| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: TR/Mediyes.Gen bei Installation IExplorer im $$PendingFilesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.01.2013, 02:01
| #1 |
 |  TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles Hallo, ich hatte mir vor einigen Tagen den Trojaner TR/Mediyes.Gen eingefangen. Er wurde beim Besuch auf einer infizierten Seite in mein User\AppData\localLow\sun\java.... eingetragen. Avira hat ihn gefunden und in Quarantäne gesteckt. Bei einem neuen Systemcheck hatte Avira nichts mehr gefunden. Durch ein Firefox Problem mit Webmail, wollte ich schauen, ob es auch mit Chrome oder IE besteht. Dabei wurde der Internetexplorer nicht gestartet. Ich ihn deinstalliert und die neuste Version direkt bei MS runter geladen. Bei der Installation kam es dann zu folgender Avira Meldung: HTML-Code: Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 19. Januar 2013 23:32
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : *****-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 11.12.2012 15:50:50
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 11.12.2012 15:50:50
LUKE.DLL : 13.6.0.400 67360 Bytes 11.12.2012 15:51:32
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 10.12.2012 17:40:00
AVREG.DLL : 13.6.0.406 248096 Bytes 10.12.2012 17:39:58
avlode.dll : 13.6.1.402 428832 Bytes 10.12.2012 17:40:01
avlode.rdf : 13.0.0.26 7958 Bytes 10.12.2012 17:40:00
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 18:06:02
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 13:41:43
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 13:41:43
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 13:41:43
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 13:41:43
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 13:41:43
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 12:18:25
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 14:26:10
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 19:46:59
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 07:44:38
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 16:18:03
VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 19:22:50
VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 17:22:48
VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 15:55:44
VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 12:49:38
VBASE022.VDF : 7.11.57.220 2048 Bytes 18.01.2013 12:49:38
VBASE023.VDF : 7.11.57.221 2048 Bytes 18.01.2013 12:49:38
VBASE024.VDF : 7.11.57.222 2048 Bytes 18.01.2013 12:49:38
VBASE025.VDF : 7.11.57.223 2048 Bytes 18.01.2013 12:49:39
VBASE026.VDF : 7.11.57.224 2048 Bytes 18.01.2013 12:49:39
VBASE027.VDF : 7.11.57.225 2048 Bytes 18.01.2013 12:49:39
VBASE028.VDF : 7.11.57.226 2048 Bytes 18.01.2013 12:49:39
VBASE029.VDF : 7.11.57.227 2048 Bytes 18.01.2013 12:49:39
VBASE030.VDF : 7.11.57.228 2048 Bytes 18.01.2013 12:49:39
VBASE031.VDF : 7.11.57.242 74240 Bytes 19.01.2013 18:49:44
Engineversion : 8.2.10.232
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.82 467323 Bytes 17.01.2013 15:55:46
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 15:08:07
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 13:44:54
AEPACK.DLL : 8.3.1.2 819574 Bytes 21.12.2012 07:47:15
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 07.11.2012 18:31:38
AEHEUR.DLL : 8.1.4.174 5615991 Bytes 10.01.2013 13:44:51
AEHELP.DLL : 8.1.25.2 258423 Bytes 11.10.2012 20:41:04
AEGEN.DLL : 8.1.6.14 434548 Bytes 10.01.2013 13:44:36
AEEXP.DLL : 8.3.0.10 188789 Bytes 17.01.2013 15:55:47
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 15:08:01
AEBB.DLL : 8.1.1.4 53619 Bytes 07.11.2012 18:31:22
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 11.12.2012 15:50:48
AVREP.DLL : 13.4.0.360 177952 Bytes 10.12.2012 17:39:59
AVARKT.DLL : 13.6.0.402 260384 Bytes 11.12.2012 15:50:37
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 11.12.2012 15:50:43
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54
NETNT.DLL : 13.4.0.360 15648 Bytes 11.12.2012 15:51:32
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 11.12.2012 15:50:34
RCTEXT.DLL : 13.4.0.360 68384 Bytes 11.12.2012 15:50:34
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50fb1a59\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Beginn des Suchlaufs: Samstag, 19. Januar 2013 23:32
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '154' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvxdsync.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'HeciServer.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'IntelMeFWService.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'jhi_service.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVPrcSrv.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'PnkBstrA.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'RaRegistry.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVPrS64H.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'RaRegistry64.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '169' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCore.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'RaUI.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvtray.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDClock.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '104' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '152' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_146.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_146.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'F:\$$PendingFiles\98c07eb794f6cd01510000001812b40c.VGX.dll'
F:\$$PendingFiles\98c07eb794f6cd01510000001812b40c.VGX.dll
[FUND] Ist das Trojanische Pferd TR/Mediyes.Gen
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 5bc98b0e.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '435ea4b1.qua' verschoben!
Ende des Suchlaufs: Samstag, 19. Januar 2013 23:32
Benötigte Zeit: 00:06 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
877 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
876 Dateien ohne Befall
1 Archive wurden durchsucht
0 Warnungen
1 Hinweise HTML-Code: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.19.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Mario :: *****-PC [Administrator] 19.01.2013 23:13:19 mbam-log-2013-01-19 (23-13-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 478768 Laufzeit: 1 Stunde(n), 24 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
20.01.2013, 02:05
| #2 |
| | TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles anbei die Logs von OTL.
__________________Vielleicht habt Ihr ja einen Tip, woran das liegen kann, weil ich nicht glaube, dass ich von microsoft trojaner software geladen habe: Vielen Dank MH OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.01.2013 00:12:39 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\*****\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 14,91 Gb Total Physical Memory | 11,00 Gb Available Physical Memory | 73,80% Memory free 29,81 Gb Paging File | 25,62 Gb Available in Paging File | 85,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = F:\Program Files (x86) Drive C: | 223,57 Gb Total Space | 148,78 Gb Free Space | 66,55% Space Free | Partition Type: NTFS Drive D: | 2794,39 Gb Total Space | 2460,82 Gb Free Space | 88,06% Space Free | Partition Type: NTFS Drive E: | 6,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 465,76 Gb Total Space | 449,68 Gb Free Space | 96,55% Space Free | Partition Type: NTFS Drive G: | 1862,98 Gb Total Space | 1227,51 Gb Free Space | 65,89% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.) PRC - F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - F:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) PRC - F:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) PRC - F:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - F:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\156a6215a427bcec551e294300c096e6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - F:\Program Files (x86)\Ralink\Common\RaWLAPI.dll () MOD - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (Intel(R) -- F:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV:64bit: - (LVPrcS64) -- F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV:64bit: - (WinDefend) -- F:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (nvUpdatusService) -- F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer8) -- F:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirSchedulerService) -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (PDF Architect Helper Service) -- F:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) SRV - (PDF Architect Service) -- F:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) SRV - (SkypeUpdate) -- F:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Cisco WebEx Connect Upgrade Service) -- F:\Program Files (x86)\WebEx\Connect\apUpdate.exe (WebEx Communications Inc.) SRV - (UNS) -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (IAStorDataMgrSvc) -- F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (RaMediaServer) -- F:\Program Files (x86)\Ralink\Common\RaMediaServer.exe () SRV - (RalinkRegistryWriter64) -- F:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Ralink Technology, Corp.) SRV - (RalinkRegistryWriter) -- F:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (AsrRamDisk) -- C:\Windows\SysNative\drivers\AsrRamDisk.sys (ASRock Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech) DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-562266739-958991444-1106781136-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-562266739-958991444-1106781136-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-562266739-958991444-1106781136-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D BA C7 83 A0 A1 CD 01 [binary data] IE - HKU\S-1-5-21-562266739-958991444-1106781136-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-562266739-958991444-1106781136-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-562266739-958991444-1106781136-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-562266739-958991444-1106781136-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: en-US%40dictionaries.addons.mozilla.org:6.0 FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121012015120 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: F:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: F:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.12.18 10:22:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2013.01.11 01:12:05 | 000,000,000 | ---D | M] [2012.10.03 21:27:27 | 000,000,000 | ---D | M] (No name found) -- D:\Users\*****\AppData\Roaming\Mozilla\Extensions [2013.01.20 00:07:47 | 000,000,000 | ---D | M] (No name found) -- D:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions [2012.11.13 20:49:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.01.11 16:26:40 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.13 00:16:35 | 000,000,000 | ---D | M] (German Dictionary) -- D:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.10.13 00:16:57 | 000,000,000 | ---D | M] (United States English Spellchecker) -- D:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions\en-US@dictionaries.addons.mozilla.org [2013.01.20 00:07:47 | 000,000,000 | ---D | M] (No name found) -- D:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions\staged [2013.01.20 00:07:47 | 000,804,627 | ---- | M] () (No name found) -- D:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.20 00:07:21 | 000,533,221 | ---- | M] () (No name found) -- D:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.01.11 01:12:04 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\mozilla firefox\extensions [2013.01.11 01:12:05 | 000,262,704 | ---- | M] (Mozilla Foundation) -- F:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = F:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = F:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = F:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: Microsoft Office 2010 (Enabled) = F:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = F:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = F:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll CHR - plugin: Google Update (Enabled) = F:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Google Drive = D:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = D:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = D:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = D:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - F:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - F:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] F:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-562266739-958991444-1106781136-1005..\Run: [Sidebar] F:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-562266739-958991444-1106781136-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-562266739-958991444-1106781136-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKU\S-1-5-21-562266739-958991444-1106781136-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://F:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://F:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://F:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://F:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-562266739-958991444-1106781136-1002\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-562266739-958991444-1106781136-1002\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-562266739-958991444-1106781136-1002\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-562266739-958991444-1106781136-1002\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-562266739-958991444-1106781136-1005\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-21-562266739-958991444-1106781136-1005\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-21-562266739-958991444-1106781136-1005\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-21-562266739-958991444-1106781136-1005\..Trusted Domains: sony.com ([]* in ) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{207A2B70-01F4-4B42-8861-D8F0B8234FAC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{585DB487-86C4-44B5-AF35-15B110F8E005}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.10.02 16:54:20 | 000,304,886 | R--- | M] () - E:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2012.10.04 02:29:45 | 000,000,060 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.20 00:14:19 | 000,186,880 | ---- | C] (CEXX.ORG) -- D:\Users\*****\Desktop\LSPFix.exe [2013.01.19 23:45:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- D:\Users\*****\Desktop\HiJackThis204.exe [2013.01.19 17:24:29 | 000,000,000 | ---D | C] -- D:\Users\*****\AppData\Roaming\Malwarebytes [2013.01.19 17:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.19 17:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.19 17:23:59 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.19 17:23:59 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.19 17:10:24 | 004,732,416 | ---- | C] (AVAST Software) -- D:\Users\*****\Desktop\aswMBR.exe [2013.01.19 17:10:13 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\*****\Desktop\tdsskiller.exe [2013.01.19 16:53:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\*****\Desktop\OTL.exe [2013.01.19 15:43:08 | 000,000,000 | ---D | C] -- D:\Users\*****\Desktop\PPFScan [2013.01.19 15:21:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.01.19 14:08:45 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.01.19 14:08:45 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.01.19 14:08:45 | 002,434,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.01.19 14:08:45 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.01.19 14:08:45 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.01.19 14:08:45 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.01.19 14:08:45 | 001,643,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.01.19 14:08:45 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.01.19 14:08:45 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.01.19 14:08:45 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.01.19 14:08:45 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.01.19 14:08:45 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.01.19 14:08:45 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.01.19 14:08:45 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.01.19 14:08:45 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.01.19 14:08:45 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.01.19 14:08:45 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.01.19 14:08:45 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.01.19 14:08:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.01.19 14:08:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.01.19 14:08:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.01.19 14:08:45 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.01.19 14:08:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.01.19 14:08:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.01.19 14:08:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.01.19 14:08:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.01.19 14:08:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.01.19 14:08:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.01.19 14:08:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.01.19 14:08:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.01.19 14:08:45 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.01.19 14:08:45 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.01.19 14:08:44 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.01.19 14:08:44 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.01.19 14:08:44 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.01.19 14:08:44 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.01.19 14:08:44 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.01.19 14:08:44 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.01.19 14:08:44 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.01.19 14:08:44 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.01.19 14:08:44 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.01.18 18:35:30 | 000,000,000 | ---D | C] -- D:\Users\*****\Documents\MyConnectFiles [2013.01.18 18:35:30 | 000,000,000 | ---D | C] -- D:\Users\*****\AppData\Roaming\Connect [2013.01.18 18:35:03 | 000,000,000 | ---D | C] -- D:\Users\*****\AppData\Local\WebEx Connect [2013.01.18 18:34:58 | 000,000,000 | ---D | C] -- D:\Users\*****\AppData\Roaming\WebEx Connect [2013.01.18 18:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco WebEx Connect [2013.01.18 18:25:49 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\WebEx [2013.01.11 14:15:43 | 000,000,000 | ---D | C] -- D:\Users\*****\Documents\Outlook-Dateien [2013.01.11 01:12:03 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Mozilla Firefox [2013.01.09 22:33:09 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 22:33:09 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 22:32:23 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 22:32:23 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 22:32:22 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 22:32:22 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 22:32:22 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 22:32:22 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 22:32:22 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 22:32:22 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 22:32:22 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 22:32:22 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 22:32:22 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 22:32:22 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 22:32:22 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 22:32:22 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 22:32:22 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 22:32:22 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 22:32:22 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 22:32:22 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 22:32:22 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 22:32:22 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 22:32:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 22:32:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 22:32:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 22:32:22 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 22:32:22 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 22:32:22 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 22:32:21 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 22:32:21 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 22:32:21 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 22:32:21 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 22:32:21 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 22:32:21 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 22:32:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 22:32:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 22:31:44 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 22:31:44 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 22:31:43 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 22:31:43 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 22:31:43 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 22:31:43 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 22:31:43 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 22:31:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 22:31:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 22:31:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 22:31:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 22:31:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 22:31:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 22:31:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 22:31:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 22:31:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 22:31:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 22:31:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 22:31:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 22:31:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 22:31:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 22:31:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 22:31:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 22:31:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 22:31:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 22:31:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 22:31:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 22:31:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 22:31:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 22:31:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 22:31:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 22:31:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 22:31:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 22:31:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 22:31:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 22:31:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.09 22:31:22 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.08 21:09:46 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\AGEIA Technologies [2013.01.08 21:08:59 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll [2013.01.08 21:08:59 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2013.01.08 21:08:59 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2013.01.08 21:08:58 | 025,256,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.01.08 21:08:58 | 020,450,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.01.08 21:08:58 | 017,560,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.01.08 21:08:58 | 015,129,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.01.08 21:08:58 | 009,389,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.01.08 21:08:58 | 007,931,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.01.08 21:08:58 | 007,565,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.01.08 21:08:58 | 006,263,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.01.08 21:08:58 | 002,904,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.01.08 21:08:58 | 002,720,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.01.08 21:08:58 | 002,344,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.01.08 21:08:58 | 001,985,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.01.08 21:08:58 | 000,958,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013.01.08 21:08:58 | 000,246,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013.01.08 21:08:58 | 000,201,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2013.01.08 21:08:28 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.01.06 14:17:21 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.01.03 16:47:52 | 000,000,000 | ---D | C] -- D:\Users\*****\AppData\Roaming\Wise Registry Cleaner [2013.01.03 16:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner [2013.01.02 18:46:28 | 000,000,000 | ---D | C] -- D:\Users\*****\AppData\Roaming\TeamViewer [2012.12.29 02:54:24 | 000,550,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2012.12.26 17:48:27 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.26 17:48:27 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.26 17:48:27 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.26 17:48:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 14:57:30 | 000,000,000 | ---D | C] -- D:\Users\*****\Documents\Meine empfangenen Dateien ========== Files - Modified Within 30 Days ========== [2013.01.20 00:16:44 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.01.20 00:16:44 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.20 00:15:51 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex1 [2013.01.20 00:13:38 | 000,186,880 | ---- | M] (CEXX.ORG) -- D:\Users\*****\Desktop\LSPFix.exe [2013.01.20 00:09:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.20 00:09:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.19 23:53:48 | 000,574,677 | ---- | M] () -- D:\Users\*****\Desktop\adwcleaner06.exe [2013.01.19 23:36:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- D:\Users\*****\Desktop\HiJackThis204.exe [2013.01.19 23:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.19 23:31:51 | 000,000,134 | ---- | M] () -- D:\Users\*****\Desktop\Internet Explorer-Problembehebung.url [2013.01.19 23:20:15 | 000,013,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.19 23:20:15 | 000,013,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.19 23:18:36 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.19 23:18:36 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.19 23:18:36 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.19 23:18:36 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.19 23:18:36 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.19 23:12:58 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.01.19 23:12:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.19 23:12:32 | 3414,986,750 | -HS- | M] () -- C:\hiberfil.sys [2013.01.19 19:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.01.19 17:24:00 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.19 17:11:26 | 004,732,416 | ---- | M] (AVAST Software) -- D:\Users\*****\Desktop\aswMBR.exe [2013.01.19 17:10:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- D:\Users\*****\Desktop\tdsskiller.exe [2013.01.19 16:54:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\*****\Desktop\OTL.exe [2013.01.19 14:17:14 | 000,681,984 | ---- | M] () -- D:\Users\*****\Desktop\CKScanner.exe [2013.01.19 14:08:45 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.01.19 14:08:45 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013.01.19 14:08:45 | 002,434,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.01.19 14:08:45 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013.01.19 14:08:45 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.01.19 14:08:45 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013.01.19 14:08:45 | 001,643,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.01.19 14:08:45 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.01.19 14:08:45 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013.01.19 14:08:45 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013.01.19 14:08:45 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013.01.19 14:08:45 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013.01.19 14:08:45 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013.01.19 14:08:45 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013.01.19 14:08:45 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.01.19 14:08:45 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.01.19 14:08:45 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.01.19 14:08:45 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.01.19 14:08:45 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.01.19 14:08:45 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.01.19 14:08:45 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.01.19 14:08:45 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.01.19 14:08:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013.01.19 14:08:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013.01.19 14:08:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.01.19 14:08:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.01.19 14:08:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013.01.19 14:08:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013.01.19 14:08:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.01.19 14:08:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.01.19 14:08:45 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.01.19 14:08:45 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.01.19 14:08:44 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.01.19 14:08:44 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013.01.19 14:08:44 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.01.19 14:08:44 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.01.19 14:08:44 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013.01.19 14:08:44 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013.01.19 14:08:44 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013.01.19 14:08:44 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.01.19 14:08:44 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013.01.18 18:25:51 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Cisco WebEx Connect.lnk [2013.01.15 18:18:25 | 000,002,128 | ---- | M] () -- D:\Users\*****\Desktop\Google Chrome.lnk [2013.01.13 16:20:28 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex2 [2013.01.12 03:30:38 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.01.12 03:30:33 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.01.10 08:39:15 | 000,418,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 16:54:43 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 16:54:43 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.07 10:39:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2013.01.03 16:47:35 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk [2013.01.02 19:57:25 | 000,082,624 | ---- | M] () -- D:\Users\*****\Desktop\Mutti Programme.JPG [2013.01.02 18:49:38 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.01.02 14:55:28 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.12.29 22:17:35 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.12.29 11:34:47 | 026,931,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.12.29 11:34:47 | 025,256,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.12.29 11:34:47 | 020,450,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.12.29 11:34:47 | 018,054,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.12.29 11:34:47 | 017,560,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.12.29 11:34:47 | 015,129,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.12.29 11:34:47 | 015,052,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.12.29 11:34:47 | 012,641,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.12.29 11:34:47 | 009,389,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.12.29 11:34:47 | 007,931,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.12.29 11:34:47 | 007,565,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.12.29 11:34:47 | 006,263,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.12.29 11:34:47 | 002,904,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.12.29 11:34:47 | 002,824,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.12.29 11:34:47 | 002,720,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.12.29 11:34:47 | 002,504,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.12.29 11:34:47 | 002,344,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.12.29 11:34:47 | 001,985,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.12.29 11:34:47 | 001,813,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.12.29 11:34:47 | 001,504,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.12.29 11:34:47 | 001,107,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2012.12.29 11:34:47 | 000,958,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.12.29 11:34:47 | 000,246,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.12.29 11:34:47 | 000,201,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.29 09:40:27 | 006,382,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.12.29 09:40:27 | 003,455,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.12.29 09:40:11 | 002,923,201 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012.12.29 09:40:09 | 002,558,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.12.29 09:40:09 | 000,118,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.12.29 09:40:09 | 000,063,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.12.29 02:54:24 | 000,550,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe ========== Files Created - No Company Name ========== [2013.01.19 23:53:53 | 000,574,677 | ---- | C] () -- D:\Users\*****\Desktop\adwcleaner06.exe [2013.01.19 23:31:51 | 000,000,134 | ---- | C] () -- D:\Users\*****\Desktop\Internet Explorer-Problembehebung.url [2013.01.19 22:31:29 | 000,000,737 | ---- | C] () -- D:\Users\*****\Desktop\Versteckte Ordner anzeigen & wieder verstecken.bat [2013.01.19 17:24:00 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.19 14:17:12 | 000,681,984 | ---- | C] () -- D:\Users\*****\Desktop\CKScanner.exe [2013.01.18 18:25:51 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Cisco WebEx Connect.lnk [2013.01.03 16:47:35 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk [2013.01.02 19:57:25 | 000,082,624 | ---- | C] () -- D:\Users\*****\Desktop\Mutti Programme.JPG [2013.01.02 18:49:38 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.01.02 18:49:38 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2013.01.02 14:55:28 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.30 22:27:18 | 000,246,272 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2012.11.30 22:27:18 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2012.11.05 20:16:21 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.11.05 20:16:19 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2012.11.05 20:16:19 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2012.10.13 17:11:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.10.04 22:23:05 | 000,007,602 | ---- | C] () -- D:\Users\*****\AppData\Local\Resmon.ResmonCfg [2012.10.04 06:54:09 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.10.04 06:54:08 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2012.10.04 06:54:08 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.10.03 21:33:11 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012.03.19 22:37:12 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.03.19 22:37:12 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.01.2013 00:12:39 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
14,91 Gb Total Physical Memory | 11,00 Gb Available Physical Memory | 73,80% Memory free
29,81 Gb Paging File | 25,62 Gb Available in Paging File | 85,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = F:\Program Files (x86)
Drive C: | 223,57 Gb Total Space | 148,78 Gb Free Space | 66,55% Space Free | Partition Type: NTFS
Drive D: | 2794,39 Gb Total Space | 2460,82 Gb Free Space | 88,06% Space Free | Partition Type: NTFS
Drive E: | 6,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 465,76 Gb Total Space | 449,68 Gb Free Space | 96,55% Space Free | Partition Type: NTFS
Drive G: | 1862,98 Gb Total Space | 1227,51 Gb Free Space | 65,89% Space Free | Partition Type: NTFS
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-562266739-958991444-1106781136-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "F:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "F:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "F:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "F:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"F:\Program Files (x86)\WebEx\Connect\wbxcOIEx.exe" = F:\Program Files (x86)\WebEx\Connect\wbxcOIEx.exe:*:Enabled:wbxcOIEx -- (WebEx)
"F:\Program Files (x86)\WebEx\Connect\widget.exe" = F:\Program Files (x86)\WebEx\Connect\widget.exe:*:Enabled:widget -- ()
"F:\Program Files (x86)\WebEx\Connect\connect.exe" = F:\Program Files (x86)\WebEx\Connect\connect.exe:*:Enabled:WebEx Connect -- (Cisco WebEx)
"F:\Program Files (x86)\WebEx\Connect\wbxcOIEx.exe" = F:\Program Files (x86)\WebEx\Connect\wbxcOIEx.exe:*:Enabled:wbxcOIEx -- (WebEx)
"F:\Program Files (x86)\WebEx\Connect\widget.exe" = F:\Program Files (x86)\WebEx\Connect\widget.exe:*:Enabled:widget -- ()
"F:\Program Files (x86)\WebEx\Connect\connect.exe" = F:\Program Files (x86)\WebEx\Connect\connect.exe:*:Enabled:WebEx Connect -- (Cisco WebEx)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Program Files (x86)\WebEx\Connect\wbxcOIEx.exe" = F:\Program Files (x86)\WebEx\Connect\wbxcOIEx.exe:*:Enabled:wbxcOIEx -- (WebEx)
"F:\Program Files (x86)\WebEx\Connect\widget.exe" = F:\Program Files (x86)\WebEx\Connect\widget.exe:*:Enabled:widget -- ()
"F:\Program Files (x86)\WebEx\Connect\connect.exe" = F:\Program Files (x86)\WebEx\Connect\connect.exe:*:Enabled:WebEx Connect -- (Cisco WebEx)
"F:\Program Files (x86)\WebEx\Connect\wbxcOIEx.exe" = F:\Program Files (x86)\WebEx\Connect\wbxcOIEx.exe:*:Enabled:wbxcOIEx -- (WebEx)
"F:\Program Files (x86)\WebEx\Connect\widget.exe" = F:\Program Files (x86)\WebEx\Connect\widget.exe:*:Enabled:widget -- ()
"F:\Program Files (x86)\WebEx\Connect\connect.exe" = F:\Program Files (x86)\WebEx\Connect\connect.exe:*:Enabled:WebEx Connect -- (Cisco WebEx)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2668E08D-BD03-4851-AC28-CED7843AC468}" = rport=138 | protocol=17 | dir=out | app=system |
"{280A17A1-9165-48F0-B15F-60583EE545D7}" = rport=137 | protocol=17 | dir=out | app=system |
"{335DEAE6-B30D-481A-9E7A-BABB2138CAAD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4AD21C5A-2066-474C-931A-52119ACF4C13}" = rport=139 | protocol=6 | dir=out | app=system |
"{5924FEC2-E768-43E4-A395-7C1454079814}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65380578-E60A-43FD-A22D-C565123C76A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67499829-E377-4E44-946E-AA210BFFB79B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69E397E0-8D07-4135-9F92-E8B58B7720F5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6E1F6168-2139-446B-87FD-43A9EB984EEA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6F5D273C-7B17-41A1-9AA1-61740405336C}" = lport=139 | protocol=6 | dir=in | app=system |
"{7353420B-8416-47F3-9748-594F71014DA8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{782AAD6E-AE6E-4A22-9945-74B82FCD1691}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82E367FE-16AC-4FFF-BDCB-96E38289DBA0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8D687CF1-01F7-4336-ACA5-69D7A97FBEFB}" = lport=445 | protocol=6 | dir=in | app=system |
"{928584D0-9326-45CF-A02F-563CBA30BA3A}" = rport=445 | protocol=6 | dir=out | app=system |
"{9CAB934A-A906-468B-AF3D-86728A29ADBA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9FB12278-BCC7-475F-A955-3A5287C7BC83}" = lport=137 | protocol=17 | dir=in | app=system |
"{A3E68FAC-7F65-44D3-AEE5-855B984A6028}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9FDFA2D-B302-4641-81F5-25F34C1BE2EB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B145C0DB-AA36-4980-AA09-5E0AF9FA5070}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B451DC5B-7D8A-4F3F-B515-B90463377770}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B930A422-123B-4FC1-A37E-4FBF1CE7F63F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA19382A-C05D-4CCF-8A00-F5E719C1E104}" = lport=6004 | protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office14\outlook.exe |
"{C92CBFF8-71A6-468D-9614-B6B12B24BEAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D5067DD0-E4C2-4358-8F75-5D5156F90792}" = lport=138 | protocol=17 | dir=in | app=system |
"{D6B658F3-86F4-4CE3-83A4-07BEB5959EAA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014E8896-F147-4892-BE68-A1B38F2A940E}" = protocol=6 | dir=in | app=d:\users\*****\appdata\roaming\spotify\spotify.exe |
"{038318C4-917C-41E2-9823-5F8C5E6A2ECA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{05EAD1F9-3A3F-4B20-BAC0-33F080E77347}" = protocol=6 | dir=in | app=f:\program files\common files\common desktop agent\cdasrv.exe |
"{0A775068-8E68-4725-B6E3-ED22BE6F28ED}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0B1AD367-C1B1-4194-BEC3-C1F8DEAB5AEF}" = dir=in | app=f:\program files (x86)\itunes\itunes.exe |
"{0BE0C470-8231-41AD-8C46-DDC7D0381629}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0D759E5D-8518-47F9-94DA-047D5E064CAC}" = protocol=6 | dir=in | app=f:\program files (x86)\bonjour\mdnsresponder.exe |
"{162A7910-D4FC-4DE5-96C8-35B838C6EBB3}" = protocol=6 | dir=in | app=f:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{163E9611-C4E6-450A-A4DB-A6B836E69F5C}" = protocol=17 | dir=in | app=f:\program files\common files\common desktop agent\cdasrv.exe |
"{169AB691-E795-46F4-B0B1-7223BEA7F387}" = protocol=6 | dir=in | app=f:\program files\bonjour\mdnsresponder.exe |
"{1AA287A2-9A4E-4876-805D-3CBB3E0D75C0}" = protocol=6 | dir=in | app=f:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{1BBF249A-06AB-4F4B-A30E-3C5EBF59BCB9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{25EC3C57-D4EB-4709-A720-F486B07F3B04}" = protocol=17 | dir=in | app=f:\program files\ventrilo\ventrilo.exe |
"{2677EC96-C246-43A5-A798-03353D1D755A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{29552993-EA60-4E8B-96C2-0797D343242D}" = dir=in | app=f:\program files (x86)\skype\phone\skype.exe |
"{2C4F7BF5-856D-4DBC-8D74-7878124F2B3F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2FC3BCCD-51C3-4BA7-9AA7-99CE0927A96F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{31D6BF89-0C56-41B4-9A85-432237250012}" = protocol=17 | dir=in | app=c:\program files (x86)\origin\medal of honor warfighter\mohw.exe |
"{3E67CE51-AE8B-4BA1-AA1C-6F4837D7D64D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3F637A9A-0094-4CD2-857E-3001B2FFA8F0}" = protocol=17 | dir=in | app=f:\program files (x86)\bonjour\mdnsresponder.exe |
"{418CCDDD-CA02-404C-9F9D-BD1D9091D7B6}" = protocol=17 | dir=in | app=d:\users\*****\appdata\roaming\spotify\spotify.exe |
"{44760C00-957E-422B-BB8D-417D47060F49}" = protocol=17 | dir=in | app=f:\program files (x86)\ralink\common\ramediaserver.exe |
"{4C622B0C-007C-4C4C-8521-56942E80F80C}" = dir=in | app=f:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5303CDEA-D82F-434C-8B21-FFBBAD549177}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{535C8B12-CCB9-473C-867F-1A9A9F380822}" = protocol=17 | dir=in | app=f:\program files (x86)\ralink\common\raui.exe |
"{56C163CE-F578-42BC-8020-761C426A81E8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{62842031-EDA9-4C66-86FD-7C234CD104AC}" = dir=in | app=f:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{66621B14-D92D-4475-A52C-9E2B2EF62CD9}" = protocol=17 | dir=in | app=f:\program files\bonjour\mdnsresponder.exe |
"{693CB1BC-E79E-4554-B7CE-C03F111BD410}" = protocol=17 | dir=in | app=f:\program files (x86)\samsung\easy printer manager\idsalert.exe |
"{693E71C6-AFC5-4FB5-BB2D-52582B0C357C}" = dir=in | app=f:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{69DF6C62-202A-4152-929E-4E992E2E844D}" = protocol=6 | dir=in | app=f:\program files (x86)\ralink\common\ramediaserver.exe |
"{6A96BAFC-B97F-41D6-B37F-01F37EBC49CA}" = protocol=6 | dir=in | app=f:\program files (x86)\ralink\common\apui.exe |
"{6B5D4894-EBF8-478C-A309-2977CFEA4EB5}" = protocol=17 | dir=in | app=f:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{6BF243DA-D604-4641-8A0D-BBD7CDA211AA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6CCA96C2-35D7-4D22-920B-BC341B44ED7F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{79D2BBA8-CA4B-4360-9D72-65E04382AAB6}" = protocol=17 | dir=in | app=f:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{7A511B79-0B16-4798-B79F-44F8A136E18A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7B7CC758-7F08-47E1-9216-4882E26A1A5B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7CD1D4C5-7347-4F6A-BB4E-F2EB12F6365C}" = protocol=6 | dir=in | app=f:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{83F529CA-5BE4-4035-8705-BF47BC720E71}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9121DF09-A731-4E06-8F00-74052154BB1F}" = protocol=17 | dir=in | app=f:\program files (x86)\samsung\easy printer manager\ordersupplies.exe |
"{91630375-5DE0-43DF-8776-F7B8A4660577}" = protocol=6 | dir=in | app=f:\program files\ventrilo\ventrilo.exe |
"{9301C87C-4252-44E2-91CB-8370134F8D17}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{970C608D-D756-48EB-A2F4-6826E4907161}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office14\onenote.exe |
"{9FDE3C7E-0ADE-4B0B-9934-01E762BE4BAB}" = protocol=6 | dir=in | app=f:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{A0FD65CC-58A7-4974-B1BA-2D89C278EDC4}" = protocol=6 | dir=in | app=f:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{A2E550E7-BF24-4C23-AD75-FB282B0E2CEA}" = protocol=17 | dir=in | app=f:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe |
"{A8796E5B-AD2B-4A73-8025-461AEFF9E2CA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AE49751A-5A87-424B-A707-0F92242F2F6C}" = protocol=17 | dir=in | app=f:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{B0DBA5A1-4AD1-43CC-912C-A2F3CBDC621F}" = protocol=17 | dir=in | app=f:\program files (x86)\samsung\easy printer manager\ids.application.exe |
"{BB960797-4738-412A-B9C3-F966598255A6}" = protocol=6 | dir=out | app=system |
"{C3C10A65-9D74-4CD3-9D67-5726A975D550}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office14\groove.exe |
"{CF649F49-F69A-4DFB-AE7F-439C3A4AC050}" = protocol=6 | dir=in | app=f:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{D1FC6841-5591-4576-95D9-0F27227E9BF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5B9D1BC-26FF-4A5B-91AA-FD87757F135A}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office14\groove.exe |
"{D99685CE-5A0F-4CD9-8F9C-AAD0A7C1E2C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DA6DAC50-E715-4E85-95AC-6273BDA5E6E7}" = protocol=17 | dir=in | app=f:\program files (x86)\ralink\common\apui.exe |
"{DF911804-29CD-4C12-830F-6B0ED0F11490}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E0C0E5E6-AB23-4FC8-8187-15EF7E449BB2}" = protocol=6 | dir=in | app=f:\program files (x86)\ralink\common\raui.exe |
"{E32AD78B-EC8B-4751-B7EC-261B8E790D81}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office14\onenote.exe |
"{E46DF590-6ECF-4F6D-A351-B560775D7DC5}" = protocol=6 | dir=in | app=f:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{EB37D4B5-A756-40E9-87E2-5B7E6571ED29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE97DADD-C7AD-45F8-8207-0E53380B4815}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF85DF2F-CCF1-47A3-B719-7D0F6D452938}" = protocol=6 | dir=in | app=c:\program files (x86)\origin\medal of honor warfighter\mohw.exe |
"{F04346F8-CAB1-4629-9CC0-862309A8457E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F0EDA874-334E-4534-8BFE-46BF6EBEDB18}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F7CB5ACF-03D9-4B01-90FB-E043FA6318DA}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FC0AD6DC-96DF-4406-B57E-540D13CEE094}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{452A8737-339F-4742-ACE2-E5B2F5A88BE9}F:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=f:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{887735FA-92DA-41D6-86A9-B1F1D9679B31}F:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=f:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{DA44230C-C3E2-4857-88A1-9F6C7813E0B6}D:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=d:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe |
"UDP Query User{34361AB7-6E14-4EDB-A21B-77CD6C8A6285}F:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=f:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{3E202A28-1081-4A31-9F02-78DA94E9060C}D:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=d:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe |
"UDP Query User{62EE2ABD-5045-4F96-9D67-B2F1CBA5F129}F:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=f:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.35
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{599EB71F-CFBA-43DF-94F1-385AE832A2D2}" = Cisco WebEx Connect
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D3AAAEA9-9A0C-4568-8E9D-073497291031}" = Nero 8
"{D560920A-6617-47D0-BA3A-715C724A438F}" = Medal of Honor™ Warfighter
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.181
"Avira AntiVir Desktop" = Avira Free Antivirus
"FreeCommander_is1" = FreeCommander 2009.02b
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Samsung Easy Printer Manager" = Samsung Easy Printer Manager
"Samsung ML-2950 Series" = Samsung ML-2950 Series
"Samsung Printer Live Update" = Samsung Printer Live Update
"TeamViewer 8" = TeamViewer 8
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.61
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-562266739-958991444-1106781136-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-D:/Users/*****/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-D:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.01.2013 11:17:49 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System
Error: 0xC0000039 (unresolvable).
Error - 19.01.2013 11:38:06 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System
Error: 0xC0000039 (unresolvable).
Error - 19.01.2013 11:38:06 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System
Error: 0xC0000039 (unresolvable).
Error - 19.01.2013 16:58:14 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1707,
Zeitstempel: 0x509be8bf Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e41b ID des fehlerhaften
Prozesses: 0x1884 Startzeit der fehlerhaften Anwendung: 0x01cdf687666c7062 Pfad der
fehlerhaften Anwendung: D:\Users\*****\Desktop\aswMBR.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: f058be8c-627a-11e2-bcb0-bc5ff4480117
Error - 19.01.2013 17:50:52 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System
Error: 0xC0000039 (unresolvable).
Error - 19.01.2013 17:50:52 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System
Error: 0xC0000039 (unresolvable).
Error - 19.01.2013 18:31:06 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System
Error: 0xC0000039 (unresolvable).
Error - 19.01.2013 18:31:07 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System
Error: 0xC0000039 (unresolvable).
Error - 19.01.2013 19:01:47 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System
Error: 0xC0000039 (unresolvable).
Error - 19.01.2013 19:01:47 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System
Error: 0xC0000039 (unresolvable).
[ System Events ]
Error - 19.01.2013 18:07:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "NetIO-Legacy-TDI-Supporttreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 19.01.2013 18:07:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist vom Dienst "Ancillary
Function Driver for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 19.01.2013 18:07:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 19.01.2013 18:07:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.01.2013 18:07:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.01.2013 18:07:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 19.01.2013 18:07:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.01.2013 18:07:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.01.2013 18:07:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 19.01.2013 18:07:18 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD AsrAppCharger avipbb avkmgr DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx
vwififlt
Wanarpv6
WfpLwf
< End of report >
|
|
29.01.2013, 11:16
| #3 | |
| /// Malwareteam    | TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Hast du dich schon an ein anderes Forum gewandt oder nutzt du all diese Tools hier blind? Zitat:
__________________ |
|
29.01.2013, 18:33
| #4 |
| | TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles Hallo Marius, nein, ich war in keinem anderen Forum aktiv und habe die Tools hier alles im Zusammenhang mit dem, oder ähnlichen Problemen als Arbeitsanweisung zur Analyse gefunden. Ich nutze sie nicht blind, sondern bin den Anweisungen hier im Forum gefolgt, wobei ich sie wie gesagt nur zur Analyse benutzt habe, um hier auch gleich von Anfang an die entsprechenden Informationen bereitstellen zu können. Gruß Mario |
|
31.01.2013, 19:14
| #5 |
| /// Malwareteam | TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
31.01.2013, 20:31
| #6 |
| | TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles Hallo, aswMBR ist leider beim Scannen von: C:\Windows\assembly\GAC_MISL\Microsoft.VisualStudio.Tool.Applications... abgebrochen. Wo, in welchem Unterverzeichnis kann ich leider nicht sehen, weil man das Tool nicht maximieren kann und es nach dem Absturz verschwindet.  ... wobei ich diesem Verzeichnis keine GAC_MSIL Assembly finden konnte:  TDSSKiller hat 451 Objekte durchsucht und nichts gefunden... Code:
ATTFilter 20:14:39.0451 4180 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:14:39.0810 4180 ============================================================
20:14:39.0811 4180 Current date / time: 2013/01/31 20:14:39.0810
20:14:39.0811 4180 SystemInfo:
20:14:39.0811 4180
20:14:39.0811 4180 OS Version: 6.1.7601 ServicePack: 1.0
20:14:39.0811 4180 Product type: Workstation
20:14:39.0811 4180 ComputerName: *****-PC
20:14:39.0811 4180 UserName: *****
20:14:39.0811 4180 Windows directory: C:\Windows
20:14:39.0811 4180 System windows directory: C:\Windows
20:14:39.0811 4180 Running under WOW64
20:14:39.0811 4180 Processor architecture: Intel x64
20:14:39.0811 4180 Number of processors: 8
20:14:39.0811 4180 Page size: 0x1000
20:14:39.0811 4180 Boot type: Normal boot
20:14:39.0811 4180 ============================================================
20:14:39.0972 4180 Drive \Device\Harddisk0\DR0 - Size: 0x37E4896000 (223.57 Gb), SectorSize: 0x200, Cylinders: 0x7201, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:14:39.0978 4180 Drive \Device\Harddisk1\DR1 - Size: 0x7471100000 (465.77 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:14:39.0987 4180 Drive \Device\Harddisk2\DR2 - Size: 0x2BAA1476000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59101, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:14:39.0990 4180 ============================================================
20:14:39.0990 4180 \Device\Harddisk0\DR0:
20:14:39.0990 4180 MBR partitions:
20:14:39.0990 4180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BF23000
20:14:39.0990 4180 \Device\Harddisk1\DR1:
20:14:39.0990 4180 MBR partitions:
20:14:39.0991 4180 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A387000
20:14:39.0991 4180 \Device\Harddisk2\DR2:
20:14:39.0991 4180 GPT partitions:
20:14:39.0991 4180 \Device\Harddisk2\DR2\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {4DD6AC3A-1550-4A24-9FD1-8EC46DFDC912}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
20:14:39.0991 4180 \Device\Harddisk2\DR2\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {DB4E6566-F053-4FBD-B69D-99C390A161FF}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C9800
20:14:39.0991 4180 MBR partitions:
20:14:39.0991 4180 ============================================================
20:14:39.0992 4180 C: <-> \Device\Harddisk0\DR0\Partition1
20:14:40.0015 4180 D: <-> \Device\Harddisk2\DR2\Partition2
20:14:40.0047 4180 F: <-> \Device\Harddisk1\DR1\Partition1
20:14:40.0047 4180 ============================================================
20:14:40.0047 4180 Initialize success
20:14:40.0047 4180 ============================================================
20:14:53.0283 3276 ============================================================
20:14:53.0283 3276 Scan started
20:14:53.0283 3276 Mode: Manual;
20:14:53.0283 3276 ============================================================
20:14:53.0358 3276 ================ Scan system memory ========================
20:14:53.0358 3276 System memory - ok
20:14:53.0358 3276 ================ Scan services =============================
20:14:53.0385 3276 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:14:53.0386 3276 1394ohci - ok
20:14:53.0390 3276 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:14:53.0392 3276 ACPI - ok
20:14:53.0394 3276 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:14:53.0394 3276 AcpiPmi - ok
20:14:53.0493 3276 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:14:53.0502 3276 AdobeARMservice - ok
20:14:53.0526 3276 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:14:53.0528 3276 AdobeFlashPlayerUpdateSvc - ok
20:14:53.0537 3276 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:14:53.0541 3276 adp94xx - ok
20:14:53.0548 3276 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:14:53.0551 3276 adpahci - ok
20:14:53.0554 3276 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:14:53.0555 3276 adpu320 - ok
20:14:53.0558 3276 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:14:53.0558 3276 AeLookupSvc - ok
20:14:53.0563 3276 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:14:53.0565 3276 AFD - ok
20:14:53.0568 3276 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:14:53.0568 3276 agp440 - ok
20:14:53.0570 3276 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:14:53.0571 3276 ALG - ok
20:14:53.0572 3276 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:14:53.0573 3276 aliide - ok
20:14:53.0574 3276 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:14:53.0575 3276 amdide - ok
20:14:53.0577 3276 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:14:53.0577 3276 AmdK8 - ok
20:14:53.0579 3276 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:14:53.0579 3276 AmdPPM - ok
20:14:53.0582 3276 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:14:53.0582 3276 amdsata - ok
20:14:53.0585 3276 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:14:53.0586 3276 amdsbs - ok
20:14:53.0588 3276 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:14:53.0588 3276 amdxata - ok
20:14:53.0623 3276 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:14:53.0627 3276 AntiVirSchedulerService - ok
20:14:53.0665 3276 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:14:53.0670 3276 AntiVirService - ok
20:14:53.0673 3276 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:14:53.0673 3276 AppID - ok
20:14:53.0675 3276 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:14:53.0676 3276 AppIDSvc - ok
20:14:53.0678 3276 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:14:53.0678 3276 Appinfo - ok
20:14:53.0724 3276 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device F:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:14:53.0724 3276 Apple Mobile Device - ok
20:14:53.0727 3276 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:14:53.0727 3276 arc - ok
20:14:53.0729 3276 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:14:53.0730 3276 arcsas - ok
20:14:53.0733 3276 [ 4DFF4312661F54EE87DC9A13CAEE60E0 ] asahci64 C:\Windows\system32\DRIVERS\asahci64.sys
20:14:53.0733 3276 asahci64 - ok
20:14:53.0740 3276 [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
20:14:53.0743 3276 asmtxhci - ok
20:14:53.0747 3276 [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger C:\Windows\system32\DRIVERS\AsrAppCharger.sys
20:14:53.0747 3276 AsrAppCharger - ok
20:14:53.0751 3276 [ 0C3F9E39C0B10D351026D580D9FF6F86 ] AsrRamDisk C:\Windows\system32\DRIVERS\AsrRamDisk.sys
20:14:53.0751 3276 AsrRamDisk - ok
20:14:53.0755 3276 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:14:53.0756 3276 AsyncMac - ok
20:14:53.0759 3276 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:14:53.0760 3276 atapi - ok
20:14:53.0766 3276 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:14:53.0770 3276 AudioEndpointBuilder - ok
20:14:53.0775 3276 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:14:53.0778 3276 AudioSrv - ok
20:14:53.0781 3276 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:14:53.0781 3276 avgntflt - ok
20:14:53.0784 3276 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:14:53.0785 3276 avipbb - ok
20:14:53.0787 3276 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:14:53.0787 3276 avkmgr - ok
20:14:53.0790 3276 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:14:53.0790 3276 AxInstSV - ok
20:14:53.0795 3276 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:14:53.0798 3276 b06bdrv - ok
20:14:53.0802 3276 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:14:53.0803 3276 b57nd60a - ok
20:14:53.0807 3276 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:14:53.0807 3276 BDESVC - ok
20:14:53.0809 3276 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:14:53.0810 3276 Beep - ok
20:14:53.0816 3276 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:14:53.0820 3276 BFE - ok
20:14:53.0828 3276 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:14:53.0833 3276 BITS - ok
20:14:53.0835 3276 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:14:53.0836 3276 blbdrive - ok
20:14:53.0909 3276 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service F:\Program Files\Bonjour\mDNSResponder.exe
20:14:53.0913 3276 Bonjour Service - ok
20:14:53.0918 3276 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:14:53.0919 3276 bowser - ok
20:14:53.0923 3276 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:14:53.0924 3276 BrFiltLo - ok
20:14:53.0927 3276 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:14:53.0928 3276 BrFiltUp - ok
20:14:53.0932 3276 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:14:53.0934 3276 Browser - ok
20:14:53.0940 3276 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:14:53.0942 3276 Brserid - ok
20:14:53.0944 3276 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:14:53.0945 3276 BrSerWdm - ok
20:14:53.0947 3276 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:14:53.0947 3276 BrUsbMdm - ok
20:14:53.0950 3276 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:14:53.0950 3276 BrUsbSer - ok
20:14:53.0953 3276 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:14:53.0953 3276 BTHMODEM - ok
20:14:53.0958 3276 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:14:53.0958 3276 bthserv - ok
20:14:53.0961 3276 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:14:53.0962 3276 cdfs - ok
20:14:53.0966 3276 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:14:53.0967 3276 cdrom - ok
20:14:53.0970 3276 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:14:53.0970 3276 CertPropSvc - ok
20:14:53.0972 3276 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:14:53.0973 3276 circlass - ok
20:14:54.0046 3276 [ 6B3E9C812DC0179348431F46293CCFAA ] Cisco WebEx Connect Upgrade Service F:\Program Files (x86)\WebEx\Connect\apUpdate.exe
20:14:54.0065 3276 Cisco WebEx Connect Upgrade Service - ok
20:14:54.0072 3276 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:14:54.0074 3276 CLFS - ok
20:14:54.0079 3276 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:14:54.0085 3276 clr_optimization_v2.0.50727_32 - ok
20:14:54.0090 3276 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:14:54.0095 3276 clr_optimization_v2.0.50727_64 - ok
20:14:54.0100 3276 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:14:54.0101 3276 clr_optimization_v4.0.30319_32 - ok
20:14:54.0106 3276 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:14:54.0107 3276 clr_optimization_v4.0.30319_64 - ok
20:14:54.0110 3276 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:14:54.0110 3276 CmBatt - ok
20:14:54.0113 3276 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:14:54.0113 3276 cmdide - ok
20:14:54.0119 3276 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
20:14:54.0123 3276 CNG - ok
20:14:54.0126 3276 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:14:54.0126 3276 Compbatt - ok
20:14:54.0129 3276 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:14:54.0129 3276 CompositeBus - ok
20:14:54.0132 3276 COMSysApp - ok
20:14:54.0137 3276 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
20:14:54.0147 3276 cphs - ok
20:14:54.0150 3276 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:14:54.0150 3276 crcdisk - ok
20:14:54.0155 3276 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:14:54.0157 3276 CryptSvc - ok
20:14:54.0164 3276 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:14:54.0168 3276 DcomLaunch - ok
20:14:54.0174 3276 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:14:54.0176 3276 defragsvc - ok
20:14:54.0179 3276 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:14:54.0180 3276 DfsC - ok
20:14:54.0185 3276 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:14:54.0187 3276 Dhcp - ok
20:14:54.0190 3276 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:14:54.0191 3276 discache - ok
20:14:54.0193 3276 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:14:54.0194 3276 Disk - ok
20:14:54.0198 3276 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:14:54.0199 3276 Dnscache - ok
20:14:54.0204 3276 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:14:54.0206 3276 dot3svc - ok
20:14:54.0209 3276 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:14:54.0211 3276 DPS - ok
20:14:54.0212 3276 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:14:54.0213 3276 drmkaud - ok
20:14:54.0221 3276 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:14:54.0224 3276 DXGKrnl - ok
20:14:54.0227 3276 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:14:54.0227 3276 EapHost - ok
20:14:54.0249 3276 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:14:54.0265 3276 ebdrv - ok
20:14:54.0268 3276 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:14:54.0268 3276 EFS - ok
20:14:54.0275 3276 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:14:54.0284 3276 ehRecvr - ok
20:14:54.0287 3276 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:14:54.0292 3276 ehSched - ok
20:14:54.0297 3276 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:14:54.0299 3276 elxstor - ok
20:14:54.0301 3276 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:14:54.0301 3276 ErrDev - ok
20:14:54.0307 3276 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:14:54.0309 3276 EventSystem - ok
20:14:54.0312 3276 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:14:54.0313 3276 exfat - ok
20:14:54.0316 3276 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:14:54.0317 3276 fastfat - ok
20:14:54.0319 3276 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:14:54.0320 3276 fdc - ok
20:14:54.0321 3276 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:14:54.0322 3276 fdPHost - ok
20:14:54.0324 3276 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:14:54.0324 3276 FDResPub - ok
20:14:54.0326 3276 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:14:54.0327 3276 FileInfo - ok
20:14:54.0328 3276 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:14:54.0328 3276 Filetrace - ok
20:14:54.0330 3276 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:14:54.0330 3276 flpydisk - ok
20:14:54.0334 3276 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:14:54.0335 3276 FltMgr - ok
20:14:54.0344 3276 [ 5B92E2B067F64DC53698EB84966B3F0D ] FontCache C:\Windows\system32\FntCache.dll
20:14:54.0350 3276 FontCache - ok
20:14:54.0353 3276 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:14:54.0356 3276 FontCache3.0.0.0 - ok
20:14:54.0358 3276 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:14:54.0359 3276 FsDepends - ok
20:14:54.0360 3276 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:14:54.0361 3276 Fs_Rec - ok
20:14:54.0364 3276 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:14:54.0365 3276 fvevol - ok
20:14:54.0367 3276 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:14:54.0368 3276 gagp30kx - ok
20:14:54.0370 3276 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:14:54.0370 3276 GEARAspiWDM - ok
20:14:54.0376 3276 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:14:54.0380 3276 gpsvc - ok
20:14:54.0425 3276 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate F:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:14:54.0426 3276 gupdate - ok
20:14:54.0431 3276 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem F:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:14:54.0433 3276 gupdatem - ok
20:14:54.0436 3276 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:14:54.0437 3276 hcw85cir - ok
20:14:54.0445 3276 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:14:54.0448 3276 HdAudAddService - ok
20:14:54.0452 3276 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:14:54.0453 3276 HDAudBus - ok
20:14:54.0454 3276 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:14:54.0455 3276 HidBatt - ok
20:14:54.0457 3276 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:14:54.0457 3276 HidBth - ok
20:14:54.0459 3276 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:14:54.0459 3276 HidIr - ok
20:14:54.0461 3276 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:14:54.0462 3276 hidserv - ok
20:14:54.0464 3276 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
20:14:54.0464 3276 HidUsb - ok
20:14:54.0467 3276 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:14:54.0468 3276 hkmsvc - ok
20:14:54.0471 3276 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:14:54.0472 3276 HomeGroupListener - ok
20:14:54.0475 3276 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:14:54.0476 3276 HomeGroupProvider - ok
20:14:54.0479 3276 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:14:54.0479 3276 HpSAMD - ok
20:14:54.0485 3276 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:14:54.0489 3276 HTTP - ok
20:14:54.0491 3276 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:14:54.0492 3276 hwpolicy - ok
20:14:54.0494 3276 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:14:54.0494 3276 i8042prt - ok
20:14:54.0500 3276 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:14:54.0502 3276 iaStor - ok
20:14:54.0556 3276 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:14:54.0557 3276 IAStorDataMgrSvc - ok
20:14:54.0565 3276 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:14:54.0569 3276 iaStorV - ok
20:14:54.0578 3276 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:14:54.0596 3276 idsvc - ok
20:14:54.0636 3276 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:14:54.0668 3276 igfx - ok
20:14:54.0671 3276 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:14:54.0672 3276 iirsp - ok
20:14:54.0680 3276 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:14:54.0686 3276 IKEEXT - ok
20:14:54.0718 3276 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface F:\Program Files\Intel\iCLS Client\HeciServer.exe
20:14:54.0730 3276 Intel(R) Capability Licensing Service Interface - ok
20:14:54.0757 3276 [ 709C8623721A1F1EF388EA75A07EC33B ] Intel(R) ME Service F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
20:14:54.0766 3276 Intel(R) ME Service - ok
20:14:54.0770 3276 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:14:54.0771 3276 intelide - ok
20:14:54.0775 3276 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:14:54.0775 3276 intelppm - ok
20:14:54.0780 3276 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:14:54.0782 3276 IPBusEnum - ok
20:14:54.0786 3276 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:14:54.0787 3276 IpFilterDriver - ok
20:14:54.0795 3276 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:14:54.0801 3276 iphlpsvc - ok
20:14:54.0805 3276 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:14:54.0806 3276 IPMIDRV - ok
20:14:54.0810 3276 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:14:54.0811 3276 IPNAT - ok
20:14:54.0870 3276 [ 0F261EC4F514926177C70C1832374231 ] iPod Service F:\Program Files\iPod\bin\iPodService.exe
20:14:54.0874 3276 iPod Service - ok
20:14:54.0878 3276 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:14:54.0879 3276 IRENUM - ok
20:14:54.0882 3276 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:14:54.0882 3276 isapnp - ok
20:14:54.0887 3276 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:14:54.0890 3276 iScsiPrt - ok
20:14:54.0893 3276 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
20:14:54.0893 3276 iusb3hcs - ok
20:14:54.0899 3276 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
20:14:54.0901 3276 iusb3hub - ok
20:14:54.0908 3276 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
20:14:54.0911 3276 iusb3xhc - ok
20:14:54.0930 3276 [ C44B44E24B929631D9D7368F5B2B40CF ] jhi_service F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
20:14:54.0935 3276 jhi_service - ok
20:14:54.0940 3276 [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
20:14:54.0942 3276 k57nd60a - ok
20:14:54.0944 3276 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:14:54.0944 3276 kbdclass - ok
20:14:54.0946 3276 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:14:54.0947 3276 kbdhid - ok
20:14:54.0949 3276 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:14:54.0950 3276 KeyIso - ok
20:14:54.0952 3276 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:14:54.0953 3276 KSecDD - ok
20:14:54.0956 3276 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:14:54.0957 3276 KSecPkg - ok
20:14:54.0959 3276 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:14:54.0960 3276 ksthunk - ok
20:14:54.0964 3276 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:14:54.0966 3276 KtmRm - ok
20:14:54.0971 3276 [ CE4347E2D90DB2E5517B6F2BC720A862 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
20:14:54.0972 3276 LADF_CaptureOnly - ok
20:14:54.0976 3276 [ 85A9D21D3AE2EA963E111CB150895877 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
20:14:54.0977 3276 LADF_RenderOnly - ok
20:14:54.0981 3276 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:14:54.0982 3276 LanmanServer - ok
20:14:54.0985 3276 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:14:54.0986 3276 LanmanWorkstation - ok
20:14:54.0989 3276 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
20:14:54.0989 3276 LGBusEnum - ok
20:14:54.0991 3276 [ 14179E7B64F8A17AEA464D4E2D271FAA ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
20:14:54.0991 3276 LGSHidFilt - ok
20:14:54.0993 3276 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
20:14:54.0993 3276 LGVirHid - ok
20:14:54.0996 3276 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:14:54.0996 3276 lltdio - ok
20:14:55.0000 3276 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:14:55.0002 3276 lltdsvc - ok
20:14:55.0004 3276 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:14:55.0004 3276 lmhosts - ok
20:14:55.0016 3276 [ 75F29D77B0540FCF47EE3BE000BBABDA ] LMS F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:14:55.0017 3276 LMS - ok
20:14:55.0020 3276 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:14:55.0021 3276 LSI_FC - ok
20:14:55.0023 3276 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:14:55.0023 3276 LSI_SAS - ok
20:14:55.0026 3276 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:14:55.0026 3276 LSI_SAS2 - ok
20:14:55.0028 3276 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:14:55.0029 3276 LSI_SCSI - ok
20:14:55.0031 3276 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:14:55.0031 3276 luafv - ok
20:14:55.0034 3276 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
20:14:55.0034 3276 LVPr2M64 - ok
20:14:55.0035 3276 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
20:14:55.0035 3276 LVPr2Mon - ok
20:14:55.0098 3276 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
20:14:55.0107 3276 LVPrcS64 - ok
20:14:55.0114 3276 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
20:14:55.0116 3276 LVRS64 - ok
20:14:55.0169 3276 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
20:14:55.0200 3276 LVUVC64 - ok
20:14:55.0205 3276 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:14:55.0206 3276 Mcx2Svc - ok
20:14:55.0208 3276 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:14:55.0208 3276 megasas - ok
20:14:55.0212 3276 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:14:55.0213 3276 MegaSR - ok
20:14:55.0215 3276 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
20:14:55.0215 3276 MEIx64 - ok
20:14:55.0275 3276 Microsoft SharePoint Workspace Audit Service - ok
20:14:55.0281 3276 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:14:55.0283 3276 MMCSS - ok
20:14:55.0286 3276 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:14:55.0287 3276 Modem - ok
20:14:55.0291 3276 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:14:55.0291 3276 monitor - ok
20:14:55.0294 3276 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:14:55.0294 3276 mouclass - ok
20:14:55.0297 3276 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:14:55.0297 3276 mouhid - ok
20:14:55.0300 3276 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:14:55.0301 3276 mountmgr - ok
20:14:55.0338 3276 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:14:55.0381 3276 MozillaMaintenance - ok
20:14:55.0386 3276 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:14:55.0387 3276 mpio - ok
20:14:55.0390 3276 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:14:55.0391 3276 mpsdrv - ok
20:14:55.0400 3276 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:14:55.0406 3276 MpsSvc - ok
20:14:55.0410 3276 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:14:55.0411 3276 MRxDAV - ok
20:14:55.0415 3276 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:14:55.0416 3276 mrxsmb - ok
20:14:55.0421 3276 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:14:55.0423 3276 mrxsmb10 - ok
20:14:55.0426 3276 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:14:55.0427 3276 mrxsmb20 - ok
20:14:55.0430 3276 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:14:55.0430 3276 msahci - ok
20:14:55.0434 3276 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:14:55.0435 3276 msdsm - ok
20:14:55.0438 3276 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:14:55.0440 3276 MSDTC - ok
20:14:55.0444 3276 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:14:55.0444 3276 Msfs - ok
20:14:55.0445 3276 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:14:55.0446 3276 mshidkmdf - ok
20:14:55.0448 3276 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:14:55.0448 3276 msisadrv - ok
20:14:55.0451 3276 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:14:55.0452 3276 MSiSCSI - ok
20:14:55.0453 3276 msiserver - ok
20:14:55.0456 3276 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:14:55.0456 3276 MSKSSRV - ok
20:14:55.0458 3276 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:14:55.0458 3276 MSPCLOCK - ok
20:14:55.0460 3276 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:14:55.0460 3276 MSPQM - ok
20:14:55.0464 3276 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:14:55.0466 3276 MsRPC - ok
20:14:55.0469 3276 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:14:55.0470 3276 mssmbios - ok
20:14:55.0471 3276 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:14:55.0472 3276 MSTEE - ok
20:14:55.0475 3276 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:14:55.0475 3276 MTConfig - ok
20:14:55.0477 3276 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:14:55.0477 3276 Mup - ok
20:14:55.0482 3276 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:14:55.0485 3276 napagent - ok
20:14:55.0489 3276 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:14:55.0491 3276 NativeWifiP - ok
20:14:55.0499 3276 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:14:55.0503 3276 NDIS - ok
20:14:55.0506 3276 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:14:55.0506 3276 NdisCap - ok
20:14:55.0508 3276 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:14:55.0508 3276 NdisTapi - ok
20:14:55.0510 3276 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:14:55.0510 3276 Ndisuio - ok
20:14:55.0513 3276 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:14:55.0514 3276 NdisWan - ok
20:14:55.0516 3276 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:14:55.0517 3276 NDProxy - ok
20:14:55.0518 3276 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:14:55.0519 3276 NetBIOS - ok
20:14:55.0522 3276 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:14:55.0523 3276 NetBT - ok
20:14:55.0525 3276 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:14:55.0526 3276 Netlogon - ok
20:14:55.0530 3276 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:14:55.0532 3276 Netman - ok
20:14:55.0536 3276 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:14:55.0539 3276 netprofm - ok
20:14:55.0551 3276 [ 8EA8424621A537A57DA63473B5D4CEE2 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
20:14:55.0556 3276 netr28ux - ok
20:14:55.0559 3276 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:14:55.0564 3276 NetTcpPortSharing - ok
20:14:55.0566 3276 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:14:55.0567 3276 nfrd960 - ok
20:14:55.0570 3276 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:14:55.0572 3276 NlaSvc - ok
20:14:55.0677 3276 [ FF4D73B16EA3A32D34CEB3A7BC3C3773 ] NMIndexingService F:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
20:14:55.0691 3276 NMIndexingService - ok
20:14:55.0697 3276 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:14:55.0698 3276 Npfs - ok
20:14:55.0701 3276 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:14:55.0703 3276 nsi - ok
20:14:55.0707 3276 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:14:55.0708 3276 nsiproxy - ok
20:14:55.0729 3276 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:14:55.0742 3276 Ntfs - ok
20:14:55.0745 3276 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:14:55.0745 3276 Null - ok
20:14:55.0749 3276 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
20:14:55.0750 3276 NVHDA - ok
20:14:55.0825 3276 [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:14:55.0859 3276 nvlddmkm - ok
20:14:55.0865 3276 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:14:55.0865 3276 nvraid - ok
20:14:55.0868 3276 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:14:55.0869 3276 nvstor - ok
20:14:55.0876 3276 [ A83AC04D672567CAF8BE7A4D73C0B850 ] nvsvc C:\Windows\system32\nvvsvc.exe
20:14:55.0879 3276 nvsvc - ok
20:14:55.0948 3276 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:14:55.0956 3276 nvUpdatusService - ok
20:14:55.0961 3276 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:14:55.0962 3276 nv_agp - ok
20:14:55.0966 3276 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:14:55.0967 3276 ohci1394 - ok
20:14:56.0017 3276 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose F:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:14:56.0028 3276 ose - ok
20:14:56.0192 3276 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc F:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:14:56.0228 3276 osppsvc - ok
20:14:56.0234 3276 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:14:56.0237 3276 p2pimsvc - ok
20:14:56.0241 3276 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:14:56.0244 3276 p2psvc - ok
20:14:56.0246 3276 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:14:56.0247 3276 Parport - ok
20:14:56.0249 3276 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:14:56.0250 3276 partmgr - ok
20:14:56.0252 3276 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:14:56.0254 3276 PcaSvc - ok
20:14:56.0256 3276 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:14:56.0257 3276 pci - ok
20:14:56.0259 3276 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:14:56.0259 3276 pciide - ok
20:14:56.0262 3276 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:14:56.0263 3276 pcmcia - ok
20:14:56.0265 3276 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:14:56.0265 3276 pcw - ok
20:14:56.0430 3276 [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service F:\Program Files (x86)\PDF Architect\HelperService.exe
20:14:56.0441 3276 PDF Architect Helper Service - ok
20:14:56.0535 3276 [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service F:\Program Files (x86)\PDF Architect\ConversionService.exe
20:14:56.0541 3276 PDF Architect Service - ok
20:14:56.0552 3276 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:14:56.0557 3276 PEAUTH - ok
20:14:56.0562 3276 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:14:56.0568 3276 PerfHost - ok
20:14:56.0585 3276 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:14:56.0593 3276 pla - ok
20:14:56.0599 3276 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:14:56.0602 3276 PlugPlay - ok
20:14:56.0604 3276 PnkBstrA - ok
20:14:56.0607 3276 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:14:56.0608 3276 PNRPAutoReg - ok
20:14:56.0612 3276 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:14:56.0614 3276 PNRPsvc - ok
20:14:56.0619 3276 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:14:56.0623 3276 PolicyAgent - ok
20:14:56.0628 3276 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:14:56.0630 3276 Power - ok
20:14:56.0633 3276 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:14:56.0633 3276 PptpMiniport - ok
20:14:56.0636 3276 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:14:56.0636 3276 Processor - ok
20:14:56.0639 3276 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:14:56.0641 3276 ProfSvc - ok
20:14:56.0643 3276 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:14:56.0644 3276 ProtectedStorage - ok
20:14:56.0646 3276 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:14:56.0647 3276 Psched - ok
20:14:56.0658 3276 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:14:56.0665 3276 ql2300 - ok
20:14:56.0668 3276 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:14:56.0669 3276 ql40xx - ok
20:14:56.0672 3276 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:14:56.0674 3276 QWAVE - ok
20:14:56.0676 3276 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:14:56.0677 3276 QWAVEdrv - ok
20:14:56.0782 3276 [ F502A4B72524D21C5CA7183E61FB522E ] RalinkRegistryWriter F:\Program Files (x86)\Ralink\Common\RaRegistry.exe
20:14:56.0793 3276 RalinkRegistryWriter - ok
20:14:56.0811 3276 [ 56B2EED5F1F150519DFAC03AA9825AF5 ] RalinkRegistryWriter64 F:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
20:14:56.0819 3276 RalinkRegistryWriter64 - ok
20:14:56.0841 3276 [ ACCFA0846D9C7BD6A9F506982B812A5C ] RaMediaServer F:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
20:14:56.0844 3276 RaMediaServer - ok
20:14:56.0847 3276 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:14:56.0847 3276 RasAcd - ok
20:14:56.0850 3276 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:14:56.0851 3276 RasAgileVpn - ok
20:14:56.0854 3276 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:14:56.0856 3276 RasAuto - ok
20:14:56.0859 3276 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:14:56.0860 3276 Rasl2tp - ok
20:14:56.0865 3276 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:14:56.0869 3276 RasMan - ok
20:14:56.0872 3276 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:14:56.0873 3276 RasPppoe - ok
20:14:56.0876 3276 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:14:56.0877 3276 RasSstp - ok
20:14:56.0879 3276 [ 81DDBF4FE998EF1F4BA230F7E8D8C67E ] Razerlow C:\Windows\system32\drivers\DB3G.sys
20:14:56.0880 3276 Razerlow - ok
20:14:56.0885 3276 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:14:56.0887 3276 rdbss - ok
20:14:56.0890 3276 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:14:56.0890 3276 rdpbus - ok
20:14:56.0892 3276 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:14:56.0893 3276 RDPCDD - ok
20:14:56.0897 3276 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:14:56.0897 3276 RDPENCDD - ok
20:14:56.0901 3276 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:14:56.0901 3276 RDPREFMP - ok
20:14:56.0905 3276 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:14:56.0906 3276 RdpVideoMiniport - ok
20:14:56.0910 3276 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:14:56.0911 3276 RDPWD - ok
20:14:56.0916 3276 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:14:56.0917 3276 rdyboost - ok
20:14:56.0920 3276 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:14:56.0922 3276 RemoteAccess - ok
20:14:56.0925 3276 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:14:56.0927 3276 RemoteRegistry - ok
20:14:56.0930 3276 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:14:56.0932 3276 RpcEptMapper - ok
20:14:56.0934 3276 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:14:56.0935 3276 RpcLocator - ok
20:14:56.0941 3276 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:14:56.0944 3276 RpcSs - ok
20:14:56.0946 3276 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:14:56.0947 3276 rspndr - ok
20:14:56.0948 3276 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:14:56.0949 3276 SamSs - ok
20:14:56.0952 3276 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:14:56.0953 3276 sbp2port - ok
20:14:56.0955 3276 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:14:56.0957 3276 SCardSvr - ok
20:14:56.0959 3276 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:14:56.0959 3276 scfilter - ok
20:14:56.0967 3276 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:14:56.0973 3276 Schedule - ok
20:14:56.0975 3276 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:14:56.0976 3276 SCPolicySvc - ok
20:14:56.0978 3276 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:14:56.0980 3276 SDRSVC - ok
20:14:56.0982 3276 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:14:56.0982 3276 secdrv - ok
20:14:56.0984 3276 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:14:56.0985 3276 seclogon - ok
20:14:56.0987 3276 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:14:56.0988 3276 SENS - ok
20:14:56.0990 3276 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:14:56.0991 3276 SensrSvc - ok
20:14:56.0993 3276 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:14:56.0993 3276 Serenum - ok
20:14:56.0995 3276 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:14:56.0996 3276 Serial - ok
20:14:56.0998 3276 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:14:56.0998 3276 sermouse - ok
20:14:57.0002 3276 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:14:57.0004 3276 SessionEnv - ok
20:14:57.0005 3276 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:14:57.0006 3276 sffdisk - ok
20:14:57.0007 3276 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:14:57.0007 3276 sffp_mmc - ok
20:14:57.0009 3276 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:14:57.0009 3276 sffp_sd - ok
20:14:57.0011 3276 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:14:57.0011 3276 sfloppy - ok
20:14:57.0015 3276 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:14:57.0017 3276 SharedAccess - ok
20:14:57.0021 3276 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:14:57.0023 3276 ShellHWDetection - ok
20:14:57.0025 3276 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:14:57.0026 3276 SiSRaid2 - ok
20:14:57.0028 3276 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:14:57.0028 3276 SiSRaid4 - ok
20:14:57.0044 3276 [ EEA9C8B9CBC2D0FA4CB68ED6029FF06B ] SkypeUpdate F:\Program Files (x86)\Skype\Updater\Updater.exe
20:14:57.0069 3276 SkypeUpdate - ok
20:14:57.0072 3276 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:14:57.0072 3276 Smb - ok
20:14:57.0076 3276 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:14:57.0077 3276 SNMPTRAP - ok
20:14:57.0100 3276 [ FBDD93C7A12C6F83D0C9BA3F89D35016 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
20:14:57.0118 3276 SNP2UVC - ok
20:14:57.0120 3276 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:14:57.0121 3276 spldr - ok
20:14:57.0126 3276 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:14:57.0129 3276 Spooler - ok
20:14:57.0152 3276 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:14:57.0169 3276 sppsvc - ok
20:14:57.0172 3276 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:14:57.0173 3276 sppuinotify - ok
20:14:57.0178 3276 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:14:57.0180 3276 srv - ok
20:14:57.0184 3276 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:14:57.0186 3276 srv2 - ok
20:14:57.0189 3276 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:14:57.0190 3276 srvnet - ok
20:14:57.0193 3276 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:14:57.0194 3276 SSDPSRV - ok
20:14:57.0197 3276 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
20:14:57.0197 3276 SSPORT - ok
20:14:57.0199 3276 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:14:57.0200 3276 SstpSvc - ok
20:14:57.0251 3276 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:14:57.0254 3276 Stereo Service - ok
20:14:57.0258 3276 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:14:57.0259 3276 stexstor - ok
20:14:57.0267 3276 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:14:57.0273 3276 stisvc - ok
20:14:57.0276 3276 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:14:57.0276 3276 swenum - ok
20:14:57.0283 3276 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:14:57.0287 3276 swprv - ok
20:14:57.0303 3276 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:14:57.0316 3276 SysMain - ok
20:14:57.0320 3276 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:14:57.0322 3276 TabletInputService - ok
20:14:57.0326 3276 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:14:57.0330 3276 TapiSrv - ok
20:14:57.0332 3276 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:14:57.0334 3276 TBS - ok
20:14:57.0347 3276 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:14:57.0356 3276 Tcpip - ok
20:14:57.0370 3276 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:14:57.0376 3276 TCPIP6 - ok
20:14:57.0380 3276 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:14:57.0380 3276 tcpipreg - ok
20:14:57.0383 3276 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:14:57.0383 3276 TDPIPE - ok
20:14:57.0385 3276 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:14:57.0385 3276 TDTCP - ok
20:14:57.0388 3276 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:14:57.0388 3276 tdx - ok
20:14:57.0523 3276 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 F:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
20:14:57.0565 3276 TeamViewer8 - ok
20:14:57.0571 3276 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:14:57.0572 3276 TermDD - ok
20:14:57.0579 3276 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:14:57.0583 3276 TermService - ok
20:14:57.0586 3276 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:14:57.0587 3276 Themes - ok
20:14:57.0589 3276 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:14:57.0590 3276 THREADORDER - ok
20:14:57.0593 3276 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:14:57.0595 3276 TrkWks - ok
20:14:57.0598 3276 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:14:57.0599 3276 TrustedInstaller - ok
20:14:57.0602 3276 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:14:57.0602 3276 tssecsrv - ok
20:14:57.0604 3276 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:14:57.0605 3276 TsUsbFlt - ok
20:14:57.0607 3276 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:14:57.0608 3276 tunnel - ok
20:14:57.0610 3276 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:14:57.0610 3276 uagp35 - ok
20:14:57.0614 3276 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:14:57.0616 3276 udfs - ok
20:14:57.0620 3276 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:14:57.0621 3276 UI0Detect - ok
20:14:57.0623 3276 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:14:57.0623 3276 uliagpkx - ok
20:14:57.0625 3276 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:14:57.0625 3276 umbus - ok
20:14:57.0628 3276 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:14:57.0628 3276 UmPass - ok
20:14:57.0653 3276 [ 193AD338F2A64D17300AD640ADFA5D0A ] UNS F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:14:57.0654 3276 UNS - ok
20:14:57.0659 3276 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:14:57.0661 3276 upnphost - ok
20:14:57.0663 3276 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:14:57.0664 3276 USBAAPL64 - ok
20:14:57.0667 3276 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:14:57.0667 3276 usbaudio - ok
20:14:57.0670 3276 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:14:57.0670 3276 usbccgp - ok
20:14:57.0672 3276 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:14:57.0673 3276 usbcir - ok
20:14:57.0675 3276 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:14:57.0675 3276 usbehci - ok
20:14:57.0679 3276 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:14:57.0680 3276 usbhub - ok
20:14:57.0682 3276 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:14:57.0682 3276 usbohci - ok
20:14:57.0684 3276 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:14:57.0685 3276 usbprint - ok
20:14:57.0687 3276 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:14:57.0687 3276 USBSTOR - ok
20:14:57.0689 3276 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:14:57.0689 3276 usbuhci - ok
20:14:57.0692 3276 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:14:57.0693 3276 usbvideo - ok
20:14:57.0695 3276 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:14:57.0696 3276 UxSms - ok
20:14:57.0698 3276 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:14:57.0698 3276 VaultSvc - ok
20:14:57.0700 3276 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:14:57.0701 3276 vdrvroot - ok
20:14:57.0706 3276 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:14:57.0709 3276 vds - ok
20:14:57.0712 3276 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:14:57.0712 3276 vga - ok
20:14:57.0714 3276 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:14:57.0714 3276 VgaSave - ok
20:14:57.0717 3276 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:14:57.0718 3276 vhdmp - ok
20:14:57.0720 3276 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:14:57.0720 3276 viaide - ok
20:14:57.0722 3276 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:14:57.0723 3276 volmgr - ok
20:14:57.0726 3276 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:14:57.0728 3276 volmgrx - ok
20:14:57.0732 3276 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:14:57.0733 3276 volsnap - ok
20:14:57.0736 3276 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:14:57.0737 3276 vsmraid - ok
20:14:57.0749 3276 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:14:57.0757 3276 VSS - ok
20:14:57.0760 3276 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:14:57.0760 3276 vwifibus - ok
20:14:57.0762 3276 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:14:57.0763 3276 vwififlt - ok
20:14:57.0764 3276 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:14:57.0765 3276 vwifimp - ok
20:14:57.0769 3276 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:14:57.0772 3276 W32Time - ok
20:14:57.0774 3276 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:14:57.0775 3276 WacomPen - ok
20:14:57.0777 3276 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:14:57.0778 3276 WANARP - ok
20:14:57.0780 3276 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:14:57.0780 3276 Wanarpv6 - ok
20:14:57.0791 3276 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:14:57.0800 3276 wbengine - ok
20:14:57.0803 3276 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:14:57.0805 3276 WbioSrvc - ok
20:14:57.0809 3276 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:14:57.0812 3276 wcncsvc - ok
20:14:57.0814 3276 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:14:57.0815 3276 WcsPlugInService - ok
20:14:57.0817 3276 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:14:57.0817 3276 Wd - ok
20:14:57.0823 3276 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:14:57.0827 3276 Wdf01000 - ok
20:14:57.0829 3276 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:14:57.0830 3276 WdiServiceHost - ok
20:14:57.0832 3276 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:14:57.0834 3276 WdiSystemHost - ok
20:14:57.0837 3276 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:14:57.0839 3276 WebClient - ok
20:14:57.0842 3276 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:14:57.0844 3276 Wecsvc - ok
20:14:57.0846 3276 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:14:57.0847 3276 wercplsupport - ok
20:14:57.0850 3276 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:14:57.0851 3276 WerSvc - ok
20:14:57.0853 3276 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:14:57.0853 3276 WfpLwf - ok
20:14:57.0856 3276 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:14:57.0857 3276 WIMMount - ok
20:14:57.0858 3276 WinDefend - ok
20:14:57.0860 3276 WinHttpAutoProxySvc - ok
20:14:57.0867 3276 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:14:57.0872 3276 Winmgmt - ok
20:14:57.0887 3276 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:14:57.0898 3276 WinRM - ok
20:14:57.0902 3276 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:14:57.0902 3276 WinUsb - ok
20:14:57.0909 3276 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:14:57.0914 3276 Wlansvc - ok
20:14:58.0006 3276 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:14:58.0022 3276 wlidsvc - ok
20:14:58.0026 3276 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:14:58.0026 3276 WmiAcpi - ok
20:14:58.0030 3276 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:14:58.0035 3276 wmiApSrv - ok
20:14:58.0059 3276 WMPNetworkSvc - ok
20:14:58.0061 3276 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:14:58.0062 3276 WPCSvc - ok
20:14:58.0065 3276 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:14:58.0066 3276 WPDBusEnum - ok
20:14:58.0068 3276 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:14:58.0069 3276 ws2ifsl - ok
20:14:58.0071 3276 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:14:58.0072 3276 wscsvc - ok
20:14:58.0073 3276 WSearch - ok
20:14:58.0091 3276 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:14:58.0104 3276 wuauserv - ok
20:14:58.0106 3276 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:14:58.0107 3276 WudfPf - ok
20:14:58.0110 3276 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:14:58.0111 3276 WUDFRd - ok
20:14:58.0114 3276 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:14:58.0115 3276 wudfsvc - ok
20:14:58.0118 3276 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:14:58.0120 3276 WwanSvc - ok
20:14:58.0124 3276 ================ Scan global ===============================
20:14:58.0126 3276 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:14:58.0129 3276 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:14:58.0133 3276 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:14:58.0135 3276 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:14:58.0139 3276 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:14:58.0141 3276 [Global] - ok
20:14:58.0141 3276 ================ Scan MBR ==================================
20:14:58.0142 3276 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:14:58.0204 3276 \Device\Harddisk0\DR0 - ok
20:14:58.0218 3276 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:14:58.0221 3276 \Device\Harddisk1\DR1 - ok
20:14:58.0224 3276 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
20:14:58.0228 3276 \Device\Harddisk2\DR2 - ok
20:14:58.0228 3276 ================ Scan VBR ==================================
20:14:58.0230 3276 [ 0048E374754857E80494FB0047DE6097 ] \Device\Harddisk0\DR0\Partition1
20:14:58.0231 3276 \Device\Harddisk0\DR0\Partition1 - ok
20:14:58.0239 3276 [ EF9DE5C7D68CDBE6ADA31FE0A58B962F ] \Device\Harddisk1\DR1\Partition1
20:14:58.0240 3276 \Device\Harddisk1\DR1\Partition1 - ok
20:14:58.0242 3276 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk2\DR2\Partition1
20:14:58.0242 3276 \Device\Harddisk2\DR2\Partition1 - ok
20:14:58.0244 3276 [ 8AA0D4B220C3B3BC1C760B2F19ACF61F ] \Device\Harddisk2\DR2\Partition2
20:14:58.0245 3276 \Device\Harddisk2\DR2\Partition2 - ok
20:14:58.0246 3276 ============================================================
20:14:58.0246 3276 Scan finished
20:14:58.0246 3276 ============================================================
20:14:58.0252 3296 Detected object count: 0
20:14:58.0252 3296 Actual detected object count: 0
20:37:17.0821 4624 Deinitialize success
Geändert von MH@HM (31.01.2013 um 20:46 Uhr) |
|
03.02.2013, 10:46
| #7 |
| /// Malwareteam | TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles Custom Scan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost
HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com
%SystemRoot%\system32\*.tsp
%SystemRoot%\system32\*.tsp /64
C:\Windows\system32\*.dll /360
C:\Windows\SysNative\*.dll /360
C:\Windows\SysWOW64\*.dll /360
CREATERESTOREPOINT
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
03.02.2013, 11:39
| #8 |
| | TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles Hallo ich habe bei diesem Scan nur die OTL.Txt erhalten. diese ist aber jetzt mit 134024 Zeichen zu lang für die Antwort. Ich werde sie daher splitten. Teil 1: Code:
ATTFilter OTL logfile created on: 03.02.2013 11:21:29 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\+++++\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 14,91 Gb Total Physical Memory | 13,36 Gb Available Physical Memory | 89,61% Memory free 29,81 Gb Paging File | 27,60 Gb Available in Paging File | 92,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = F:\Program Files (x86) Drive C: | 223,57 Gb Total Space | 150,63 Gb Free Space | 67,38% Space Free | Partition Type: NTFS Drive D: | 2794,39 Gb Total Space | 2445,41 Gb Free Space | 87,51% Space Free | Partition Type: NTFS Drive F: | 465,76 Gb Total Space | 449,44 Gb Free Space | 96,50% Space Free | Partition Type: NTFS Computer Name: +++++-PC | User Name: +++++ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - D:\Users\+++++\Desktop\OTL.exe (OldTimer Tools) PRC - F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - F:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) PRC - F:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) PRC - F:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\156a6215a427bcec551e294300c096e6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - F:\Program Files (x86)\Ralink\Common\RaWLAPI.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (Intel(R) -- F:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV:64bit: - (LVPrcS64) -- F:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV:64bit: - (WinDefend) -- F:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- F:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- F:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- F:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TeamViewer8) -- F:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (AntiVirSchedulerService) -- F:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- F:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (PDF Architect Helper Service) -- F:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR) SRV - (PDF Architect Service) -- F:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR) SRV - (SkypeUpdate) -- F:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (Cisco WebEx Connect Upgrade Service) -- F:\Program Files (x86)\WebEx\Connect\apUpdate.exe (WebEx Communications Inc.) SRV - (UNS) -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (IAStorDataMgrSvc) -- F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (RaMediaServer) -- F:\Program Files (x86)\Ralink\Common\RaMediaServer.exe () SRV - (RalinkRegistryWriter64) -- F:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Ralink Technology, Corp.) SRV - (RalinkRegistryWriter) -- F:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (LGSHidFilt) -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys (Logitech Inc.) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (AsrRamDisk) -- C:\Windows\SysNative\drivers\AsrRamDisk.sys (ASRock Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech) DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech) DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.SYS (Samsung Electronics) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.) DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.) DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D BA C7 83 A0 A1 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: en-US%40dictionaries.addons.mozilla.org:6.0 FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121012015120 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.13 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: F:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: F:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: F:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: F:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: F:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: F:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.12.18 10:22:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 02:07:44 | 000,000,000 | ---D | M] [2012.10.03 21:27:27 | 000,000,000 | ---D | M] (No name found) -- D:\Users\+++++\AppData\Roaming\Mozilla\Extensions [2013.02.01 23:36:14 | 000,000,000 | ---D | M] (No name found) -- D:\Users\+++++\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions [2012.11.13 20:49:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- D:\Users\+++++\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.01.11 16:26:40 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Users\+++++\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.10.13 00:16:35 | 000,000,000 | ---D | M] (German Dictionary) -- D:\Users\+++++\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.10.13 00:16:57 | 000,000,000 | ---D | M] (United States English Spellchecker) -- D:\Users\+++++\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions\en-US@dictionaries.addons.mozilla.org [2013.01.31 19:12:25 | 000,533,536 | ---- | M] () (No name found) -- D:\Users\+++++\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.01 23:36:14 | 000,817,973 | ---- | M] () (No name found) -- D:\Users\+++++\AppData\Roaming\Mozilla\Firefox\Profiles\d9ss3uqq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.20 02:07:41 | 000,000,000 | ---D | M] (No name found) -- F:\Program Files (x86)\mozilla firefox\extensions [2013.01.20 02:07:44 | 000,262,552 | ---- | M] (Mozilla Foundation) -- F:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- F:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = F:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = F:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = F:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = F:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: Microsoft Office 2010 (Enabled) = F:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = F:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = F:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll CHR - plugin: Google Update (Enabled) = F:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = F:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = F:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - Extension: Google Drive = D:\Users\+++++\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = D:\Users\+++++\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = D:\Users\+++++\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = D:\Users\+++++\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - F:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - F:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] F:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [avgnt] F:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://F:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://F:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://F:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://F:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - F:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{207A2B70-01F4-4B42-8861-D8F0B8234FAC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{585DB487-86C4-44B5-AF35-15B110F8E005}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "F:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - F:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - F:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - F:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: CDAServer - hkey= - key= - F:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe () MsConfig:64bit - StartUpReg: Cisco WebEx Connect - hkey= - key= - F:\Program Files (x86)\WebEx\Connect\connect.exe (Cisco WebEx) MsConfig:64bit - StartUpReg: Diamondback - hkey= - key= - File not found MsConfig:64bit - StartUpReg: EADM - hkey= - key= - F:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation) MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - F:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - F:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - F:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - F:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: snp2uvc - hkey= - key= - C:\Windows\vsnp2uvc.exe (Sonix) MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - D:\Users\+++++\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found MsConfig:64bit - StartUpReg: tsnp2uvc - hkey= - key= - F:\Program Files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe (Sonix Technology Co., Ltd.) MsConfig:64bit - StartUpReg: USB3MON - hkey= - key= - F:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) MsConfig:64bit - State: "bootini" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.27 15:40:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\logs [2013.01.27 15:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2013.01.27 15:30:51 | 000,000,000 | ---D | C] -- D:\Users\+++++\AppData\Roaming\PunkBuster [2013.01.23 23:46:46 | 000,000,000 | ---D | C] -- D:\Users\+++++\AppData\Roaming\vlc [2013.01.23 23:43:15 | 000,000,000 | ---D | C] -- D:\Users\+++++\AppData\Roaming\LumacDaemon [2013.01.23 23:43:13 | 000,000,000 | ---D | C] -- D:\Users\+++++\AppData\Local\Lumaris_F.Z.E [2013.01.23 23:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.01.23 23:42:33 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\VideoLAN [2013.01.20 22:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.01.20 02:07:41 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Mozilla Firefox [2013.01.20 00:58:29 | 000,000,000 | ---D | C] -- F:\Program Files\Java [2013.01.20 00:14:19 | 000,186,880 | ---- | C] (CEXX.ORG) -- D:\Users\+++++\Desktop\LSPFix.exe [2013.01.19 23:45:28 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- D:\Users\+++++\Desktop\HiJackThis204.exe [2013.01.19 17:24:29 | 000,000,000 | ---D | C] -- D:\Users\+++++\AppData\Roaming\Malwarebytes [2013.01.19 17:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.19 17:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.19 17:23:59 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.19 17:23:59 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.19 17:10:24 | 004,732,416 | ---- | C] (AVAST Software) -- D:\Users\+++++\Desktop\aswMBR.exe [2013.01.19 17:10:13 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- D:\Users\+++++\Desktop\tdsskiller.exe [2013.01.19 16:53:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\+++++\Desktop\OTL.exe [2013.01.19 15:43:08 | 000,000,000 | ---D | C] -- D:\Users\+++++\Desktop\PPFScan [2013.01.19 15:21:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.01.18 18:35:30 | 000,000,000 | ---D | C] -- D:\Users\+++++\Documents\MyConnectFiles [2013.01.18 18:35:30 | 000,000,000 | ---D | C] -- D:\Users\+++++\AppData\Roaming\Connect [2013.01.18 18:35:03 | 000,000,000 | ---D | C] -- D:\Users\+++++\AppData\Local\WebEx Connect [2013.01.18 18:34:58 | 000,000,000 | ---D | C] -- D:\Users\+++++\AppData\Roaming\WebEx Connect [2013.01.18 18:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco WebEx Connect [2013.01.18 18:25:49 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\WebEx [2013.01.11 14:15:43 | 000,000,000 | ---D | C] -- D:\Users\+++++\Documents\Outlook-Dateien [2013.01.08 21:09:46 | 000,000,000 | ---D | C] -- F:\Program Files (x86)\AGEIA Technologies [2013.01.08 21:08:28 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.01.06 14:17:21 | 000,000,000 | ---D | C] -- C:\Windows\Sun ========== Files - Modified Within 30 Days ========== [2013.02.03 11:09:56 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.03 11:09:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.03 11:09:54 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.03 00:46:11 | 000,013,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.03 00:46:11 | 000,013,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.03 00:44:54 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.03 00:44:54 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.03 00:44:54 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.03 00:44:54 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.03 00:44:54 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.03 00:41:35 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.02.03 00:41:35 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.02.03 00:40:45 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.02.03 00:39:11 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.03 00:39:08 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013.02.03 00:38:55 | 3414,986,750 | -HS- | M] () -- C:\hiberfil.sys [2013.02.02 23:44:21 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex1 [2013.02.02 23:42:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013.01.30 21:45:25 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex2 [2013.01.27 17:20:37 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.01.27 12:49:06 | 000,000,853 | ---- | M] () -- D:\Users\+++++\Desktop\Tcpview - Verknüpfung.lnk [2013.01.23 23:42:42 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.01.23 21:32:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2013.01.20 04:09:29 | 000,021,504 | ---- | M] () -- C:\Windows\SysNative\umstartup.etl [2013.01.20 00:13:38 | 000,186,880 | ---- | M] (CEXX.ORG) -- D:\Users\+++++\Desktop\LSPFix.exe [2013.01.19 23:53:48 | 000,574,677 | ---- | M] () -- D:\Users\+++++\Desktop\adwcleaner06.exe [2013.01.19 23:36:57 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- D:\Users\+++++\Desktop\HiJackThis204.exe [2013.01.19 17:24:00 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.19 17:11:26 | 004,732,416 | ---- | M] (AVAST Software) -- D:\Users\+++++\Desktop\aswMBR.exe [2013.01.19 17:10:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- D:\Users\+++++\Desktop\tdsskiller.exe [2013.01.19 16:54:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\+++++\Desktop\OTL.exe [2013.01.19 14:17:14 | 000,681,984 | ---- | M] () -- D:\Users\+++++\Desktop\CKScanner.exe [2013.01.18 18:25:51 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Cisco WebEx Connect.lnk [2013.01.15 18:18:25 | 000,002,128 | ---- | M] () -- D:\Users\+++++\Desktop\Google Chrome.lnk [2013.01.10 08:39:15 | 000,418,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.01.27 12:49:06 | 000,000,853 | ---- | C] () -- D:\Users\+++++\Desktop\Tcpview - Verknüpfung.lnk [2013.01.23 23:42:42 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.01.19 23:53:53 | 000,574,677 | ---- | C] () -- D:\Users\+++++\Desktop\adwcleaner06.exe [2013.01.19 22:31:29 | 000,000,737 | ---- | C] () -- D:\Users\+++++\Desktop\Versteckte Ordner anzeigen & wieder verstecken.bat [2013.01.19 17:24:00 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.19 14:17:12 | 000,681,984 | ---- | C] () -- D:\Users\+++++\Desktop\CKScanner.exe [2013.01.18 18:25:51 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Cisco WebEx Connect.lnk [2013.01.02 14:55:28 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.30 22:27:18 | 000,246,272 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll [2012.11.30 22:27:18 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2012.11.05 20:16:21 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.11.05 20:16:19 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2012.11.05 20:16:19 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2012.10.13 17:11:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012.10.10 02:22:34 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.10.10 02:22:32 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.10 02:22:16 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.10.04 22:23:05 | 000,007,602 | ---- | C] () -- D:\Users\+++++\AppData\Local\Resmon.ResmonCfg [2012.10.04 06:54:09 | 000,282,296 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.10.04 06:54:08 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2012.10.04 06:54:08 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.10.03 21:33:11 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012.03.19 22:37:12 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.03.19 22:37:12 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.13 13:30:35 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\Amazon [2012.12.18 10:22:06 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\APP_NAME_NON_STRING [2012.10.10 23:06:56 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\Auslogics [2013.01.18 18:35:30 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\Connect [2012.12.19 12:06:36 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\FreeCommander [2012.10.03 21:39:34 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\Leadertech [2013.01.24 22:05:03 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\LumacDaemon [2012.10.28 14:04:48 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\Mp3tag [2012.11.12 17:06:55 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\Origin [2012.12.18 10:22:01 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\pdfforge [2013.01.27 15:30:51 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\PunkBuster [2012.10.04 06:32:44 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\Samsung [2012.10.31 22:55:07 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\Spotify [2013.01.11 14:15:48 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\TeamViewer [2013.01.15 20:04:09 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\TS3Client [2012.12.07 19:46:35 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\ts3overlay [2012.12.07 19:46:17 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\ts3overlay_hook_win64 [2013.01.19 13:44:42 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\WebEx Connect [2013.01.03 16:52:34 | 000,000,000 | ---D | M] -- D:\Users\+++++\AppData\Roaming\Wise Registry Cleaner ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.03 20:30:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.10.28 01:42:49 | 000,000,000 | -HSD | M] -- C:\Boot [2012.12.01 22:38:21 | 000,000,000 | ---D | M] -- C:\Crash [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.10.03 19:59:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.10.03 20:47:54 | 000,000,000 | ---D | M] -- C:\Intel [2013.01.08 21:08:28 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.10.03 20:02:32 | 000,000,000 | R--D | M] -- C:\Program Files [2012.11.04 15:44:32 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.01.27 15:38:10 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.10.03 19:59:48 | 000,000,000 | -HSD | M] -- C:\Programme [2012.10.03 19:59:48 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.02.03 11:22:22 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.10.03 20:35:46 | 000,000,000 | R--D | M] -- C:\Users [2013.02.02 13:23:08 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.10.03 20:52:29 | 000,000,828 | ---- | C] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2012.10.03 20:52:29 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2012.12.01 00:04:42 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.12.01 00:04:42 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.12.17 08:52:20 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Telephony\Providers > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 5 "ProviderFileName0" = unimdm.tsp -- [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) "NumProviders" = 4 < HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\Windows\CurrentVersion\Telephony\Providers > "ProviderID0" = 1 "ProviderID1" = 2 "ProviderID2" = 3 "ProviderID3" = 4 "NextProviderID" = 5 "ProviderFileName0" = unimdm.tsp -- [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) "ProviderFileName1" = kmddsp.tsp -- [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) "ProviderFileName2" = ndptsp.tsp -- [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) "ProviderFileName3" = hidphone.tsp -- [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) "NumProviders" = 4 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters > "ServiceDll" = %SystemRoot%\System32\wkssvc.dll "ServiceDllUnloadOnStop" = 1 "EnablePlainTextPassword" = 0 "EnableSecuritySignature" = 1 "RequireSecuritySignature" = 0 "OtherDomains" = [binary data] "MaxCollectionCount" = 32 "MaxThreads" = 30 "MaxCmds" = 30 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters > "ServiceDll" = %SystemRoot%\System32\dnsrslvr.dll "ServiceDllUnloadOnStop" = 1 "extension" = %SystemRoot%\System32\dnsext.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache] < HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost > "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes] "LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes] "LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.20 13:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation) "rpcss" = RpcSs [binary data] "LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 02:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc] < HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost > "netsvcs" = AeLookupSvcCertPropSvcSCPolicySv [Binary data over 200 bytes] "LocalService" = RemoteRegistryWinHttpAutoProxySvc [Binary data over 200 bytes] "LocalSystemNetworkRestricted" = NetmanAudioEndpointBuilderdot3sv [Binary data over 200 bytes] "LocalServiceNoNetwork" = PLA [binary data] -- [2010.11.20 13:20:54 | 001,508,864 | ---- | M] (Microsoft Corporation) "rpcss" = RpcSs [binary data] "LocalServiceNetworkRestricted" = AudioSrvBthHFSrvLmHostswscsvcWPCSvc [binary data] "LocalServiceAndNoImpersonation" = SSDPSRVupnphostSCardSvrTBSQWAVEwcncsvc [binary data] "DcomLaunch" = PowerPlugPlayDcomLaunch [binary data] "NetworkService" = CryptSvcDHCPTermServiceDNSCache [Binary data over 200 bytes] "imgsvc" = StiSvc [binary data] "wcssvc" = WcsPlugInService [binary data] -- [2009.07.14 02:16:18 | 000,032,768 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalService] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceAndNoImpersonation] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNetworkRestricted] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalServiceNoNetwork] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\netsvcs] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkService] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopHyperVAgent] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\NetworkServiceRemoteDesktopPublishing] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\termsvcs] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost\wcssvc] |
|
03.02.2013, 11:40
| #9 |
| | TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles Teil 2: Code:
ATTFilter < HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com >
< %SystemRoot%\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
< %SystemRoot%\system32\*.tsp /64 >
[2009.07.14 02:38:54 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\hidphone.tsp
[2009.07.14 02:38:54 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kmddsp.tsp
[2009.07.14 02:38:54 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ndptsp.tsp
[2009.07.14 02:38:54 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\remotesp.tsp
[2010.11.20 14:24:24 | 000,321,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\unimdm.tsp
< C:\Windows\system32\*.dll /360 >
[2012.08.23 12:15:57 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\aaclient.dll
[2012.10.03 21:46:26 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\admparse.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 05:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 03:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 03:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 03:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.19 14:08:45 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.19 14:08:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.19 14:08:45 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.19 14:08:45 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.19 14:08:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.19 14:08:45 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.19 14:08:45 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.19 14:08:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.19 14:08:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 03:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
[2012.07.26 19:08:06 | 000,153,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\atl110.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\system32\atmlib.dll
[2012.07.04 22:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\browcli.dll
[2012.06.06 06:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cdosys.dll
[2012.06.02 05:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\crypt32.dll
[2012.06.02 05:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptnet.dll
[2012.06.02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cryptsvc.dll
[2013.01.19 14:08:44 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d2d1.dll
[2013.01.19 14:08:45 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10.dll
[2013.01.19 14:08:45 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10core.dll
[2013.01.19 14:08:45 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10level9.dll
[2013.01.19 14:08:44 | 001,885,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10warp.dll
[2013.01.19 14:08:45 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1.dll
[2013.01.19 14:08:45 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d10_1core.dll
[2013.01.19 14:08:45 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\d3d11.dll
[2013.01.12 03:30:33 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\deployJava1.dll
[2012.10.09 18:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcore6.dll
[2012.10.09 18:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dhcpcsvc6.dll
[2012.11.02 06:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dpnet.dll
[2013.01.19 14:08:45 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DWrite.dll
[2013.01.19 14:08:44 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxgi.dll
[2012.10.03 21:46:26 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtmsft.dll
[2012.10.03 21:46:26 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\dxtrans.dll
[2012.12.07 13:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\gameux.dll
[2012.08.21 13:01:20 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\GEARAspi.dll
[2012.10.03 21:46:26 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\icardie.dll
[2012.10.03 21:46:26 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\IEAdvpack.dll
[2012.10.03 21:46:26 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakeng.dll
[2012.10.03 21:46:26 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieaksie.dll
[2012.10.03 21:46:26 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieakui.dll
[2012.10.03 21:46:26 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieapfltr.dll
[2012.10.03 21:46:26 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iedkcs32.dll
[2012.11.14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieframe.dll
[2012.10.03 21:46:26 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iepeers.dll
[2012.10.03 21:46:26 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iernonce.dll
[2012.11.14 02:46:38 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iertutil.dll
[2012.10.03 21:46:26 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesetup.dll
[2012.10.03 21:46:26 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\iesysprep.dll
[2012.11.14 02:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ieui.dll
[2012.10.10 02:22:20 | 008,579,584 | ---- | M] (Intel Corporation) -- C:\Windows\system32\ig7icd32.dll
[2012.10.10 02:22:24 | 011,158,528 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igd10umd32.dll
[2012.10.10 02:22:26 | 002,899,968 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdbcl32.dll
[2012.10.10 02:22:34 | 000,064,512 | ---- | M] () -- C:\Windows\system32\igdde32.dll
[2012.10.10 02:22:42 | 021,818,368 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdfcl32.dll
[2012.10.10 02:22:22 | 027,643,904 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdrcl32.dll
[2012.10.10 02:22:18 | 011,040,256 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igdumd32.dll
[2012.10.10 02:22:28 | 000,448,512 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfx11cmrt32.dll
[2012.10.10 02:22:38 | 003,776,512 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxcmjit32.dll
[2012.10.10 02:22:26 | 000,604,160 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxcmrt32.dll
[2012.10.10 02:22:32 | 000,330,240 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxdv32.dll
[2012.10.10 02:22:30 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\system32\igfxexps32.dll
[2012.10.10 02:22:42 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Windows\system32\iglhcp32.dll
[2012.03.19 21:09:08 | 000,519,680 | ---- | M] (Intel Corporation) -- C:\Windows\system32\iglhsip32.dll
[2012.03.01 06:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imagehlp.dll
[2012.10.03 21:46:26 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\imgutil.dll
[2012.10.03 21:46:26 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\inseng.dll
[2012.10.10 02:22:28 | 000,195,584 | ---- | M] (Intel Corporation) -- C:\Windows\system32\IntelOpenCL32.dll
[2012.10.10 02:22:22 | 000,056,320 | ---- | M] (Khronos Group) -- C:\Windows\system32\Intel_OpenCL_ICD32.dll
[2012.11.14 02:49:19 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript.dll
[2012.11.14 03:09:22 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jscript9.dll
[2012.11.14 02:51:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\jsproxy.dll
[2012.08.11 00:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kerberos.dll
[2012.11.30 05:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kernel32.dll
[2012.11.30 05:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\KernelBase.dll
[2012.10.03 21:46:26 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\licmgr10.dll
[2012.07.17 14:49:00 | 000,209,648 | ---- | M] (Microsoft Corp.) -- C:\Windows\system32\LIVESSP.DLL
[2012.10.04 20:38:24 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msclmd.dll
[2012.11.14 02:47:20 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeeds.dll
[2012.10.03 21:46:26 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msfeedsbs.dll
[2012.11.14 03:48:26 | 012,320,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtml.dll
[2012.11.14 02:45:01 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmled.dll
[2012.10.03 21:46:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mshtmler.dll
[2012.04.07 12:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msi.dll
[2012.10.03 21:46:26 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msls31.dll
[2013.01.19 14:08:45 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msmpeg2vdec.dll
[2012.05.05 10:54:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MSMPIDE.DLL
[2012.10.03 21:46:26 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msrating.dll
[2012.08.23 14:47:20 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\MsRdpWebAccess.dll
[2012.08.23 09:19:01 | 004,916,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mstscax.dll
[2012.07.26 19:08:06 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcp110.dll
[2012.07.26 19:08:06 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msvcr110.dll
[2012.11.01 05:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml3.dll
[2012.11.01 05:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\msxml6.dll
[2012.11.20 05:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncrypt.dll
[2012.10.03 17:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ncsi.dll
[2012.07.04 22:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netapi32.dll
[2012.10.03 17:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netcorehc.dll
[2012.10.03 17:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\netevent.dll
[2013.01.12 03:30:38 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\system32\npDeployJava1.dll
[2012.11.30 03:44:04 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ntvdm64.dll
[2012.12.29 11:34:47 | 002,504,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvapi.dll
[2012.12.29 11:34:47 | 017,560,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcompiler.dll
[2012.12.29 11:34:47 | 007,931,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuda.dll
[2012.12.29 11:34:47 | 001,985,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvenc.dll
[2012.12.29 11:34:47 | 002,720,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvcuvid.dll
[2012.12.29 11:34:47 | 015,129,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvd3dum.dll
[2012.12.29 11:34:47 | 000,201,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvinit.dll
[2012.12.29 11:34:47 | 020,450,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvoglv32.dll
[2012.12.29 11:34:47 | 006,263,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvopencl.dll
[2012.12.29 11:34:47 | 000,958,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvumdshim.dll
[2012.12.29 11:34:47 | 012,641,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvwgf2um.dll
[2012.10.03 21:46:26 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\occache.dll
[2012.10.10 02:22:22 | 000,056,320 | ---- | M] (Khronos Group) -- C:\Windows\system32\OpenCL.dll
[2012.10.03 21:46:26 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\pngfilt.dll
[2012.05.04 10:59:54 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\qdvd.dll
[2012.02.17 06:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpcore.dll
[2012.08.23 12:12:17 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\rdpendp_winip.dll
[2012.08.24 17:57:40 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\schannel.dll
[2012.08.24 17:57:40 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\secur32.dll
[2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\shell32.dll
[2012.09.12 16:07:44 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sirenacm.dll
[2012.05.05 08:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\srclient.dll
[2012.08.24 17:53:35 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\sspicli.dll
[2012.09.25 23:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\synceng.dll
[2012.08.23 14:18:14 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tsgqec.dll
[2012.11.09 05:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\tzres.dll
[2013.01.19 14:08:44 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\UIAnimation.dll
[2012.11.14 02:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\url.dll
[2012.11.14 02:57:44 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\urlmon.dll
[2012.11.22 05:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\usp10.dll
[2012.11.14 02:48:27 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vbscript.dll
[2012.07.26 19:08:06 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vccorlib110.dll
[2012.07.26 19:08:06 | 000,115,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\vcomp110.dll
[2012.10.03 21:46:26 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\webcheck.dll
[2012.11.09 05:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\win32spl.dll
[2013.01.19 14:08:45 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecs.dll
[2013.01.19 14:08:45 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WindowsCodecsExt.dll
[2012.11.14 02:57:37 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wininet.dll
[2012.08.24 17:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wintrust.dll
[2012.08.23 14:46:20 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wksprtPS.dll
[2012.03.01 06:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wmi.dll
[2013.01.19 14:08:45 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\WMPhoto.dll
[2012.11.30 05:54:00 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wow32.dll
[2012.12.07 13:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Wpc.dll
[2013.01.19 14:08:45 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsGdiConverter.dll
[2013.01.19 14:08:45 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\XpsPrint.dll
< C:\Windows\SysNative\*.dll /360 >
[2012.08.23 11:54:24 | 000,322,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.10.03 21:46:26 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012.11.30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 06:38:44 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 06:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 06:38:44 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 06:38:44 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 06:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 06:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 06:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 06:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 06:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 06:38:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 06:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 06:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 06:38:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 06:38:45 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 06:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 06:38:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.19 14:08:45 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.19 14:08:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.19 14:08:45 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.19 14:08:45 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.19 14:08:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.19 14:08:45 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.19 14:08:45 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.19 14:08:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.19 14:08:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 06:38:45 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.07.26 15:22:10 | 000,177,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\atl110.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.07.04 23:13:27 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012.07.04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browser.dll
[2012.06.06 07:02:54 | 001,133,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.06.02 06:41:27 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.02 06:41:28 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.02 06:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsvc.dll
[2013.01.19 14:08:45 | 003,928,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.01.19 14:08:44 | 001,238,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.01.19 14:08:44 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.01.19 14:08:44 | 000,648,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.01.19 14:08:45 | 002,434,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.01.19 14:08:44 | 000,194,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.01.19 14:08:44 | 000,333,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.01.19 14:08:45 | 001,887,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.01.20 00:58:30 | 000,960,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.10.09 19:17:13 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.10.09 19:17:13 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.02 06:59:11 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013.01.19 14:08:45 | 001,643,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.01.19 14:08:45 | 000,363,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2012.10.03 21:46:25 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012.10.03 21:46:25 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.01.19 14:08:45 | 001,175,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll
[2012.12.07 14:15:31 | 002,746,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2012.08.21 13:01:20 | 000,125,872 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012.10.10 02:22:26 | 000,173,568 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012.10.10 02:22:34 | 000,110,592 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012.10.03 21:46:25 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012.03.19 21:09:08 | 000,094,208 | ---- | M] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2012.10.03 21:46:25 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012.10.03 21:46:25 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012.10.03 21:46:26 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012.10.03 21:46:26 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012.10.03 21:46:25 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012.10.03 21:46:25 | 000,403,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2012.11.14 07:32:33 | 010,925,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2012.10.03 21:46:26 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012.10.03 21:46:25 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012.11.14 06:55:45 | 002,144,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2012.10.03 21:46:25 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012.10.03 21:46:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012.11.14 06:46:25 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.10.10 02:22:20 | 011,595,776 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\ig7icd64.dll
[2012.10.10 02:22:34 | 012,836,864 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012.10.10 02:22:30 | 003,582,976 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdbcl64.dll
[2012.10.10 02:22:42 | 000,080,384 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll
[2012.10.10 02:22:38 | 027,438,080 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdfcl64.dll
[2012.10.10 02:22:34 | 027,664,896 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdrcl64.dll
[2012.10.10 02:22:32 | 012,604,416 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2012.10.10 02:22:20 | 000,482,304 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfx11cmrt64.dll
[2012.10.10 02:22:26 | 004,571,136 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmjit64.dll
[2012.10.10 02:22:34 | 000,501,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012.03.19 22:42:08 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2696.dll
[2012.10.10 02:22:28 | 000,116,224 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2867.dll
[2012.10.10 02:22:28 | 000,441,856 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012.10.10 02:22:16 | 000,009,728 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012.10.10 02:22:22 | 000,142,336 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012.10.10 02:22:18 | 000,028,672 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012.10.10 02:22:20 | 000,386,048 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012.10.10 02:22:28 | 009,007,616 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012.10.10 02:22:28 | 000,063,488 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012.10.10 02:22:34 | 000,410,624 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012.10.10 02:22:42 | 000,216,064 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2012.03.19 21:09:08 | 000,524,800 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2012.03.01 07:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.10.03 21:46:26 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012.10.03 21:46:25 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012.10.10 02:22:28 | 000,241,664 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\IntelOpenCL64.dll
[2012.10.10 02:22:30 | 000,056,832 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\Intel_OpenCL_ICD64.dll
[2012.10.03 18:42:16 | 000,569,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iphlpsvc.dll
[2012.11.14 06:58:36 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.14 07:11:44 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.14 06:59:52 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2012.08.11 01:56:03 | 000,715,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kerberos.dll
[2012.11.30 06:41:07 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.11.30 06:41:07 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.03 21:46:25 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012.07.17 15:14:44 | 000,253,184 | ---- | M] (Microsoft Corp.) -- C:\Windows\SysNative\LIVESSP.DLL
[2012.05.14 06:26:34 | 000,956,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012.08.24 19:03:09 | 001,448,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.10.04 20:38:24 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2012.11.14 06:55:26 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.10.03 21:46:25 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2012.11.14 08:06:18 | 017,811,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2012.11.14 06:53:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.10.03 21:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012.04.07 13:31:40 | 003,216,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.10.03 21:46:26 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.01.19 14:08:45 | 002,776,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2012.10.03 21:46:26 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012.08.23 14:20:40 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.08.23 09:13:07 | 005,773,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.07.26 15:22:10 | 000,661,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp110.dll
[2012.07.26 15:22:10 | 000,828,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr110.dll
[2012.11.01 06:43:42 | 001,882,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3.dll
[2012.11.01 06:43:42 | 002,002,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6.dll
[2012.11.20 06:48:49 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.10.03 18:44:16 | 000,216,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.07.04 23:16:43 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012.10.03 18:44:17 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.10.03 18:44:17 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.10.03 18:44:21 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlaapi.dll
[2012.10.03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\nlasvc.dll
[2013.01.20 00:58:30 | 001,081,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012.11.30 06:43:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.29 11:34:47 | 002,824,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.12.29 11:34:47 | 025,256,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.12.29 09:40:27 | 006,382,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.12.29 11:34:47 | 009,389,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.12.29 11:34:47 | 002,344,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.12.29 11:34:47 | 002,904,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.12.29 11:34:47 | 018,054,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.12.29 11:34:47 | 001,813,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.12.29 11:34:47 | 001,504,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.07.03 08:37:57 | 001,472,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012.07.03 16:25:21 | 000,031,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.12.29 11:34:47 | 000,246,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.12.29 09:40:09 | 000,118,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.12.29 11:34:47 | 026,931,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.12.29 11:34:47 | 007,565,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.12.29 09:40:09 | 000,063,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.12.29 09:40:27 | 003,455,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.12.29 09:40:09 | 002,558,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.12.29 11:34:47 | 001,107,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.12.29 11:34:47 | 015,052,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.10.03 21:46:26 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012.10.10 02:22:30 | 000,056,832 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.10.28 18:32:34 | 000,103,936 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.10.03 21:46:26 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012.05.01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\profsvc.dll
[2012.05.04 12:00:43 | 000,366,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.02.17 07:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012.04.26 06:41:55 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.08.23 10:51:57 | 003,174,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.08.23 11:51:14 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.08.23 14:24:57 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.08.23 15:13:11 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.04.26 06:41:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.08.24 19:05:03 | 000,340,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\schannel.dll
[2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\shell32.dll
[2012.05.05 09:36:55 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012.09.25 23:46:17 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.08.23 13:52:53 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.08.23 14:06:58 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.08.23 14:40:56 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.11.09 06:45:09 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tzres.dll
[2013.01.19 14:08:44 | 000,221,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2012.11.14 07:02:04 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.14 07:04:44 | 001,346,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2012.07.09 12:42:56 | 004,547,984 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\usbaaplrc.dll
[2012.11.22 06:44:23 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2012.11.14 06:57:46 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.07.26 15:22:10 | 000,354,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vccorlib110.dll
[2012.07.26 15:22:10 | 000,124,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vcomp110.dll
[2012.07.26 03:36:08 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.10.03 21:46:25 | 000,249,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\webcheck.dll
[2012.11.09 06:45:32 | 000,750,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.20 00:58:30 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.01.19 14:08:44 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.01.19 14:08:44 | 000,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2012.11.14 07:04:11 | 001,392,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2012.11.30 06:45:14 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.08.24 19:05:07 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.08.23 14:17:54 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.03.01 07:28:47 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmi.dll
[2013.01.19 14:08:45 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2012.11.30 06:45:35 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.11.30 06:45:35 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.11.30 06:45:35 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.07 14:20:16 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2012.06.02 23:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012.06.02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuaueng.dll
[2012.06.02 23:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.07.26 04:08:14 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.07.26 04:08:14 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.07.26 04:08:14 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFSvc.dll
[2012.07.26 04:08:14 | 000,744,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.06.02 23:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012.06.02 23:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012.06.02 23:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.02 14:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013.01.19 14:08:45 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.01.19 14:08:45 | 001,682,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
< C:\Windows\SysWOW64\*.dll /360 >
[2012.08.23 12:15:57 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\aaclient.dll
[2012.10.03 21:46:26 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\admparse.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
[2012.11.30 05:45:14 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
[2012.11.30 05:45:14 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.11.30 05:45:15 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
[2012.11.30 05:45:15 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.11.30 03:38:59 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.11.30 03:38:59 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
[2012.11.30 03:38:59 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.19 14:08:45 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.01.19 14:08:45 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.01.19 14:08:45 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.01.19 14:08:45 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.01.19 14:08:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.01.19 14:08:45 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.01.19 14:08:45 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.01.19 14:08:45 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.01.19 14:08:45 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
[2012.11.30 03:38:59 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
[2012.07.26 19:08:06 | 000,153,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\atl110.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWOW64\atmlib.dll
[2012.07.04 22:14:34 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\browcli.dll
[2012.06.06 06:03:06 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cdosys.dll
[2012.06.02 05:36:29 | 001,159,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\crypt32.dll
[2012.06.02 05:36:29 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptnet.dll
[2012.06.02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cryptsvc.dll
[2013.01.19 14:08:44 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
[2013.01.19 14:08:45 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10.dll
[2013.01.19 14:08:45 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10core.dll
[2013.01.19 14:08:45 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10level9.dll
[2013.01.19 14:08:44 | 001,885,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10warp.dll
[2013.01.19 14:08:45 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1.dll
[2013.01.19 14:08:45 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d10_1core.dll
[2013.01.19 14:08:45 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d3d11.dll
[2013.01.12 03:30:33 | 000,780,192 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\deployJava1.dll
[2012.10.09 18:40:31 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore6.dll
[2012.10.09 18:40:31 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcsvc6.dll
[2012.11.02 06:11:31 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dpnet.dll
[2013.01.19 14:08:45 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
[2013.01.19 14:08:44 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxgi.dll
[2012.10.03 21:46:26 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtmsft.dll
[2012.10.03 21:46:26 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dxtrans.dll
[2012.12.07 13:20:43 | 002,576,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\gameux.dll
[2012.08.21 13:01:20 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysWOW64\GEARAspi.dll
[2012.10.03 21:46:26 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\icardie.dll
[2012.10.03 21:46:26 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IEAdvpack.dll
[2012.10.03 21:46:26 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieakeng.dll
[2012.10.03 21:46:26 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieaksie.dll
[2012.10.03 21:46:26 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieakui.dll
[2012.10.03 21:46:26 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieapfltr.dll
[2012.10.03 21:46:26 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iedkcs32.dll
[2012.11.14 03:14:59 | 009,738,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieframe.dll
[2012.10.03 21:46:26 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iepeers.dll
[2012.10.03 21:46:26 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iernonce.dll
[2012.11.14 02:46:38 | 001,793,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iertutil.dll
[2012.10.03 21:46:26 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iesetup.dll
[2012.10.03 21:46:26 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\iesysprep.dll
[2012.11.14 02:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ieui.dll
[2012.10.10 02:22:20 | 008,579,584 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\ig7icd32.dll
[2012.10.10 02:22:24 | 011,158,528 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igd10umd32.dll
[2012.10.10 02:22:26 | 002,899,968 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igdbcl32.dll
[2012.10.10 02:22:34 | 000,064,512 | ---- | M] () -- C:\Windows\SysWOW64\igdde32.dll
[2012.10.10 02:22:42 | 021,818,368 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igdfcl32.dll
[2012.10.10 02:22:22 | 027,643,904 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igdrcl32.dll
[2012.10.10 02:22:18 | 011,040,256 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igdumd32.dll
[2012.10.10 02:22:28 | 000,448,512 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igfx11cmrt32.dll
[2012.10.10 02:22:38 | 003,776,512 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igfxcmjit32.dll
[2012.10.10 02:22:26 | 000,604,160 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igfxcmrt32.dll
[2012.10.10 02:22:32 | 000,330,240 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igfxdv32.dll
[2012.10.10 02:22:30 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\igfxexps32.dll
[2012.10.10 02:22:42 | 000,180,224 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\iglhcp32.dll
[2012.03.19 21:09:08 | 000,519,680 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\iglhsip32.dll
[2012.03.01 06:33:23 | 000,159,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
[2012.10.03 21:46:26 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imgutil.dll
[2012.10.03 21:46:26 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\inseng.dll
[2012.10.10 02:22:28 | 000,195,584 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\IntelOpenCL32.dll
[2012.10.10 02:22:22 | 000,056,320 | ---- | M] (Khronos Group) -- C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
[2012.11.14 02:49:19 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript.dll
[2012.11.14 03:09:22 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jscript9.dll
[2012.11.14 02:51:44 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\jsproxy.dll
[2012.08.11 00:56:14 | 000,542,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kerberos.dll
[2012.11.30 05:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\kernel32.dll
[2012.11.30 05:53:59 | 000,274,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\KernelBase.dll
[2012.10.03 21:46:26 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\licmgr10.dll
[2012.07.17 14:49:00 | 000,209,648 | ---- | M] (Microsoft Corp.) -- C:\Windows\SysWOW64\LIVESSP.DLL
[2012.10.04 20:38:24 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msclmd.dll
[2012.11.14 02:47:20 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeeds.dll
[2012.10.03 21:46:26 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msfeedsbs.dll
[2012.11.14 03:48:26 | 012,320,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtml.dll
[2012.11.14 02:45:01 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmled.dll
[2012.10.03 21:46:26 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mshtmler.dll
[2012.04.07 12:26:29 | 002,342,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msi.dll
[2012.10.03 21:46:26 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msls31.dll
[2013.01.19 14:08:45 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msmpeg2vdec.dll
[2012.05.05 10:54:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MSMPIDE.DLL
[2012.10.03 21:46:26 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msrating.dll
[2012.08.23 14:47:20 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MsRdpWebAccess.dll
[2012.08.23 09:19:01 | 004,916,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\mstscax.dll
[2012.07.26 19:08:06 | 000,534,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcp110.dll
[2012.07.26 19:08:06 | 000,862,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msvcr110.dll
[2012.11.01 05:47:54 | 001,236,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml3.dll
[2012.11.01 05:47:54 | 001,389,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msxml6.dll
[2012.11.20 05:51:09 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncrypt.dll
[2012.10.03 17:42:23 | 000,156,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ncsi.dll
[2012.07.04 22:16:56 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netapi32.dll
[2012.10.03 17:42:24 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netcorehc.dll
[2012.10.03 17:42:24 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netevent.dll
[2013.01.12 03:30:38 | 000,859,552 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWOW64\npDeployJava1.dll
[2012.11.30 03:44:04 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntvdm64.dll
[2012.12.29 11:34:47 | 002,504,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvapi.dll
[2012.12.29 11:34:47 | 017,560,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcompiler.dll
[2012.12.29 11:34:47 | 007,931,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuda.dll
[2012.12.29 11:34:47 | 001,985,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuvenc.dll
[2012.12.29 11:34:47 | 002,720,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvcuvid.dll
[2012.12.29 11:34:47 | 015,129,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvd3dum.dll
[2012.12.29 11:34:47 | 000,201,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvinit.dll
[2012.12.29 11:34:47 | 020,450,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvoglv32.dll
[2012.12.29 11:34:47 | 006,263,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvopencl.dll
[2012.12.29 11:34:47 | 000,958,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvumdshim.dll
[2012.12.29 11:34:47 | 012,641,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWOW64\nvwgf2um.dll
[2012.10.03 21:46:26 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\occache.dll
[2012.10.10 02:22:22 | 000,056,320 | ---- | M] (Khronos Group) -- C:\Windows\SysWOW64\OpenCL.dll
[2012.10.03 21:46:26 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\pngfilt.dll
[2012.05.04 10:59:54 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\qdvd.dll
[2012.02.17 06:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rdpcore.dll
[2012.08.23 12:12:17 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rdpendp_winip.dll
[2012.08.24 17:57:40 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schannel.dll
[2012.08.24 17:57:40 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\secur32.dll
[2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\shell32.dll
[2012.09.12 16:07:44 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sirenacm.dll
[2012.05.05 08:46:52 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srclient.dll
[2012.08.24 17:53:35 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\sspicli.dll
[2012.09.25 23:47:43 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\synceng.dll
[2012.08.23 14:18:14 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tsgqec.dll
[2012.11.09 05:42:49 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\tzres.dll
[2013.01.19 14:08:44 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\UIAnimation.dll
[2012.11.14 02:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\url.dll
[2012.11.14 02:57:44 | 001,103,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\urlmon.dll
[2012.11.22 05:45:03 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\usp10.dll
[2012.11.14 02:48:27 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vbscript.dll
[2012.07.26 19:08:06 | 000,251,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vccorlib110.dll
[2012.07.26 19:08:06 | 000,115,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\vcomp110.dll
[2012.10.03 21:46:26 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\webcheck.dll
[2012.11.09 05:43:04 | 000,492,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\win32spl.dll
[2013.01.19 14:08:45 | 001,230,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
[2013.01.19 14:08:45 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecsExt.dll
[2012.11.14 02:57:37 | 001,129,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wininet.dll
[2012.08.24 17:57:48 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wintrust.dll
[2012.08.23 14:46:20 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wksprtPS.dll
[2012.03.01 06:29:16 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wmi.dll
[2013.01.19 14:08:45 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WMPhoto.dll
[2012.11.30 05:54:00 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wow32.dll
[2012.12.07 13:26:17 | 000,308,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\Wpc.dll
[2013.01.19 14:08:45 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsGdiConverter.dll
[2013.01.19 14:08:45 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\XpsPrint.dll
< End of report >
|
|
03.02.2013, 11:47
| #10 |
| /// Malwareteam | TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles Hm...ich kann hier nichts von Mediyes erkennen. Sieht ganz gut aus - kontrollieren wir alles nochmal!  Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
03.02.2013, 22:45
| #11 |
| | TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles wieder nix gefunden: was mich nur wundert ist, dass aswMBR mitten drin beim VisualStudio abstürzt und wenn ich jetzt den IExplorer wieder installieren will, ich garantiert wieder die gleiche Fehlermeldung bekomme. Wobei ich nicht glaube, dass der von der MSoft Seite mit runter geladen wurde. Kann sich der Mediyes.Gen auch irgendwo in den MS Installationsverzeichnissen eingenistet haben? Gruß Mario Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.03.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 +++++ :: +++++-PC [Administrator] Schutz: Aktiviert 03.02.2013 12:37:14 mbam-log-2013-02-03 (12-37-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 516120 Laufzeit: 1 Stunde(n), 30 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=83249452f0d68c44817276169bb5212a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-03 06:05:53
# local_time=2013-02-03 07:05:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 32141 225338043 24932 0
# compatibility_mode=5893 16776574 66 85 10535136 111544603 0 0
# scanned=290827
# found=0
# cleaned=0
# scan_time=17384
|
|
04.02.2013, 08:09
| #12 |
| /// Malwareteam | TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles Wir haben keinerlei Anhaltspunkte auf das Vorhandensein von Mediyes gefunden. Dieser Trojaner hat sehr spezielle Merkmale, von denen wir keines finden konnten. ESET hat das gesamte System gescannt - etwaige "Installationsdateien" (so genannte Dropper) des Schädlings wurden dabei nicht entdeckt. aswMBR stürzt beim Zugriff auf bestimmte, saubere Dateien des Öfteren ab. Dies liegt an der Art und Weise, wie das Programm arbeitet und ist kein Grund zur Sorge. Macht der Rechner noch Probleme oder können wir nachbereiten?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
04.02.2013, 09:00
| #13 |
| | TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles Hallo, Danke erst einmal für die Unterstützung. Ich hatte wie gesagt Probleme mit dem IExplorer, weil ich diesen aber nicht benutzt hatte, habe ich dem auch keine Beachtung geschenkt. Nach dem Avira mir den Trojaner gemeldet hatte, habe ich mit Avira das gesamte System gescannt und nichts gefunden. Der Internetexplorer hat nicht funktioniert, so dass ich ihn über die Systemsteuerung deinstalliert habe und anschließend die originale IE9-Installation von MS herunter geladen. Bei der Installation (2x mit zwischenzeitlichen Scannen von Avira) kam dann jedes Mal die Meldung von Avira, dass in dem versteckten Ordner „\$$PendingFiles\“ der Trojaner gefunden wurde. Ich bin zurzeit auf Dienstreise, kann aber am Donnerstag noch einmal die aktuelle Version des IE9 herunterladen und versuchen diesen zu installieren um zu schauen, ob das Verhalten wieder auftritt…???? Oder sollte ich jetzt da mein System sauber erscheint einfach auf den IE verzichten? Wie macht sich der TR/mediyes.Gen überhaupt bemerkbar, d.h. welches Attacken verursacht er und wie bemerkt man ihn (außer durch Avira)?? Danke! Gruß Mario |
|
04.02.2013, 10:22
| #14 |
| /// Malwareteam | TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles Mediyes ist ein Trojaner, welcher sich tief ins System gräbt und im Endeffekt nur dazu dient, gewisse Werbebanner mehrere tausend Mal pro Tag anzuklicken, was dem Mieter dieses Banners natürlich Geld einbringt. Da sich der Trojaner eines mutmaßlich gestohlenen Softwarezertifikats der Firma Joosoft.com bedient, erscheint er den meisten Sicherheitsprogrammen als legitim und wird nicht erkannt. In deinem Fall gehe ich eher von einem so genannten false positive, also einer Fehlerkennung aus. Installiere den IE erneut und berichte, was passiert.
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
04.02.2013, 11:21
| #15 |
| | TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles OK, Ich melde mich dann ab Donnerstag wieder, wenn ich wieder da bin und werde berichten. Danke für die Infos |
|
| Themen zu TR/Mediyes.Gen bei Installation IExplorer im $$PendingFiles |
| administrator, avira, avira meldung, desktop, dllhost.exe, explorer, explorer.exe, firefox, firefox problem, infizierte, installation, lsass.exe, malwarebytes, modul, namen, problem, programm, prozesse, services.exe, svchost.exe, taskhost.exe, temp, tr/mediyes.gen, trojaner, windows, winlogon.exe, wmp |
Textbox.
Linear-Darstellung
