow of the Templar's Directors Cut_is1" = Broken Sword: Shadow of the Templar's Directors Cut
"Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Crossword Compiler Deutsch 8 Testversion" = Crossword Compiler Deutsch 8 Testversion
"Debut" = Debut Video Capture Software
"Determinance_is1" = Determinance
"Diablo II" = Diablo II
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"DiskSpeed32" = DiskSpeed32
"DivX Setup.divx.com" = DivX-Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"FileZilla Client" = FileZilla Client 3.5.1
"foobar2000" = foobar2000 v1.1.7
"Fraps" = Fraps
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.22.508
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.3.908
"Free YouTube Downloader Converter" = Free YouTube Downloader Converter
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.1
"GeoGebra" = GeoGebra
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Jagged Alliance 2 Gold" = Jagged Alliance 2 Gold
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MetaProducts Portable Offline Browser" = MetaProducts Portable Offline Browser
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Notepad++" = Notepad++
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"ResourceHacker_is1" = Resource Hacker Version 3.5.2
"Sonique15" = Sonique
"Soulseek" = SoulSeek Client 156c
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Hero Editor V0.96
"Steamless_FakeFactory_CM10" = Steamless_FakeFactory_CM10
"SubtitleWorkshop" = Subtitle Workshop 2.51
"The Elder Scrolls V Hearthfire DLC Englische Version 1.00" = The Elder Scrolls V Hearthfire DLC Englische Version 1.00
"The Elder Scrolls V Skyrim - Dawnguard DLC Englische Version 1.00" = The Elder Scrolls V Skyrim - Dawnguard DLC Englische Version 1.00
"The Elder Scrolls V Skyrim Update 11 (1.8.151.0.7) Englische Version 1.00" = The Elder Scrolls V Skyrim Update 11 (1.8.151.0.7) Englische Version 1.00
"The Elder Scrolls V™ SKYRIM HD EDITION_is1" = The Elder Scrolls V™ SKYRIM HD EDITION
"TheHive_is1" = The Hive 1.2
"Ultima Online Second Age" = Ultima Online Second Age 5.0.8.3
"VLC media player" = VLC media player 1.1.7
"WinAutomation" = WinAutomation
"WinPcapInst" = WinPcap 4.1.1
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"Dragon Age Awakening Redesigned" = Dragon Age Awakening Redesigned
"Dragon Age Awakening Velanna Redesigned©" = Dragon Age Awakening Velanna Redesigned©
"Dragon Age Redesigned © Morrigan" = Dragon Age Redesigned © Morrigan
"Dragon Age Redesigned Oghren©" = Dragon Age Redesigned Oghren©
"Dragon Age Redesigned©" = Dragon Age Redesigned©
"Dragon Age Redesigned© Zevran" = Dragon Age Redesigned© Zevran
"Dragon Age Redesigned© Leliana" = Dragon Age Redesigned© Leliana
"GeoGebra WebStart" = GeoGebra WebStart
"SOE-EverQuest" = EverQuest
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Xilisoft DVD Audio Ripper 6" = Xilisoft DVD Audio Ripper 6
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11.01.2013 19:31:02 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 12.01.2013 01:54:03 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x718 Startzeit der fehlerhaften Anwendung: 0x01cdf0074ed16c95
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
77ab9ff9-5c7c-11e2-bc4a-bcaec52abc04
Error - 12.01.2013 19:54:08 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 13.01.2013 02:02:01 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x750 Startzeit der fehlerhaften Anwendung: 0x01cdf0b6a7f9e0ee
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
becd7989-5d46-11e2-b3c7-bcaec52abc04
Error - 13.01.2013 22:23:13 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 14.01.2013 02:37:19 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x760 Startzeit der fehlerhaften Anwendung: 0x01cdf194761f6ff8
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
d7c50fec-5e14-11e2-b8b7-bcaec52abc04
Error - 15.01.2013 00:45:33 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x73c Startzeit der fehlerhaften Anwendung: 0x01cdf26996f75024
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
64b13282-5ece-11e2-89f0-00059a3c7a00
Error - 15.01.2013 10:59:53 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 15.01.2013 11:09:56 | Computer Name = Nightfall | Source = MsiInstaller | ID = 11609
Description =
Error - 15.01.2013 11:29:30 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x7a0 Startzeit der fehlerhaften Anwendung: 0x01cdf324f5e1bae1
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
5a84df1d-5f28-11e2-9f78-bcaec52abc04
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108865
Description = Function: CWinsecApiImpersonateUser::acquireTokens File: .\IPC\WinsecAPI.cpp
Line:
101 CWinsecApiImpersonateUser::getUserImpersonationToken returned NULL
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser File:
.\IPC\WinsecAPI.cpp Line: 81 Invoked Function: CWinsecApiImpersonateUser::acquireTokens
Return
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertUtils::CCapiCertUtils File: .\Certificates\CapiCertUtils.cpp
Line:
92 Invoked Function: CWinsecApiImpersonateUser::CWinsecApiImpersonateUser Return
Code: -32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertStore::CCapiCertStore File: .\Certificates\CapiCertStore.cpp
Line:
70 Invoked Function: CapiCertUtils Return Code: -32767981 (0xFE0C0013) Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore File: .\Certificates\CapiCertSmartcardStore.cpp
Line:
40 Invoked Function: CCapiCertStore::CCapiCertStore Return Code: -32767981 (0xFE0C0013)
Description:
WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CCollectiveCertStore::addCapiSmartcardStore File: .\Certificates\CollectiveCertStore.cpp
Line:
1101 Invoked Function: CCapiCertSmartcardStore::CCapiCertSmartcardStore Return Code:
-32767981 (0xFE0C0013) Description: WINSECAPI_ERROR_GETUSERIMPERSONATIONTOKEN_FAILED
Error - 15.01.2013 11:31:02 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 15.01.2013 11:31:34 | Computer Name = Nightfall | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
<C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
Host discarded.
Error - 15.01.2013 11:31:39 | Computer Name = Nightfall | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 15.01.2013 11:31:39 | Computer Name = Nightfall | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1127 NULL object. Cannot establish a connection at this time.
[ OSession Events ]
Error - 31.10.2011 12:15:53 | Computer Name = Nightfall | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1026
seconds with 780 seconds of active time. This session ended with a crash.
Error - 01.10.2012 13:58:44 | Computer Name = Nightfall | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1313
seconds with 420 seconds of active time. This session ended with a crash.
[ Spybot - Search and Destroy Events ]
Error - 13.12.2012 17:08:20 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 17:09:05 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 17:12:40 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 17:15:32 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 18:13:19 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 18:14:07 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 18:29:49 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 14.01.2013 19:19:39 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 14.01.2013 19:19:55 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 15.01.2013 09:36:59 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 15.01.2013 09:33:53 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 15.01.2013 09:33:54 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 15.01.2013 09:34:24 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 15.01.2013 09:34:55 | Computer Name = Nightfall | Source = DCOM | ID = 10016
Description =
Error - 15.01.2013 11:29:30 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 15.01.2013 11:29:31 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7034
Description = Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 15.01.2013 11:30:58 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 15.01.2013 11:30:59 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 15.01.2013 11:31:07 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 15.01.2013 11:32:00 | Computer Name = Nightfall | Source = DCOM | ID = 10016
Description =
< End of report >
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-15 17:54:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Oraleva\AppData\Local\Temp\fxlirpow.sys
---- User code sections - GMER 2.0 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074cf17fa 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074cf1860 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074cf1942 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074cf194d 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076cb1401 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076cb1419 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076cb1431 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076cb144a 2 bytes [CB, 76]
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076cb14dd 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076cb14f5 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076cb150d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076cb1525 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076cb153d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076cb1555 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076cb156d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076cb1585 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076cb159d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076cb15b5 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076cb15cd 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076cb16b2 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076cb16bd 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000074cf17fa 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074cf1860 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074cf1942 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000074cf194d 2 bytes [CF, 74]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076cb1401 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076cb1419 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076cb1431 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076cb144a 2 bytes [CB, 76]
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076cb14dd 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076cb14f5 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076cb150d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076cb1525 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076cb153d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076cb1555 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076cb156d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076cb1585 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076cb159d 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076cb15b5 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076cb15cd 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076cb16b2 2 bytes [CB, 76]
.text C:\Windows\SysWOW64\PnkBstrB.exe[2684] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076cb16bd 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000076cb1401 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000076cb1419 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000076cb1431 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000076cb144a 2 bytes [CB, 76]
.text ... * 9
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000076cb14dd 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000076cb14f5 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000076cb150d 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076cb1525 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000076cb153d 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000076cb1555 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000076cb156d 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000076cb1585 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000076cb159d 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000076cb15b5 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000076cb15cd 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000076cb16b2 2 bytes [CB, 76]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2728] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000076cb16bd 2 bytes [CB, 76]
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\AVG 2013\avgidsagent.exe [2028:4128] 0000000074cb62ee
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:3468] 000007fef4c7cc10
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:3532] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:5100] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4192] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4248] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4532] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4564] 000007fef4c4f718
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4632] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4472] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4476] 000007fef4b3143c
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:4892] 000007fef5176050
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:3248] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312:656] 000007fef4b3b564
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:4444] 000007fefae72a7c
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5436] 000000006d746c88
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5516] 000007fee9186380
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5520] 000007fee9186380
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5524] 000007fee9186380
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5528] 000007fee9186380
Thread C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944:5616] 000007fee848e480
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG 2013\avgidsagent.exe [2028] 0000000072500000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2916] 0000000002fe0000
Library ? (*** suspicious ***) @ C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\MOM.exe [2312] 000007fef54c0000
Library ? (*** suspicious ***) @ C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Core-Static\CCC.exe [4944] 000007fefc5c0000
---- Registry - GMER 2.0 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0x75 0xA1 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite 4.35\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2D 0xF6 0x9A 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDA 0xEF 0x72 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0x35 0x99 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x05 0x75 0xA1 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite 4.35\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x2D 0xF6 0x9A 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDA 0xEF 0x72 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6B 0x35 0x99 0xA6 ...
---- EOF - GMER 2.0 ----
|
|
20.01.2013, 19:44
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC sauber? Spybot kann Funde nicht bereinigen Ok, danke für die Erklärung  Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.01.2013, 06:49
| #5 | |
| | PC sauber? Spybot kann Funde nicht bereinigenZitat:
|
|
21.01.2013, 10:08
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC sauber? Spybot kann Funde nicht bereinigen Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> PC sauber? Spybot kann Funde nicht bereinigen |
|
21.01.2013, 20:44
| #7 |
| | PC sauber? Spybot kann Funde nicht bereinigen 1.Scan = 1 Bedrohung Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.21.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Oraleva :: NIGHTFALL [administrator]
21.01.2013 19:00:10
mbar-log-2013-01-21 (19-00-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30313
Time elapsed: 7 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\Windows\System32\gema.exe (Trojan.Ransom) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.21.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Oraleva :: NIGHTFALL [administrator]
21.01.2013 19:42:32
mbar-log-2013-01-21 (19-42-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30357
Time elapsed: 6 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
22.01.2013, 09:59
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC sauber? Spybot kann Funde nicht bereinigen 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.01.2013, 08:42
| #9 |
| | PC sauber? Spybot kann Funde nicht bereinigen aswMBR Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-22 19:20:11
-----------------------------
19:20:11.020 OS Version: Windows x64 6.1.7601 Service Pack 1
19:20:11.020 Number of processors: 4 586 0x403
19:20:11.020 ComputerName: NIGHTFALL UserName: Oraleva
19:20:11.540 Initialize success
19:22:47.061 AVAST engine defs: 13012200
19:23:58.810 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:23:58.817 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
19:23:58.832 Disk 0 MBR read successfully
19:23:58.840 Disk 0 MBR scan
19:23:58.852 Disk 0 Windows 7 default MBR code
19:23:58.870 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
19:23:58.887 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99899 MB offset 206848
19:23:58.900 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 853868 MB offset 204800000
19:23:58.927 Disk 0 scanning C:\Windows\system32\drivers
19:24:07.325 Service scanning
19:24:23.903 Modules scanning
19:24:23.933 Disk 0 trace - called modules:
19:24:23.950 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:24:23.955 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b71790]
19:24:23.965 3 CLASSPNP.SYS[fffff8800198743f] -> nt!IofCallDriver -> [0xfffffa8007abb9b0]
19:24:23.973 5 ACPI.sys[fffff88000f007a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b6f680]
19:24:24.210 AVAST engine scan C:\Windows
19:24:25.855 AVAST engine scan C:\Windows\system32
19:26:55.267 AVAST engine scan C:\Windows\system32\drivers
19:27:03.623 AVAST engine scan C:\Users\Oraleva
19:31:15.949 AVAST engine scan C:\ProgramData
19:32:03.860 Scan finished successfully
04:29:01.478 Disk 0 MBR has been saved successfully to "C:\Users\Oraleva\Desktop\MBR.dat"
04:29:01.483 The log file has been saved successfully to "C:\Users\Oraleva\Desktop\aswMBR.txt"
Code:
ATTFilter 04:29:23.0995 4392 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
04:29:24.0307 4392 ============================================================
04:29:24.0307 4392 Current date / time: 2013/01/23 04:29:24.0307
04:29:24.0307 4392 SystemInfo:
04:29:24.0307 4392
04:29:24.0307 4392 OS Version: 6.1.7601 ServicePack: 1.0
04:29:24.0307 4392 Product type: Workstation
04:29:24.0307 4392 ComputerName: NIGHTFALL
04:29:24.0307 4392 UserName: Oraleva
04:29:24.0307 4392 Windows directory: C:\Windows
04:29:24.0307 4392 System windows directory: C:\Windows
04:29:24.0307 4392 Running under WOW64
04:29:24.0307 4392 Processor architecture: Intel x64
04:29:24.0307 4392 Number of processors: 4
04:29:24.0307 4392 Page size: 0x1000
04:29:24.0307 4392 Boot type: Normal boot
04:29:24.0307 4392 ============================================================
04:29:25.0110 4392 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:29:25.0112 4392 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
04:29:34.0565 4392 ============================================================
04:29:34.0565 4392 \Device\Harddisk0\DR0:
04:29:34.0565 4392 MBR partitions:
04:29:34.0565 4392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
04:29:34.0565 4392 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
04:29:34.0565 4392 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x683B6000
04:29:34.0565 4392 \Device\Harddisk1\DR1:
04:29:34.0568 4392 MBR partitions:
04:29:34.0568 4392 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x40, BlocksNum 0xE8E07481
04:29:34.0568 4392 ============================================================
04:29:34.0600 4392 C: <-> \Device\Harddisk0\DR0\Partition2
04:29:34.0633 4392 D: <-> \Device\Harddisk0\DR0\Partition3
04:29:34.0665 4392 I: <-> \Device\Harddisk1\DR1\Partition1
04:29:34.0665 4392 ============================================================
04:29:34.0665 4392 Initialize success
04:29:34.0665 4392 ============================================================
04:30:52.0684 4712 ============================================================
04:30:52.0684 4712 Scan started
04:30:52.0684 4712 Mode: Manual; SigCheck; TDLFS;
04:30:52.0684 4712 ============================================================
04:30:53.0219 4712 ================ Scan system memory ========================
04:30:53.0219 4712 System memory - ok
04:30:53.0219 4712 ================ Scan services =============================
04:30:53.0356 4712 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
04:30:53.0504 4712 1394ohci - ok
04:30:53.0574 4712 [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
04:30:53.0614 4712 a2acc - ok
04:30:53.0709 4712 [ C6D0B4BF12036D1EE092D2F5EF436FC7 ] a2AntiMalware C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
04:30:53.0751 4712 a2AntiMalware - ok
04:30:53.0769 4712 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
04:30:53.0776 4712 A2DDA - ok
04:30:53.0786 4712 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
04:30:53.0799 4712 ACPI - ok
04:30:53.0829 4712 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
04:30:53.0899 4712 AcpiPmi - ok
04:30:53.0946 4712 [ E5568164C070A4988BD79C896920B3C6 ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
04:30:53.0976 4712 acsock - ok
04:30:54.0081 4712 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
04:30:54.0096 4712 AdobeARMservice - ok
04:30:54.0136 4712 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
04:30:54.0156 4712 adp94xx - ok
04:30:54.0176 4712 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
04:30:54.0191 4712 adpahci - ok
04:30:54.0211 4712 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
04:30:54.0224 4712 adpu320 - ok
04:30:54.0251 4712 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
04:30:54.0376 4712 AeLookupSvc - ok
04:30:54.0416 4712 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
04:30:54.0481 4712 AFD - ok
04:30:54.0504 4712 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
04:30:54.0514 4712 agp440 - ok
04:30:54.0534 4712 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
04:30:54.0566 4712 ALG - ok
04:30:54.0581 4712 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
04:30:54.0591 4712 aliide - ok
04:30:54.0634 4712 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
04:30:54.0694 4712 AMD External Events Utility - ok
04:30:54.0736 4712 AMD FUEL Service - ok
04:30:54.0746 4712 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
04:30:54.0756 4712 amdide - ok
04:30:54.0769 4712 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
04:30:54.0776 4712 amdiox64 - ok
04:30:54.0794 4712 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
04:30:54.0841 4712 AmdK8 - ok
04:30:54.0979 4712 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
04:30:55.0144 4712 amdkmdag - ok
04:30:55.0166 4712 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
04:30:55.0194 4712 amdkmdap - ok
04:30:55.0211 4712 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
04:30:55.0231 4712 AmdPPM - ok
04:30:55.0269 4712 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
04:30:55.0294 4712 amdsata - ok
04:30:55.0304 4712 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
04:30:55.0316 4712 amdsbs - ok
04:30:55.0329 4712 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
04:30:55.0341 4712 amdxata - ok
04:30:55.0404 4712 AODDriver4.01 - ok
04:30:55.0444 4712 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys
04:30:55.0469 4712 AODDriver4.2 - ok
04:30:55.0514 4712 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
04:30:55.0636 4712 AppID - ok
04:30:55.0661 4712 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
04:30:55.0746 4712 AppIDSvc - ok
04:30:55.0781 4712 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
04:30:55.0846 4712 Appinfo - ok
04:30:55.0881 4712 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
04:30:55.0916 4712 AppMgmt - ok
04:30:55.0929 4712 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
04:30:55.0941 4712 arc - ok
04:30:55.0956 4712 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
04:30:55.0969 4712 arcsas - ok
04:30:56.0054 4712 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
04:30:56.0079 4712 AsIO - ok
04:30:56.0161 4712 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
04:30:56.0189 4712 aspnet_state - ok
04:30:56.0211 4712 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
04:30:56.0294 4712 AsyncMac - ok
04:30:56.0321 4712 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
04:30:56.0331 4712 atapi - ok
04:30:56.0351 4712 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
04:30:56.0381 4712 AtiHDAudioService - ok
04:30:56.0406 4712 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
04:30:56.0414 4712 AtiPcie - ok
04:30:56.0456 4712 [ B4BDE3F758A34658A37DFED3D9783CD8 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
04:30:56.0489 4712 atksgt - ok
04:30:56.0519 4712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:30:56.0579 4712 AudioEndpointBuilder - ok
04:30:56.0586 4712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
04:30:56.0611 4712 AudioSrv - ok
04:30:56.0816 4712 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG 2013\avgidsagent.exe
04:30:56.0889 4712 AVGIDSAgent - ok
04:30:56.0931 4712 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
04:30:56.0939 4712 AVGIDSDriver - ok
04:30:56.0979 4712 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
04:30:57.0006 4712 AVGIDSHA - ok
04:30:57.0029 4712 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
04:30:57.0059 4712 Avgldx64 - ok
04:30:57.0096 4712 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
04:30:57.0131 4712 Avgloga - ok
04:30:57.0171 4712 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
04:30:57.0201 4712 Avgmfx64 - ok
04:30:57.0229 4712 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
04:30:57.0256 4712 Avgrkx64 - ok
04:30:57.0279 4712 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
04:30:57.0304 4712 Avgtdia - ok
04:30:57.0331 4712 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG 2013\avgwdsvc.exe
04:30:57.0361 4712 avgwd - ok
04:30:57.0399 4712 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
04:30:57.0444 4712 AxInstSV - ok
04:30:57.0479 4712 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
04:30:57.0526 4712 b06bdrv - ok
04:30:57.0554 4712 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
04:30:57.0601 4712 b57nd60a - ok
04:30:57.0631 4712 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
04:30:57.0681 4712 BDESVC - ok
04:30:57.0704 4712 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
04:30:57.0771 4712 Beep - ok
04:30:57.0826 4712 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
04:30:57.0871 4712 BFE - ok
04:30:57.0931 4712 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
04:30:58.0039 4712 BITS - ok
04:30:58.0061 4712 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
04:30:58.0076 4712 blbdrive - ok
04:30:58.0114 4712 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
04:30:58.0159 4712 bowser - ok
04:30:58.0176 4712 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:30:58.0234 4712 BrFiltLo - ok
04:30:58.0241 4712 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:30:58.0254 4712 BrFiltUp - ok
04:30:58.0284 4712 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
04:30:58.0296 4712 Browser - ok
04:30:58.0311 4712 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
04:30:58.0346 4712 Brserid - ok
04:30:58.0359 4712 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
04:30:58.0379 4712 BrSerWdm - ok
04:30:58.0391 4712 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
04:30:58.0414 4712 BrUsbMdm - ok
04:30:58.0429 4712 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
04:30:58.0439 4712 BrUsbSer - ok
04:30:58.0459 4712 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
04:30:58.0474 4712 BTHMODEM - ok
04:30:58.0489 4712 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
04:30:58.0526 4712 bthserv - ok
04:30:58.0539 4712 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
04:30:58.0574 4712 cdfs - ok
04:30:58.0601 4712 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
04:30:58.0619 4712 cdrom - ok
04:30:58.0646 4712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
04:30:58.0699 4712 CertPropSvc - ok
04:30:58.0709 4712 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
04:30:58.0734 4712 circlass - ok
04:30:58.0761 4712 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
04:30:58.0776 4712 CLFS - ok
04:30:58.0816 4712 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:30:58.0829 4712 clr_optimization_v2.0.50727_32 - ok
04:30:58.0879 4712 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:30:58.0906 4712 clr_optimization_v2.0.50727_64 - ok
04:30:58.0956 4712 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:30:58.0984 4712 clr_optimization_v4.0.30319_32 - ok
04:30:58.0996 4712 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:30:59.0006 4712 clr_optimization_v4.0.30319_64 - ok
04:30:59.0021 4712 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
04:30:59.0056 4712 CmBatt - ok
04:30:59.0081 4712 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
04:30:59.0091 4712 cmdide - ok
04:30:59.0126 4712 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
04:30:59.0151 4712 CNG - ok
04:30:59.0166 4712 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
04:30:59.0174 4712 Compbatt - ok
04:30:59.0204 4712 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
04:30:59.0239 4712 CompositeBus - ok
04:30:59.0246 4712 COMSysApp - ok
04:30:59.0256 4712 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
04:30:59.0264 4712 crcdisk - ok
04:30:59.0296 4712 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
04:30:59.0324 4712 CryptSvc - ok
04:30:59.0364 4712 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
04:30:59.0434 4712 CSC - ok
04:30:59.0466 4712 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
04:30:59.0511 4712 CscService - ok
04:30:59.0569 4712 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
04:30:59.0591 4712 DAUpdaterSvc - ok
04:30:59.0634 4712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
04:30:59.0681 4712 DcomLaunch - ok
04:30:59.0714 4712 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
04:30:59.0759 4712 defragsvc - ok
04:30:59.0796 4712 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
04:30:59.0866 4712 DfsC - ok
04:30:59.0896 4712 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
04:30:59.0921 4712 Dhcp - ok
04:30:59.0931 4712 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
04:30:59.0971 4712 discache - ok
04:30:59.0994 4712 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
04:31:00.0004 4712 Disk - ok
04:31:00.0026 4712 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
04:31:00.0041 4712 Dnscache - ok
04:31:00.0074 4712 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
04:31:00.0159 4712 dot3svc - ok
04:31:00.0189 4712 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
04:31:00.0229 4712 DPS - ok
04:31:00.0261 4712 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
04:31:00.0304 4712 drmkaud - ok
04:31:00.0329 4712 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
04:31:00.0354 4712 DXGKrnl - ok
04:31:00.0374 4712 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
04:31:00.0396 4712 EapHost - ok
04:31:00.0481 4712 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
04:31:00.0554 4712 ebdrv - ok
04:31:00.0581 4712 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
04:31:00.0614 4712 EFS - ok
04:31:00.0674 4712 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
04:31:00.0709 4712 ehRecvr - ok
04:31:00.0739 4712 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
04:31:00.0774 4712 ehSched - ok
04:31:00.0806 4712 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
04:31:00.0826 4712 elxstor - ok
04:31:00.0851 4712 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
04:31:00.0866 4712 ErrDev - ok
04:31:00.0901 4712 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
04:31:00.0949 4712 EventSystem - ok
04:31:00.0966 4712 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
04:31:00.0996 4712 exfat - ok
04:31:01.0014 4712 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
04:31:01.0049 4712 fastfat - ok
04:31:01.0096 4712 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
04:31:01.0136 4712 Fax - ok
04:31:01.0151 4712 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
04:31:01.0161 4712 fdc - ok
04:31:01.0179 4712 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
04:31:01.0221 4712 fdPHost - ok
04:31:01.0231 4712 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
04:31:01.0254 4712 FDResPub - ok
04:31:01.0264 4712 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
04:31:01.0271 4712 FileInfo - ok
04:31:01.0284 4712 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
04:31:01.0311 4712 Filetrace - ok
04:31:01.0329 4712 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
04:31:01.0341 4712 flpydisk - ok
04:31:01.0359 4712 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
04:31:01.0369 4712 FltMgr - ok
04:31:01.0426 4712 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
04:31:01.0469 4712 FontCache - ok
04:31:01.0526 4712 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:31:01.0574 4712 FontCache3.0.0.0 - ok
04:31:01.0746 4712 [ 37C2FF67A2565286F1C1C1072BE74678 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
04:31:01.0759 4712 Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
04:31:01.0759 4712 Freemake Improver - detected UnsignedFile.Multi.Generic (1)
04:31:01.0774 4712 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
04:31:01.0801 4712 FsDepends - ok
04:31:01.0831 4712 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
04:31:01.0841 4712 Fs_Rec - ok
04:31:01.0934 4712 [ BD8B74DA98783BCDB410461E65868A60 ] Futuremark SystemInfo Service C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
04:31:01.0964 4712 Futuremark SystemInfo Service - ok
04:31:01.0999 4712 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
04:31:02.0041 4712 fvevol - ok
04:31:02.0059 4712 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
04:31:02.0071 4712 gagp30kx - ok
04:31:02.0106 4712 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
04:31:02.0166 4712 gpsvc - ok
04:31:02.0214 4712 GPU-Z - ok
04:31:02.0234 4712 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
04:31:02.0261 4712 hcw85cir - ok
04:31:02.0311 4712 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:31:02.0346 4712 HdAudAddService - ok
04:31:02.0386 4712 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
04:31:02.0429 4712 HDAudBus - ok
04:31:02.0439 4712 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
04:31:02.0451 4712 HidBatt - ok
04:31:02.0466 4712 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
04:31:02.0476 4712 HidBth - ok
04:31:02.0484 4712 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
04:31:02.0499 4712 HidIr - ok
04:31:02.0524 4712 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
04:31:02.0559 4712 hidserv - ok
04:31:02.0591 4712 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
04:31:02.0599 4712 HidUsb - ok
04:31:02.0644 4712 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
04:31:02.0696 4712 hkmsvc - ok
04:31:02.0721 4712 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
04:31:02.0744 4712 HomeGroupListener - ok
04:31:02.0774 4712 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
04:31:02.0799 4712 HomeGroupProvider - ok
04:31:02.0831 4712 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
04:31:02.0844 4712 HpSAMD - ok
04:31:02.0904 4712 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
04:31:02.0989 4712 HTTP - ok
04:31:03.0011 4712 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
04:31:03.0024 4712 hwpolicy - ok
04:31:03.0036 4712 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
04:31:03.0046 4712 i8042prt - ok
04:31:03.0079 4712 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
04:31:03.0096 4712 iaStorV - ok
04:31:03.0124 4712 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:31:03.0149 4712 idsvc - ok
04:31:03.0166 4712 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
04:31:03.0176 4712 iirsp - ok
04:31:03.0204 4712 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
04:31:03.0251 4712 IKEEXT - ok
04:31:03.0276 4712 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
04:31:03.0289 4712 intelide - ok
04:31:03.0304 4712 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
04:31:03.0314 4712 intelppm - ok
04:31:03.0351 4712 [ 733F61BC6995212518386812CE6FD40D ] ip100Avista C:\Windows\system32\DRIVERS\ipfnd51.sys
04:31:03.0374 4712 ip100Avista - ok
04:31:03.0399 4712 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
04:31:03.0469 4712 IPBusEnum - ok
04:31:03.0494 4712 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:31:03.0531 4712 IpFilterDriver - ok
04:31:03.0566 4712 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
04:31:03.0589 4712 iphlpsvc - ok
04:31:03.0601 4712 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
04:31:03.0609 4712 IPMIDRV - ok
04:31:03.0629 4712 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
04:31:03.0651 4712 IPNAT - ok
04:31:03.0671 4712 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
04:31:03.0694 4712 IRENUM - ok
04:31:03.0706 4712 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
04:31:03.0714 4712 isapnp - ok
04:31:03.0729 4712 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
04:31:03.0739 4712 iScsiPrt - ok
04:31:03.0794 4712 [ 4A8A242FDA43765F4F73ECDE2BA0D62A ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
04:31:03.0821 4712 JRAID - ok
04:31:03.0846 4712 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
04:31:03.0874 4712 kbdclass - ok
04:31:03.0891 4712 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
04:31:03.0911 4712 kbdhid - ok
04:31:03.0926 4712 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
04:31:03.0936 4712 KeyIso - ok
04:31:03.0966 4712 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
04:31:03.0979 4712 KSecDD - ok
04:31:04.0004 4712 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
04:31:04.0019 4712 KSecPkg - ok
04:31:04.0036 4712 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
04:31:04.0069 4712 ksthunk - ok
04:31:04.0089 4712 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
04:31:04.0134 4712 KtmRm - ok
04:31:04.0159 4712 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
04:31:04.0194 4712 LanmanServer - ok
04:31:04.0216 4712 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:31:04.0279 4712 LanmanWorkstation - ok
04:31:04.0329 4712 [ 955982BF4421B77722196552B62E8DC2 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
04:31:04.0359 4712 lirsgt - ok
04:31:04.0391 4712 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
04:31:04.0459 4712 lltdio - ok
04:31:04.0491 4712 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
04:31:04.0549 4712 lltdsvc - ok
04:31:04.0556 4712 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
04:31:04.0579 4712 lmhosts - ok
04:31:04.0594 4712 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
04:31:04.0604 4712 LSI_FC - ok
04:31:04.0616 4712 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
04:31:04.0624 4712 LSI_SAS - ok
04:31:04.0636 4712 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:31:04.0646 4712 LSI_SAS2 - ok
04:31:04.0659 4712 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:31:04.0669 4712 LSI_SCSI - ok
04:31:04.0694 4712 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
04:31:04.0724 4712 luafv - ok
04:31:04.0756 4712 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
04:31:04.0784 4712 Mcx2Svc - ok
04:31:04.0811 4712 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
04:31:04.0841 4712 megasas - ok
04:31:04.0874 4712 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
04:31:04.0916 4712 MegaSR - ok
04:31:04.0981 4712 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
04:31:05.0009 4712 Microsoft Office Groove Audit Service - ok
04:31:05.0021 4712 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
04:31:05.0064 4712 MMCSS - ok
04:31:05.0076 4712 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
04:31:05.0111 4712 Modem - ok
04:31:05.0121 4712 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
04:31:05.0136 4712 monitor - ok
04:31:05.0151 4712 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
04:31:05.0159 4712 mouclass - ok
04:31:05.0179 4712 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
04:31:05.0196 4712 mouhid - ok
04:31:05.0224 4712 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
04:31:05.0251 4712 mountmgr - ok
04:31:05.0314 4712 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
04:31:05.0341 4712 MozillaMaintenance - ok
04:31:05.0369 4712 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
04:31:05.0381 4712 mpio - ok
04:31:05.0396 4712 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
04:31:05.0429 4712 mpsdrv - ok
04:31:05.0469 4712 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
04:31:05.0539 4712 MpsSvc - ok
04:31:05.0569 4712 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
04:31:05.0614 4712 MRxDAV - ok
04:31:05.0644 4712 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
04:31:05.0689 4712 mrxsmb - ok
04:31:05.0724 4712 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:31:05.0749 4712 mrxsmb10 - ok
04:31:05.0779 4712 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:31:05.0789 4712 mrxsmb20 - ok
04:31:05.0816 4712 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
04:31:05.0844 4712 msahci - ok
04:31:05.0871 4712 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
04:31:05.0884 4712 msdsm - ok
04:31:05.0899 4712 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
04:31:05.0921 4712 MSDTC - ok
04:31:05.0929 4712 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
04:31:05.0961 4712 Msfs - ok
04:31:05.0971 4712 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
04:31:06.0001 4712 mshidkmdf - ok
04:31:06.0024 4712 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
04:31:06.0031 4712 msisadrv - ok
04:31:06.0066 4712 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
04:31:06.0136 4712 MSiSCSI - ok
04:31:06.0139 4712 msiserver - ok
04:31:06.0169 4712 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
04:31:06.0206 4712 MSKSSRV - ok
04:31:06.0221 4712 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
04:31:06.0244 4712 MSPCLOCK - ok
04:31:06.0251 4712 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
04:31:06.0276 4712 MSPQM - ok
04:31:06.0306 4712 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
04:31:06.0319 4712 MsRPC - ok
04:31:06.0334 4712 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
04:31:06.0341 4712 mssmbios - ok
04:31:06.0356 4712 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
04:31:06.0389 4712 MSTEE - ok
04:31:06.0399 4712 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
04:31:06.0416 4712 MTConfig - ok
04:31:06.0456 4712 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
04:31:06.0481 4712 MTsensor - ok
04:31:06.0504 4712 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
04:31:06.0519 4712 Mup - ok
04:31:06.0551 4712 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
04:31:06.0584 4712 napagent - ok
04:31:06.0616 4712 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
04:31:06.0661 4712 NativeWifiP - ok
04:31:06.0696 4712 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
04:31:06.0724 4712 NDIS - ok
04:31:06.0746 4712 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
04:31:06.0769 4712 NdisCap - ok
04:31:06.0781 4712 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
04:31:06.0824 4712 NdisTapi - ok
04:31:06.0849 4712 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
04:31:06.0869 4712 Ndisuio - ok
04:31:06.0884 4712 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
04:31:06.0906 4712 NdisWan - ok
04:31:06.0931 4712 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
04:31:06.0959 4712 NDProxy - ok
04:31:06.0966 4712 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
04:31:06.0994 4712 NetBIOS - ok
04:31:07.0016 4712 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
04:31:07.0094 4712 NetBT - ok
04:31:07.0114 4712 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
04:31:07.0124 4712 Netlogon - ok
04:31:07.0156 4712 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
04:31:07.0204 4712 Netman - ok
04:31:07.0259 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:31:07.0289 4712 NetMsmqActivator - ok
04:31:07.0299 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:31:07.0309 4712 NetPipeActivator - ok
04:31:07.0326 4712 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
04:31:07.0361 4712 netprofm - ok
04:31:07.0366 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:31:07.0376 4712 NetTcpActivator - ok
04:31:07.0381 4712 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
04:31:07.0391 4712 NetTcpPortSharing - ok
04:31:07.0416 4712 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
04:31:07.0429 4712 nfrd960 - ok
04:31:07.0451 4712 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
04:31:07.0479 4712 NlaSvc - ok
04:31:07.0534 4712 [ C31FA031335EFF434B2D94278E74BCCE ] npf C:\Windows\system32\drivers\npf.sys
04:31:07.0561 4712 npf - ok
04:31:07.0579 4712 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
04:31:07.0636 4712 Npfs - ok
04:31:07.0656 4712 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
04:31:07.0689 4712 nsi - ok
04:31:07.0694 4712 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
04:31:07.0729 4712 nsiproxy - ok
04:31:07.0789 4712 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
04:31:07.0831 4712 Ntfs - ok
04:31:07.0841 4712 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
04:31:07.0876 4712 Null - ok
04:31:07.0914 4712 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
04:31:07.0919 4712 nusb3hub - ok
04:31:07.0929 4712 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
04:31:07.0936 4712 nusb3xhc - ok
04:31:07.0961 4712 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
04:31:07.0971 4712 nvraid - ok
04:31:07.0984 4712 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
04:31:07.0991 4712 nvstor - ok
04:31:08.0034 4712 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
04:31:08.0041 4712 nv_agp - ok
04:31:08.0109 4712 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:31:08.0151 4712 odserv - ok
04:31:08.0176 4712 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
04:31:08.0196 4712 ohci1394 - ok
04:31:08.0236 4712 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:31:08.0249 4712 ose - ok
04:31:08.0279 4712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
04:31:08.0294 4712 p2pimsvc - ok
04:31:08.0309 4712 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
04:31:08.0324 4712 p2psvc - ok
04:31:08.0339 4712 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
04:31:08.0349 4712 Parport - ok
04:31:08.0381 4712 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
04:31:08.0391 4712 partmgr - ok
04:31:08.0404 4712 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
04:31:08.0429 4712 PcaSvc - ok
04:31:08.0439 4712 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
04:31:08.0446 4712 pci - ok
04:31:08.0461 4712 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
04:31:08.0466 4712 pciide - ok
04:31:08.0489 4712 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
04:31:08.0499 4712 pcmcia - ok
04:31:08.0509 4712 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
04:31:08.0516 4712 pcw - ok
04:31:08.0529 4712 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
04:31:08.0569 4712 PEAUTH - ok
04:31:08.0604 4712 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
04:31:08.0631 4712 PeerDistSvc - ok
04:31:08.0689 4712 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
04:31:08.0731 4712 PerfHost - ok
04:31:08.0784 4712 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
04:31:08.0844 4712 pla - ok
04:31:08.0889 4712 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
04:31:08.0916 4712 PlugPlay - ok
04:31:08.0929 4712 PnkBstrA - ok
04:31:08.0934 4712 PnkBstrB - ok
04:31:08.0944 4712 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
04:31:08.0966 4712 PNRPAutoReg - ok
04:31:08.0971 4712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
04:31:08.0986 4712 PNRPsvc - ok
04:31:09.0014 4712 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys
04:31:09.0026 4712 Point64 - ok
04:31:09.0059 4712 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
04:31:09.0136 4712 PolicyAgent - ok
04:31:09.0159 4712 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
04:31:09.0206 4712 Power - ok
04:31:09.0234 4712 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
04:31:09.0312 4712 PptpMiniport - ok
04:31:09.0322 4712 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
04:31:09.0344 4712 Processor - ok
04:31:09.0382 4712 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
04:31:09.0412 4712 ProfSvc - ok
04:31:09.0439 4712 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
04:31:09.0452 4712 ProtectedStorage - ok
04:31:09.0492 4712 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
04:31:09.0557 4712 Psched - ok
04:31:09.0582 4712 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
04:31:09.0609 4712 ql2300 - ok
04:31:09.0619 4712 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
04:31:09.0629 4712 ql40xx - ok
04:31:09.0669 4712 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
04:31:09.0724 4712 QWAVE - ok
04:31:09.0729 4712 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
04:31:09.0754 4712 QWAVEdrv - ok
04:31:09.0769 4712 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
04:31:09.0802 4712 RasAcd - ok
04:31:09.0824 4712 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
04:31:09.0847 4712 RasAgileVpn - ok
04:31:09.0854 4712 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
04:31:09.0877 4712 RasAuto - ok
04:31:09.0904 4712 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
04:31:09.0944 4712 Rasl2tp - ok
04:31:09.0974 4712 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
04:31:10.0004 4712 RasMan - ok
04:31:10.0022 4712 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
04:31:10.0052 4712 RasPppoe - ok
04:31:10.0062 4712 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
04:31:10.0084 4712 RasSstp - ok
04:31:10.0097 4712 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
04:31:10.0122 4712 rdbss - ok
04:31:10.0129 4712 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
04:31:10.0147 4712 rdpbus - ok
04:31:10.0157 4712 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
04:31:10.0177 4712 RDPCDD - ok
04:31:10.0204 4712 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
04:31:10.0214 4712 RDPDR - ok
04:31:10.0234 4712 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
04:31:10.0262 4712 RDPENCDD - ok
04:31:10.0272 4712 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
04:31:10.0294 4712 RDPREFMP - ok
04:31:10.0339 4712 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
04:31:10.0359 4712 RdpVideoMiniport - ok
04:31:10.0392 4712 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
04:31:10.0434 4712 RDPWD - ok
04:31:10.0462 4712 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
04:31:10.0474 4712 rdyboost - ok
04:31:10.0499 4712 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
04:31:10.0537 4712 RemoteAccess - ok
04:31:10.0559 4712 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
04:31:10.0589 4712 RemoteRegistry - ok
04:31:10.0619 4712 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
04:31:10.0674 4712 RpcEptMapper - ok
04:31:10.0702 4712 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
04:31:10.0714 4712 RpcLocator - ok
04:31:10.0749 4712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
04:31:10.0799 4712 RpcSs - ok
04:31:10.0852 4712 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
04:31:10.0932 4712 rspndr - ok
04:31:10.0974 4712 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
04:31:10.0989 4712 RTL8167 - ok
04:31:11.0017 4712 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
04:31:11.0042 4712 s3cap - ok
04:31:11.0054 4712 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
04:31:11.0064 4712 SamSs - ok
04:31:11.0082 4712 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
04:31:11.0094 4712 sbp2port - ok
04:31:11.0107 4712 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
04:31:11.0142 4712 SCardSvr - ok
04:31:11.0164 4712 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
04:31:11.0194 4712 scfilter - ok
04:31:11.0259 4712 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
04:31:11.0317 4712 Schedule - ok
04:31:11.0337 4712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
04:31:11.0359 4712 SCPolicySvc - ok
04:31:11.0369 4712 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
04:31:11.0392 4712 SDRSVC - ok
04:31:11.0487 4712 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
04:31:11.0512 4712 SDScannerService - ok
04:31:11.0552 4712 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
04:31:11.0584 4712 SDUpdateService - ok
04:31:11.0594 4712 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
04:31:11.0604 4712 SDWSCService - ok
04:31:11.0622 4712 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
04:31:11.0657 4712 secdrv - ok
04:31:11.0682 4712 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
04:31:11.0709 4712 seclogon - ok
04:31:11.0727 4712 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
04:31:11.0749 4712 SENS - ok
04:31:11.0759 4712 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
04:31:11.0777 4712 SensrSvc - ok
04:31:11.0792 4712 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
04:31:11.0799 4712 Serenum - ok
04:31:11.0809 4712 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
04:31:11.0817 4712 Serial - ok
04:31:11.0837 4712 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
04:31:11.0844 4712 sermouse - ok
04:31:11.0877 4712 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
04:31:11.0932 4712 SessionEnv - ok
04:31:11.0962 4712 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
04:31:11.0992 4712 sffdisk - ok
04:31:12.0002 4712 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
04:31:12.0034 4712 sffp_mmc - ok
04:31:12.0037 4712 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
04:31:12.0054 4712 sffp_sd - ok
04:31:12.0074 4712 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
04:31:12.0099 4712 sfloppy - ok
04:31:12.0112 4712 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
04:31:12.0149 4712 SharedAccess - ok
04:31:12.0179 4712 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:31:12.0234 4712 ShellHWDetection - ok
04:31:12.0252 4712 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:31:12.0259 4712 SiSRaid2 - ok
04:31:12.0274 4712 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
04:31:12.0282 4712 SiSRaid4 - ok
04:31:12.0327 4712 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
04:31:12.0339 4712 SkypeUpdate - ok
04:31:12.0369 4712 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
04:31:12.0407 4712 Smb - ok
04:31:12.0434 4712 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
04:31:12.0447 4712 SNMPTRAP - ok
04:31:12.0492 4712 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys
04:31:12.0517 4712 speedfan - ok
04:31:12.0527 4712 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
04:31:12.0557 4712 spldr - ok
04:31:12.0604 4712 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
04:31:12.0652 4712 Spooler - ok
04:31:12.0727 4712 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
04:31:12.0807 4712 sppsvc - ok
04:31:12.0822 4712 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
04:31:12.0852 4712 sppuinotify - ok
04:31:12.0862 4712 sptd - ok
04:31:12.0902 4712 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
04:31:12.0919 4712 srv - ok
04:31:12.0937 4712 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
04:31:12.0954 4712 srv2 - ok
04:31:12.0964 4712 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
04:31:12.0977 4712 srvnet - ok
04:31:13.0002 4712 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
04:31:13.0034 4712 SSDPSRV - ok
04:31:13.0044 4712 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
04:31:13.0067 4712 SstpSvc - ok
04:31:13.0102 4712 [ C270C64B4F6CA87DAC2D7F68ED57A141 ] stdriver C:\Windows\system32\DRIVERS\stdriver64.sys
04:31:13.0109 4712 stdriver - ok
04:31:13.0127 4712 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
04:31:13.0134 4712 stexstor - ok
04:31:13.0187 4712 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
04:31:13.0227 4712 stisvc - ok
04:31:13.0249 4712 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
04:31:13.0259 4712 storflt - ok
04:31:13.0277 4712 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
04:31:13.0294 4712 StorSvc - ok
04:31:13.0304 4712 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
04:31:13.0314 4712 storvsc - ok
04:31:13.0329 4712 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
04:31:13.0337 4712 swenum - ok
04:31:13.0357 4712 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
04:31:13.0394 4712 swprv - ok
04:31:13.0467 4712 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
04:31:13.0509 4712 SysMain - ok
04:31:13.0537 4712 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:31:13.0554 4712 TabletInputService - ok
04:31:13.0574 4712 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
04:31:13.0604 4712 TapiSrv - ok
04:31:13.0622 4712 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
04:31:13.0662 4712 TBS - ok
04:31:13.0704 4712 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
04:31:13.0737 4712 Tcpip - ok
04:31:13.0764 4712 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
04:31:13.0789 4712 TCPIP6 - ok
04:31:13.0804 4712 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
04:31:13.0812 4712 tcpipreg - ok
04:31:13.0822 4712 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
04:31:13.0834 4712 TDPIPE - ok
04:31:13.0859 4712 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
04:31:13.0874 4712 TDTCP - ok
04:31:13.0904 4712 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
04:31:13.0967 4712 tdx - ok
04:31:13.0979 4712 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
04:31:13.0987 4712 TermDD - ok
04:31:14.0019 4712 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
04:31:14.0049 4712 TermService - ok
04:31:14.0062 4712 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
04:31:14.0079 4712 Themes - ok
04:31:14.0092 4712 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
04:31:14.0112 4712 THREADORDER - ok
04:31:14.0129 4712 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
04:31:14.0159 4712 TrkWks - ok
04:31:14.0204 4712 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:31:14.0269 4712 TrustedInstaller - ok
04:31:14.0299 4712 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
04:31:14.0319 4712 tssecsrv - ok
04:31:14.0364 4712 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
04:31:14.0394 4712 TsUsbFlt - ok
04:31:14.0434 4712 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
04:31:14.0482 4712 tunnel - ok
04:31:14.0519 4712 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
04:31:14.0544 4712 uagp35 - ok
04:31:14.0577 4712 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
04:31:14.0624 4712 udfs - ok
04:31:14.0649 4712 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
04:31:14.0662 4712 UI0Detect - ok
04:31:14.0669 4712 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
04:31:14.0682 4712 uliagpkx - ok
04:31:14.0714 4712 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
04:31:14.0734 4712 umbus - ok
04:31:14.0747 4712 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
04:31:14.0757 4712 UmPass - ok
04:31:14.0769 4712 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
04:31:14.0782 4712 UmRdpService - ok
04:31:14.0797 4712 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
04:31:14.0842 4712 upnphost - ok
04:31:14.0872 4712 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
04:31:14.0879 4712 usbccgp - ok
04:31:14.0917 4712 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
04:31:14.0947 4712 usbcir - ok
04:31:14.0972 4712 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
04:31:14.0987 4712 usbehci - ok
04:31:15.0017 4712 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
04:31:15.0024 4712 usbfilter - ok
04:31:15.0062 4712 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
04:31:15.0094 4712 usbhub - ok
04:31:15.0107 4712 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
04:31:15.0124 4712 usbohci - ok
04:31:15.0139 4712 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
04:31:15.0159 4712 usbprint - ok
04:31:15.0192 4712 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:31:15.0204 4712 USBSTOR - ok
04:31:15.0229 4712 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
04:31:15.0254 4712 usbuhci - ok
04:31:15.0272 4712 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
04:31:15.0322 4712 UxSms - ok
04:31:15.0359 4712 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
04:31:15.0387 4712 VaultSvc - ok
04:31:15.0412 4712 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
04:31:15.0422 4712 vdrvroot - ok
04:31:15.0452 4712 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
04:31:15.0487 4712 vds - ok
04:31:15.0499 4712 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
04:31:15.0509 4712 vga - ok
04:31:15.0527 4712 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
04:31:15.0559 4712 VgaSave - ok
04:31:15.0572 4712 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
04:31:15.0582 4712 vhdmp - ok
04:31:15.0652 4712 [ DFDF7F9CAA50EE72A633EA4BBD65A557 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
04:31:15.0697 4712 VIAHdAudAddService - ok
04:31:15.0712 4712 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
04:31:15.0722 4712 viaide - ok
04:31:15.0747 4712 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
04:31:15.0759 4712 vmbus - ok
04:31:15.0774 4712 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
04:31:15.0807 4712 VMBusHID - ok
04:31:15.0817 4712 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
04:31:15.0829 4712 volmgr - ok
04:31:15.0862 4712 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
04:31:15.0879 4712 volmgrx - ok
04:31:15.0892 4712 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
04:31:15.0909 4712 volsnap - ok
04:31:15.0989 4712 [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
04:31:16.0024 4712 vpnagent - ok
04:31:16.0057 4712 [ BE7FE15AC90B9F02CBE011AE2426DD0F ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
04:31:16.0082 4712 vpnva - ok
04:31:16.0102 4712 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
04:31:16.0114 4712 vsmraid - ok
04:31:16.0164 4712 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
04:31:16.0217 4712 VSS - ok
04:31:16.0232 4712 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
04:31:16.0249 4712 vwifibus - ok
04:31:16.0264 4712 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
04:31:16.0292 4712 W32Time - ok
04:31:16.0307 4712 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
04:31:16.0319 4712 WacomPen - ok
04:31:16.0339 4712 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
04:31:16.0374 4712 WANARP - ok
04:31:16.0377 4712 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
04:31:16.0397 4712 Wanarpv6 - ok
04:31:16.0459 4712 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
04:31:16.0494 4712 wbengine - ok
04:31:16.0529 4712 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
04:31:16.0564 4712 WbioSrvc - ok
04:31:16.0592 4712 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
04:31:16.0622 4712 wcncsvc - ok
04:31:16.0629 4712 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:31:16.0637 4712 WcsPlugInService - ok
04:31:16.0669 4712 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
04:31:16.0677 4712 Wd - ok
04:31:16.0722 4712 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
04:31:16.0757 4712 Wdf01000 - ok
04:31:16.0772 4712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
04:31:16.0792 4712 WdiServiceHost - ok
04:31:16.0794 4712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
04:31:16.0804 4712 WdiSystemHost - ok
04:31:16.0834 4712 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
04:31:16.0859 4712 WebClient - ok
04:31:16.0889 4712 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll
04:31:16.0927 4712 Wecsvc - ok
04:31:16.0939 4712 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
04:31:16.0982 4712 wercplsupport - ok
04:31:17.0007 4712 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
04:31:17.0029 4712 WerSvc - ok
04:31:17.0039 4712 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
04:31:17.0059 4712 WfpLwf - ok
04:31:17.0064 4712 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
04:31:17.0072 4712 WIMMount - ok
04:31:17.0147 4712 [ 835D6E72637A35A84889D7721019BD91 ] WinAutomation Service C:\Program Files\WinAutomation\WinAutomation.ServiceAgent.exe
04:31:17.0167 4712 WinAutomation Service ( UnsignedFile.Multi.Generic ) - warning
04:31:17.0167 4712 WinAutomation Service - detected UnsignedFile.Multi.Generic (1)
04:31:17.0182 4712 WinDefend - ok
04:31:17.0194 4712 WinHttpAutoProxySvc - ok
04:31:17.0242 4712 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
04:31:17.0272 4712 Winmgmt - ok
04:31:17.0359 4712 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll
04:31:17.0409 4712 WinRM - ok
04:31:17.0432 4712 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
04:31:17.0452 4712 WinUsb - ok
04:31:17.0479 4712 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
04:31:17.0509 4712 Wlansvc - ok
04:31:17.0547 4712 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
04:31:17.0564 4712 WmiAcpi - ok
04:31:17.0607 4712 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
04:31:17.0644 4712 wmiApSrv - ok
04:31:17.0657 4712 WMPNetworkSvc - ok
04:31:17.0677 4712 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
04:31:17.0689 4712 WPCSvc - ok
04:31:17.0722 4712 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
04:31:17.0734 4712 WPDBusEnum - ok
04:31:17.0747 4712 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
04:31:17.0774 4712 ws2ifsl - ok
04:31:17.0787 4712 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
04:31:17.0809 4712 wscsvc - ok
04:31:17.0852 4712 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
04:31:17.0889 4712 WSDPrintDevice - ok
04:31:17.0927 4712 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
04:31:17.0942 4712 WSDScan - ok
04:31:17.0944 4712 WSearch - ok
04:31:18.0027 4712 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
04:31:18.0077 4712 wuauserv - ok
04:31:18.0099 4712 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
04:31:18.0119 4712 WudfPf - ok
04:31:18.0142 4712 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
04:31:18.0162 4712 WUDFRd - ok
04:31:18.0187 4712 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
04:31:18.0204 4712 wudfsvc - ok
04:31:18.0229 4712 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
04:31:18.0242 4712 WwanSvc - ok
04:31:18.0259 4712 ================ Scan global ===============================
04:31:18.0279 4712 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
04:31:18.0304 4712 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
04:31:18.0319 4712 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
04:31:18.0354 4712 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
04:31:18.0377 4712 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
04:31:18.0379 4712 [Global] - ok
04:31:18.0379 4712 ================ Scan MBR ==================================
04:31:18.0389 4712 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
04:31:18.0572 4712 \Device\Harddisk0\DR0 - ok
04:31:18.0582 4712 [ 180DBDE3AF7EA48B3DB3AC27B1DDF401 ] \Device\Harddisk1\DR1
04:31:18.0912 4712 \Device\Harddisk1\DR1 - ok
04:31:18.0912 4712 ================ Scan VBR ==================================
04:31:18.0919 4712 [ A53C107BD317E979DAD6BB93774177B0 ] \Device\Harddisk0\DR0\Partition1
04:31:18.0922 4712 \Device\Harddisk0\DR0\Partition1 - ok
04:31:18.0949 4712 [ 42FB7E37A4708B7A622458A7D94D2DE7 ] \Device\Harddisk0\DR0\Partition2
04:31:18.0952 4712 \Device\Harddisk0\DR0\Partition2 - ok
04:31:18.0964 4712 [ EB6CD6E7AE47D9CA0C0478C056B40B1D ] \Device\Harddisk0\DR0\Partition3
04:31:18.0967 4712 \Device\Harddisk0\DR0\Partition3 - ok
04:31:18.0969 4712 [ EAE3E893465C0DE9BBF892211262D047 ] \Device\Harddisk1\DR1\Partition1
04:31:18.0972 4712 \Device\Harddisk1\DR1\Partition1 - ok
04:31:18.0972 4712 ============================================================
04:31:18.0972 4712 Scan finished
04:31:18.0972 4712 ============================================================
04:31:18.0984 3052 Detected object count: 2
04:31:18.0984 3052 Actual detected object count: 2
04:34:01.0922 3052 Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
04:34:01.0922 3052 Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:34:01.0922 3052 WinAutomation Service ( UnsignedFile.Multi.Generic ) - skipped by user
04:34:01.0922 3052 WinAutomation Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
04:36:09.0270 4296 Deinitialize success
|
|
23.01.2013, 14:36
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC sauber? Spybot kann Funde nicht bereinigen Ist unauffällig  adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.01.2013, 19:57
| #11 |
| | PC sauber? Spybot kann Funde nicht bereinigen AdwCleaner Code:
ATTFilter # AdwCleaner v2.107 - Datei am 23/01/2013 um 19:55:50 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Oraleva - NIGHTFALL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Oraleva\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\2aeb906629509643
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Schlüssel Gefunden : HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\Oraleva\AppData\Roaming\Mozilla\Firefox\Profiles\q9kd1fj1.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1333 octets] - [23/01/2013 19:55:50]
########## EOF - C:\AdwCleaner[R1].txt - [1393 octets] ##########
|
|
23.01.2013, 21:00
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC sauber? Spybot kann Funde nicht bereinigen adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.01.2013, 06:50
| #13 |
| | PC sauber? Spybot kann Funde nicht bereinigen AdwCleaner Code:
ATTFilter # AdwCleaner v2.107 - Datei am 24/01/2013 um 04:51:23 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Oraleva - NIGHTFALL
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Oraleva\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\2aeb906629509643
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\Oraleva\AppData\Roaming\Mozilla\Firefox\Profiles\q9kd1fj1.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1458 octets] - [23/01/2013 19:55:50]
AdwCleaner[S1].txt - [1233 octets] - [24/01/2013 04:51:23]
########## EOF - C:\AdwCleaner[S1].txt - [1293 octets] ##########
Code:
ATTFilter OTL logfile created on: 24.01.2013 05:57:47 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,95 Gb Available Physical Memory | 74,38% Memory free 15,99 Gb Paging File | 13,76 Gb Available in Paging File | 86,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 21,54 Gb Free Space | 22,08% Space Free | Partition Type: NTFS Drive D: | 833,86 Gb Total Space | 59,98 Gb Free Space | 7,19% Space Free | Partition Type: NTFS Drive I: | 1863,01 Gb Total Space | 1148,28 Gb Free Space | 61,64% Space Free | Partition Type: NTFS Computer Name: NIGHTFALL | User Name: Oraleva | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - D:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\AVG 2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\AVG 2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake) PRC - C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group) PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Treiber\EPU\EPU.exe ( ASUSTeK Computer Inc.) PRC - C:\Windows\DAODx.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Treiber\EPU\pngio.dll () MOD - C:\Treiber\EPU\AsSpindownTimeout.dll () MOD - C:\Windows\SysWOW64\AsIO.dll () MOD - C:\Treiber\EPU\AsusService.dll () MOD - C:\Windows\DAODx.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG 2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG 2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake) SRV - (WinAutomation Service) -- C:\Programme\WinAutomation\WinAutomation.ServiceAgent.exe (Softomotive) SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DAUpdaterSvc) -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (stdriver) -- C:\Windows\SysNative\drivers\stdriver64.sys (NCH Software) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ip100Avista) -- C:\Windows\SysNative\drivers\ipfnd51.sys (IC Plus Corp. ) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices) DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (AODDriver4.2) -- C:\Programme\ATI\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsi Software GmbH) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 4E 67 51 BA D5 CB 01 [binary data] IE - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.4 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:1.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com')%20%7B%20return%20'PROXY%20us04.personalitycores.com%3A8000%3B%20PROXY%20us01.personalitycores.com%3A8000%3B%20PROXY%20us02.personalitycores.com%3A8000'%3B%7D%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.11 17:38:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 04:08:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 04:08:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 04:08:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 04:08:56 | 000,000,000 | ---D | M] [2011.02.26 14:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Extensions [2013.01.21 20:33:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Firefox\Profiles\q9kd1fj1.default\extensions [2013.01.11 17:54:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Oraleva\AppData\Roaming\mozilla\Firefox\Profiles\q9kd1fj1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.01.21 20:33:48 | 000,315,066 | ---- | M] () (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\firefox\profiles\q9kd1fj1.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013.01.07 15:56:49 | 000,713,793 | ---- | M] () (No name found) -- C:\Users\Oraleva\AppData\Roaming\mozilla\firefox\profiles\q9kd1fj1.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013.01.19 04:08:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 04:08:56 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.01.11 17:38:03 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2013.01.19 04:08:58 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.10 17:46:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 14:36:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.10 17:46:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.11.10 17:46:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.10 17:46:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.10 17:46:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.01.14 22:54:29 | 000,888,494 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 15286 more lines... O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer64.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Programme\Classic Shell\ClassicExplorer32.dll (IvoSoft) O3 - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Programme\Classic Shell\ClassicStartMenu.exe (IvoSoft) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [Six Engine] C:\Treiber\EPU\EPU.exe ( ASUSTeK Computer Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000..\Run: [FreeCT] C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files (x86)\Portable Offline Browser\Add_UrlO.htm () O8:64bit: - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files (x86)\Portable Offline Browser\Add_AllO.htm () O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files (x86)\Portable Offline Browser\Add_UrlO.htm () O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files (x86)\Portable Offline Browser\Add_AllO.htm () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites) O15 - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.10.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0991080A-0A03-479D-9950-7F865179AD56}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72E52CF6-1902-46CB-8434-BE0DB963E4A2}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-2658519919-3558309176-2021733753-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d668de71-e08e-11e1-81fa-bcaec52abc04}\Shell - "" = AutoRun O33 - MountPoints2\{d668de71-e08e-11e1-81fa-bcaec52abc04}\Shell\AutoRun\command - "" = E:\autorun.exe O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.23 19:47:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeCountdownTimer [2013.01.23 19:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign [2013.01.23 19:43:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.01.23 19:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL [2013.01.19 19:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.01.19 19:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.01.19 19:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.01.19 19:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013.01.19 19:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI [2013.01.19 04:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.18 15:23:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.18 15:23:42 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.18 15:23:42 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.11 15:31:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.01.10 17:19:51 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.10 17:19:51 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.10 17:19:51 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.10 17:19:51 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.10 17:19:51 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.10 17:19:51 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.10 17:19:51 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.10 17:19:51 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.10 17:19:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.10 17:19:51 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.10 17:19:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.10 17:19:51 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.10 17:19:51 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.10 17:19:51 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.10 17:19:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.10 17:19:51 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.10 17:19:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.10 17:19:51 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.10 17:19:51 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.10 17:19:51 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.10 17:19:51 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.10 17:19:51 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.10 17:19:51 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.10 17:19:51 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.10 17:19:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.10 17:19:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.10 17:19:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.10 17:19:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.10 17:19:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.10 17:19:51 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.10 17:19:51 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.10 17:19:51 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.10 17:19:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.10 17:19:41 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.10 17:19:41 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.10 17:19:41 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.10 17:19:41 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.10 17:19:41 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.10 17:19:41 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.10 17:19:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.10 17:19:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.10 17:19:41 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.10 17:19:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.10 17:19:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.10 17:19:41 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.10 17:19:41 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.10 17:19:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.10 17:19:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.10 17:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.10 17:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.10 17:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.10 17:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.10 17:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.10 17:19:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.10 17:19:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.10 17:19:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.10 17:19:40 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.10 17:19:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.10 17:19:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.10 17:19:40 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.10 17:19:40 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.10 17:19:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.10 17:19:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.10 17:19:34 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.10 17:19:34 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.10 17:19:34 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.10 17:19:18 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.04 13:34:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013.01.04 13:34:23 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013.01.04 13:34:23 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013.01.04 13:34:23 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013.01.03 21:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.01.03 21:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.01.03 21:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.01.03 21:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.24 05:59:46 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 05:59:46 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 05:52:31 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job [2013.01.24 05:52:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.24 05:52:22 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys [2013.01.23 18:35:59 | 001,622,012 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.23 18:35:59 | 000,700,358 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.23 18:35:59 | 000,655,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.23 18:35:59 | 000,149,154 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.23 18:35:59 | 000,121,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.22 09:03:30 | 000,000,020 | ---- | M] () -- C:\Users\Oraleva\defogger_reenable [2013.01.22 04:42:33 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 2 Deluxe Edition.lnk [2013.01.15 15:35:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.14 22:54:29 | 000,888,494 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.01.12 03:30:18 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.01.12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.01.11 15:31:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.01.11 15:24:07 | 000,415,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 17:27:53 | 001,598,970 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.03 21:20:21 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.03 21:20:21 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.23 19:46:53 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job [2013.01.22 09:03:30 | 000,000,020 | ---- | C] () -- C:\Users\Oraleva\defogger_reenable [2013.01.22 04:42:33 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 2 Deluxe Edition.lnk [2013.01.03 21:31:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2012.12.20 17:32:04 | 000,007,609 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\Resmon.ResmonCfg [2012.11.07 15:49:00 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2012.08.07 20:20:49 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.08.07 20:20:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.06.21 09:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.06.11 05:18:14 | 000,019,002 | ---- | C] () -- C:\Users\Oraleva\.recently-used.xbel [2012.05.24 22:09:56 | 000,114,688 | ---- | C] () -- C:\Windows\Lavish.dll [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.03.31 15:00:29 | 000,010,639 | ---- | C] () -- C:\Users\Oraleva\WiehlerZ_elster_2048.pfx [2012.02.29 08:28:08 | 000,000,798 | ---- | C] () -- C:\Windows\wiso.ini [2012.02.19 18:46:33 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2012.02.19 18:46:33 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2012.01.06 21:49:45 | 000,000,393 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\HamsterVideoConverterSettings.cfg [2012.01.06 20:11:52 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.01.06 20:11:52 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.01.06 20:11:52 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.01.06 20:11:52 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2012.01.06 20:11:51 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.01.06 19:23:55 | 000,007,680 | ---- | C] () -- C:\Users\Oraleva\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.12 18:00:09 | 000,001,526 | ---- | C] () -- C:\Users\Oraleva\AppData\Roaming\No23 Recorder.lnk [2011.11.08 16:21:36 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.06.24 23:33:01 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2011.06.24 23:33:00 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2011.06.24 23:33:00 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2011.06.24 23:11:35 | 000,027,089 | ---- | C] () -- C:\Windows\DIIUnin.dat [2011.04.02 13:03:14 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyserv.dll [2011.04.02 13:03:14 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyusb1.dll [2011.04.02 13:03:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhbn3.dll [2011.04.02 13:03:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomc.dll [2011.04.02 13:03:14 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypmui.dll [2011.04.02 13:03:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcylmpm.dll [2011.04.02 13:03:14 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycoms.exe [2011.04.02 13:03:14 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomm.dll [2011.04.02 13:03:14 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyinpa.dll [2011.04.02 13:03:14 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyiesc.dll [2011.04.02 13:03:14 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyih.exe [2011.04.02 13:03:14 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcycomx.dll [2011.04.02 13:03:14 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycfg.exe [2011.04.02 13:03:14 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcyinst.dll [2011.04.02 13:03:14 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyppls.exe [2011.04.02 13:03:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyprox.dll [2011.04.02 13:03:14 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypplc.dll [2011.03.20 18:51:08 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2011.03.08 13:08:07 | 001,598,970 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.01 19:12:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.26 01:17:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.02.26 00:30:19 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011.02.26 00:30:19 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011.02.26 00:30:17 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011.02.26 00:30:17 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011.02.25 23:55:21 | 000,030,974 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.02.25 23:52:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.01.2013 05:57:47 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 5,95 Gb Available Physical Memory | 74,38% Memory free
15,99 Gb Paging File | 13,76 Gb Available in Paging File | 86,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 21,54 Gb Free Space | 22,08% Space Free | Partition Type: NTFS
Drive D: | 833,86 Gb Total Space | 59,98 Gb Free Space | 7,19% Space Free | Partition Type: NTFS
Drive I: | 1863,01 Gb Total Space | 1148,28 Gb Free Space | 61,64% Space Free | Partition Type: NTFS
Computer Name: NIGHTFALL | User Name: Oraleva | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2658519919-3558309176-2021733753-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to playlist] -- "C:\Program Files (x86)\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Add to playlist] -- "C:\Program Files (x86)\Sonique\Sonique.exe" -appendonly "%1" (Terra Lycos)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC-Player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 1
"DefaultInboundAction" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E241E2F-D648-4A90-9903-CDC3288418C4}" = lport=137 | protocol=17 | dir=in | app=system |
"{0ED54C44-85D3-4B4E-9BCA-EDE056CDB6B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{161473B2-340C-48B1-A63A-597A4637E1CC}" = rport=138 | protocol=17 | dir=out | app=system |
"{356C42EB-2EE2-46B8-98D0-A29381AE1B60}" = lport=138 | protocol=17 | dir=in | app=system |
"{46E25BB4-321B-4A28-BCA5-7946876A59F6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6C3C665F-A0D7-4EF9-924A-7A717B025898}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6EE50CD5-E6D4-4A56-8656-69A5CF192C66}" = lport=139 | protocol=6 | dir=in | app=system |
"{98D466BA-423A-45A9-ACC9-FB1F8DE99DC6}" = rport=139 | protocol=6 | dir=out | app=system |
"{9FDEEB32-05FF-4E9B-B8D5-9FD1EB9CA812}" = rport=445 | protocol=6 | dir=out | app=system |
"{A834399E-A280-42E5-BC37-0067CF41A34D}" = lport=445 | protocol=6 | dir=in | app=system |
"{B0559A10-B482-4D4E-9E02-D8F2429CBFBB}" = rport=137 | protocol=17 | dir=out | app=system |
"{CED7293A-C683-463F-AF4D-3D042DE3D32C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C87976-1071-4FF8-BB1F-12F832B9D656}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{03AB9238-3C07-4DB6-AA2E-E4BFADA3C16A}" = dir=out | app=%programfiles% (x86)\mozilla firefox\updater.exe |
"{04B93F66-CC9A-4A26-928D-2DE3CFEF1CAB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0E46E9FF-A87F-4179-8CBB-AEA33FABD101}" = dir=out | app=%programfiles% (x86)\java\jre7\bin\javaws.exe |
"{2B6238AB-AD3F-4648-A63C-201EE0FC2F59}" = protocol=6 | dir=in | app=c:\program files (x86)\avg 2013\avgdiagex.exe |
"{4371750A-C02B-4EA0-911C-07D2A330EBA8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4BE203BF-6A73-48FB-BFBC-64CEA37F2B51}" = dir=out | app=%programfiles% (x86)\mozilla firefox\firefox.exe |
"{52B9A55D-5C31-46DF-BA4C-C14D5CE7D980}" = dir=out | app=%programfiles% (x86)\java\jre7\bin\javacpl.exe |
"{52C26434-7AFD-4661-9A83-F9F32ACFEE2B}" = protocol=58 | dir=in | app=system |
"{6A61D799-AB1E-4DAA-BB2E-AEFB9ECB9746}" = dir=in | name=lisa pc |
"{72D7C9D7-BA9C-438C-8B85-990184FC8910}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7B5ADEC0-ECEC-48B3-832D-2EF6E159338D}" = dir=out | app=%programfiles% (x86)\java\jre7\bin\java.exe |
"{8F3CCD99-CB17-4E6B-9622-3D6E14CD6881}" = dir=out | app=%programfiles% (x86)\mozilla firefox\webapprt-stub.exe |
"{A5F29929-E36D-49F7-9AFB-AF533174C737}" = protocol=17 | dir=in | app=c:\program files (x86)\avg 2013\avgdiagex.exe |
"{B7E32E20-A915-457B-BFD4-AB6F4BCBDD6F}" = dir=out | app=%programfiles% (x86)\mozilla firefox\plugin-container.exe |
"{DD2D2D60-118F-4249-8A91-CAEFB054CD27}" = protocol=6 | dir=in | app=c:\program files (x86)\avg 2013\avgnsa.exe |
"{E3D3E0D4-3928-4F87-BDB5-DF9010805AE1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EFF03BBE-152D-48E7-A711-362DE1DE1F2F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg 2013\avgnsa.exe |
"{F2F37803-E344-4E40-A6FE-0E2A8A9C06E4}" = dir=out | app=%programfiles% (x86)\java\jre7\bin\javaw.exe |
"{FE20DE68-5F3C-449A-81DB-081A44A25F8F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"TCP Query User{10CAB2F0-4F68-4162-9B50-C7DB400DFBDF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{14EF3ACF-9647-4DC2-B237-4D0B02661A9A}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{7C6016D3-6AF9-42F9-90D8-6453B6F4667A}D:\mass effect 2 deluxe edition\binaries\masseffect2.exe" = protocol=6 | dir=in | app=d:\mass effect 2 deluxe edition\binaries\masseffect2.exe |
"UDP Query User{297E2A22-1418-440E-B96C-6DEAA3FB58EA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{42426BF4-1288-4D96-962F-E89D4E084FCC}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{60FEA785-54D0-4735-ACCF-4ACEAC03EDFC}D:\mass effect 2 deluxe edition\binaries\masseffect2.exe" = protocol=17 | dir=in | app=d:\mass effect 2 deluxe edition\binaries\masseffect2.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers
"{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}" = AMD Catalyst Install Manager
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{477D05CA-C151-9CF5-22A1-9DF6DF543CD4}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{66A0F974-5E12-4E9D-A123-B1C6B6BA9804}" = Classic Shell
"{67F5E390-8E09-4AE4-B7F2-705AFD23D86D}" = WinAutomation
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B165B42D-0291-D45A-ACE2-D0144CB9FD3E}" = AMD Fuel
"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013
"{C1ACBDBF-6F86-185A-E158-AB07893968FC}" = AMD Accelerated Video Transcoding
"{D2FEF059-3942-4E50-B825-4E208DBC63F2}_is1" = Half-Life Singleplayer Edition 2012
"{D61EB116-6878-9676-F28F-54F6B647023C}" = ccc-utility64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F91E2EF2-CD31-4727-816F-F73F772F5FE6}" = AVG 2013
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"AVG" = AVG 2013
"CCleaner" = CCleaner
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009B1E9D-38AB-8B9E-DB07-8318DAAE1941}" = CCC Help Greek
"{022BC727-ACB7-4C1D-109C-177515714A32}" = AMD VISION Engine Control Center
"{07E46A4A-F2BA-FE48-9464-E11250502C6A}" = CCC Help Swedish
"{07E5C16F-9194-E31B-BB6C-C3E8FBD79C30}" = CCC Help English
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{0F2CF890-D101-6CFA-8D99-0CFBF7EF4AD0}" = CCC Help Chinese Standard
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{10CFB5DF-985A-8320-B4D8-461CC1F83CBF}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22D071EF-A06A-6341-DFDA-FE448659A63C}" = CCC Help Portuguese
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.9.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 11
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30909F74-4B46-2842-DECF-1C66F355338C}" = CCC Help Turkish
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.29f
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{365E16A2-FE3B-EA13-4EE0-88D570F82497}" = CCC Help Korean
"{3844035A-9429-4E54-86B0-6EE3778BA3FB}_is1" = The Elder Scrolls V: Skyrim
"{39AE731B-85B7-4004-8FF7-58989943A68B}" = GoGear SA19xx Device Manager
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3BB70E64-28C9-4FA9-B702-C30D29CC7B74}_is1" = Broken Sword 2 Remastered version 1.0
"{3D8AB6C1-3932-F551-2AF0-ED0612AD4B26}" = CCC Help Dutch
"{404245D0-E836-4737-9C12-D4D0034540F5}_is1" = Free Countdown Timer 2.0.0
"{40AD5E62-A31A-C414-01BA-310100577C7E}" = CCC Help Chinese Traditional
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{4F9E0D27-5525-E8C8-43D0-BA15C1A22E03}" = CCC Help Czech
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{647E62F0-F1BC-E0C3-EDF5-67716EE75014}" = CCC Help Hungarian
"{667DB2C0-AF52-021A-7CF6-DA8DD27AC215}" = CCC Help Italian
"{6A4C6C0F-8791-B753-742E-06C40A6E023C}" = CCC Help Polish
"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79C61902-F44E-4190-A2B9-9B467B0380CE}" = CCC Help French
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{91A3CEFE-A2C1-3E83-3789-F2BF8EC82106}" = CCC Help Thai
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-0081-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96CAEB1D-7BFB-2A98-EBB2-414C894F694F}" = CCC Help Danish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36A5251-2379-429B-9785-EEF2A5F8DBCB}_is1" = Mass Effect 2 Deluxe Edition
"{A5C7818C-27AC-4A71-BEDF-BA5652D2CC36}_is1" = Mass Effect Deluxe Edition
"{A664A708-E454-4416-7D19-D0F10879522C}" = CCC Help German
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.6.943
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5E66589-11D4-4DE5-90F3-1AD5E98ABD3E}" = Civilization III - Play the World v1.27F
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{CF35000B-8247-449B-85C9-D9C2A5936683}" = GoGear SA19xx Device Manager
"{D6F46E2D-4FE2-5FAB-5C30-230E99563DEE}" = Catalyst Control Center InstallProxy
"{D9DA23F5-CE0B-EE04-B498-7EC8AFC9F232}" = CCC Help Finnish
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DF5182CB-192B-A6C8-9707-D7214557691C}" = CCC Help Norwegian
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E6757654-CE6A-0D0B-BBE6-F6247F05B7CD}" = Catalyst Control Center Localization All
"{E8759AD8-3A58-77F1-D16D-F3C8F9E98722}" = Catalyst Control Center Graphics Previews Common
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC97089-04D6-42CE-A707-A343B4A7D2CD}" = Ghost Recon Advanced Warfighter
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F1C39CBE-4521-BEC8-5238-4A8B55FEB6B7}" = CCC Help Russian
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{FBFA39D2-C55A-56DC-7EBB-767FC31B04A3}" = CCC Help Spanish
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"5513-1208-7298-9440" = JDownloader 0.9
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Acoustica Premium Edition_is1" = Acoustica Premium Edition 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.60
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AudibleManager" = AudibleManager
"BOSS" = BOSS
"Broken Sword: Shadow of the Templar's Directors Cut_is1" = Broken Sword: Shadow of the Templar's Directors Cut
"Canon MX880 series Benutzerregistrierung" = Canon MX880 series Benutzerregistrierung
"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Crossword Compiler Deutsch 8 Testversion" = Crossword Compiler Deutsch 8 Testversion
"Debut" = Debut Video Capture Software
"Determinance_is1" = Determinance
"Diablo II" = Diablo II
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"DiskSpeed32" = DiskSpeed32
"DivX Setup.divx.com" = DivX-Setup
"DVD Flick_is1" = DVD Flick 1.3.0.7
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"FileZilla Client" = FileZilla Client 3.5.1
"foobar2000" = foobar2000 v1.1.7
"Fraps" = Fraps
"Free FLV Converter_is1" = Free FLV Converter V 7.5.0
"Free Screen Video Recorder_is1" = Free Screen Video Recorder version 2.5.22.508
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.3.3.908
"Free YouTube Downloader Converter" = Free YouTube Downloader Converter
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.1
"GeoGebra" = GeoGebra
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Jagged Alliance 2 Gold" = Jagged Alliance 2 Gold
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MetaProducts Portable Offline Browser" = MetaProducts Portable Offline Browser
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"Notepad++" = Notepad++
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"ResourceHacker_is1" = Resource Hacker Version 3.5.2
"Sonique15" = Sonique
"Soulseek" = SoulSeek Client 156c
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = Hero Editor V0.96
"Steamless_FakeFactory_CM10" = Steamless_FakeFactory_CM10
"SubtitleWorkshop" = Subtitle Workshop 2.51
"The Elder Scrolls V Hearthfire DLC Englische Version 1.00" = The Elder Scrolls V Hearthfire DLC Englische Version 1.00
"The Elder Scrolls V Skyrim - Dawnguard DLC Englische Version 1.00" = The Elder Scrolls V Skyrim - Dawnguard DLC Englische Version 1.00
"The Elder Scrolls V Skyrim Update 11 (1.8.151.0.7) Englische Version 1.00" = The Elder Scrolls V Skyrim Update 11 (1.8.151.0.7) Englische Version 1.00
"The Elder Scrolls V™ SKYRIM HD EDITION_is1" = The Elder Scrolls V™ SKYRIM HD EDITION
"TheHive_is1" = The Hive 1.2
"Ultima Online Second Age" = Ultima Online Second Age 5.0.8.3
"VLC media player" = VLC media player 1.1.7
"WinAutomation" = WinAutomation
"WinPcapInst" = WinPcap 4.1.1
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2658519919-3558309176-2021733753-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"Dragon Age Awakening Redesigned" = Dragon Age Awakening Redesigned
"Dragon Age Awakening Velanna Redesigned©" = Dragon Age Awakening Velanna Redesigned©
"Dragon Age Redesigned © Morrigan" = Dragon Age Redesigned © Morrigan
"Dragon Age Redesigned Oghren©" = Dragon Age Redesigned Oghren©
"Dragon Age Redesigned©" = Dragon Age Redesigned©
"Dragon Age Redesigned© Zevran" = Dragon Age Redesigned© Zevran
"Dragon Age Redesigned© Leliana" = Dragon Age Redesigned© Leliana
"GeoGebra WebStart" = GeoGebra WebStart
"SOE-EverQuest" = EverQuest
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Xilisoft DVD Audio Ripper 6" = Xilisoft DVD Audio Ripper 6
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.01.2013 11:29:30 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x7a0 Startzeit der fehlerhaften Anwendung: 0x01cdf324f5e1bae1
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
5a84df1d-5f28-11e2-9f78-bcaec52abc04
Error - 15.01.2013 12:16:02 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x744 Startzeit der fehlerhaften Anwendung: 0x01cdf33550c6a8d2
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
dabe4bcd-5f2e-11e2-ac02-bcaec52abc04
Error - 16.01.2013 00:16:39 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x764 Startzeit der fehlerhaften Anwendung: 0x01cdf33bd0fb8e7f
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
85d9a6e4-5f93-11e2-807f-bcaec52abc04
Error - 16.01.2013 13:22:17 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 16.01.2013 22:31:18 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x750 Startzeit der fehlerhaften Anwendung: 0x01cdf3de48c84d37
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
f8b81952-604d-11e2-853e-bcaec52abc04
Error - 17.01.2013 12:11:50 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 18.01.2013 01:08:08 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x714 Startzeit der fehlerhaften Anwendung: 0x01cdf4b95c539782
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
0bdfe678-612d-11e2-9f1e-bcaec52abc04
Error - 18.01.2013 19:31:39 | Computer Name = Nightfall | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 19.01.2013 00:29:14 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 4.1.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x75c Startzeit der fehlerhaften Anwendung: 0x01cdf5864aa06bdd
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
c73f13b4-61f0-11e2-ab2d-bcaec52abc04
Error - 19.01.2013 14:06:23 | Computer Name = Nightfall | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Fuel.Service.exe, Version: 1.0.0.0,
Zeitstempel: 0x501fefb5 Name des fehlerhaften Moduls: Device.dll, Version: 0.0.0.0,
Zeitstempel: 0x4f55e10b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000033c1
ID
des fehlerhaften Prozesses: 0x748 Startzeit der fehlerhaften Anwendung: 0x01cdf6640030aca8
Pfad
der fehlerhaften Anwendung: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Fuel.Service.exe
Pfad
des fehlerhaften Moduls: C:\Treiber\Sapphire 5850\12.8\ATI.ACE\Fuel\Device.dll Berichtskennung:
eef3d78d-6262-11e2-b1e4-bcaec52abc04
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 23.01.2013 23:51:22 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
unknown
Error - 23.01.2013 23:51:22 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 23.01.2013 23:51:22 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 23.01.2013 23:51:22 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
Verbindung wurde vom Remotehost geschlossen.
Error - 23.01.2013 23:51:22 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 24.01.2013 00:52:30 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
<C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
Host discarded.
Error - 24.01.2013 00:52:39 | Computer Name = Nightfall | Source = acvpnui | ID = 67108866
Description = Function: ProfileMgr::loadProfile File: .\ProfileMgr.cpp Line: 518 Invoked
Function: ProfileMgr::loadProfile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Duplicate host <asa-cluster.lrz.de> found in the profile
<C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\lrz.xml>.
Host discarded.
Error - 24.01.2013 00:52:39 | Computer Name = Nightfall | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 24.01.2013 00:52:39 | Computer Name = Nightfall | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 24.01.2013 00:52:43 | Computer Name = Nightfall | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1127 NULL object. Cannot establish a connection at this time.
[ OSession Events ]
Error - 31.10.2011 12:15:53 | Computer Name = Nightfall | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1026
seconds with 780 seconds of active time. This session ended with a crash.
Error - 01.10.2012 13:58:44 | Computer Name = Nightfall | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1313
seconds with 420 seconds of active time. This session ended with a crash.
[ Spybot - Search and Destroy Events ]
Error - 13.12.2012 17:08:20 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 17:09:05 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 17:12:40 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 17:15:32 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 18:13:19 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 18:14:07 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 13.12.2012 18:29:49 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 14.01.2013 19:19:39 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 14.01.2013 19:19:55 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
Error - 15.01.2013 09:36:59 | Computer Name = Nightfall | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 23.01.2013 04:37:07 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 23.01.2013 13:27:59 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 23.01.2013 13:28:00 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 23.01.2013 13:28:06 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 23.01.2013 13:29:00 | Computer Name = Nightfall | Source = DCOM | ID = 10016
Description =
Error - 23.01.2013 23:52:00 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 24.01.2013 00:52:31 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.01" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 24.01.2013 00:52:31 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 24.01.2013 00:52:40 | Computer Name = Nightfall | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 24.01.2013 00:53:32 | Computer Name = Nightfall | Source = DCOM | ID = 10016
Description =
< End of report >
|
|
24.01.2013, 10:33
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC sauber? Spybot kann Funde nicht bereinigen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.01.2013, 05:15
| #15 |
| | PC sauber? Spybot kann Funde nicht bereinigen Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.24.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Oraleva :: NIGHTFALL [Administrator] 24.01.2013 16:18:29 mbam-log-2013-01-24 (16-18-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 234169 Laufzeit: 2 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=57320afd99842f419ec379c42755acb7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-01-25 02:47:19
# local_time=2013-01-25 03:47:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1167367 110711889 0 0
# scanned=508761
# found=2
# cleaned=0
# scan_time=19230
D:\Netzwerk\Notfall-Pack\DebugKiller.exe probably unknown NewHeur_PE virus D47D9AB417450F24C5E65E2632299FB9D13990A8 I
E:\AutoRun.inf Win32/AutoRun.Delf.EP worm 713E0210B5C16CEDD72E03C18A0FBDD5702BF16D I
|
|
| Themen zu PC sauber? Spybot kann Funde nicht bereinigen |
| aktuell, befreien, beheben, bereinigen, blick, diverse, einfach, erlaubte, festgestellt, funde, größer, installation, konnte, liebe, malwarebytes, maximale, probleme, profis, sauber, spybot, system, troja, trojaners, vermute, wirklich |
Linear-Darstellung
