Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: starfenster.com

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.01.2013, 16:03   #1
adh
 
starfenster.com - Standard

starfenster.com



Hallo, bin wohl nicht der erste wie es scheint, der sich das Teil eingefangen hat, obwohl ich mich nicht erinnere anders als über updates aus dem vlc-player heraus, eben solche gemacht zu haben. Sei es wie es ist, ich hab das Teil jetzt auf dem Rechner.

Bisher(?) tut er mir nichts, außer ein zusätzliches Fenster beim Neustart des Browsers (Chrome) zu öffnen.
Auch wenn ich das Gefühl habe, dass manchmal Prozesse lange dauern; in meiner Wahrnehmnung früher schneller abgelaufen sind, wie zb das Entpacken von zip/rar-Dateien.

Avira Free Antivirus findet (natürlich) nichts. Hab auch nichts anderes erwartet. Hab hier ein wenig quergelesen, aber es scheint, dass jeder sein individuelles Problem damit hat und somit auch die Lösung keine allgemeine ist. Mit welchem Programm soll ich am besten ein Log erstellen, mit dem ihr mir dann ggf weiterhelfen könnt?

Danke für eure Mühen.

Alt 22.01.2013, 16:13   #2
markusg
/// Malware-holic
 
starfenster.com - Standard

starfenster.com



hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 22.01.2013, 17:31   #3
adh
 
starfenster.com - Standard

starfenster.com



OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\skynet\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 70,95% Memory free
6,50 Gb Paging File | 5,34 Gb Available in Paging File | 82,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98,57 Gb Total Space | 6,40 Gb Free Space | 6,50% Space Free | Partition Type: NTFS
Drive D: | 125,98 Gb Total Space | 62,61 Gb Free Space | 49,70% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 84,15 Gb Free Space | 9,03% Space Free | Partition Type: NTFS
Drive Z: | 98,57 Gb Total Space | 6,40 Gb Free Space | 6,50% Space Free | Partition Type: NTFS

Computer Name: SKYNERD | User Name: skynet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.22 16:09:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\skynet\Downloads\OTL.exe
PRC - [2012.12.22 04:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\skynet\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.08 16:40:38 | 000,166,912 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.10 11:14:17 | 001,193,176 | ---- | M] () -- C:\Users\skynet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.08.08 11:32:11 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.06 04:12:16 | 000,404,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.12.06 04:11:44 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.12.05 22:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.04.07 16:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2011.03.07 14:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- C:\Programme\VirtualCloneDrive\VCDDaemon.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.04.27 09:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.03.30 14:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2013.01.10 15:15:46 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4f91a66a3f10565b979b758f6f08e8cc\WindowsFormsIntegration.ni.dll
MOD - [2013.01.10 13:51:11 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.01.10 10:22:43 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 10:22:33 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013.01.10 10:22:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 10:22:12 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013.01.10 10:21:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.10 10:21:50 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 10:21:48 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll
MOD - [2013.01.10 10:21:47 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.01.10 10:21:39 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 10:21:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 10:21:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 10:21:30 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 10:21:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.08.10 11:14:17 | 001,193,176 | ---- | M] () -- C:\Users\skynet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011.12.05 22:14:02 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011.12.05 22:10:38 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.07.14 09:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.02.27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013.01.09 15:13:10 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.08 16:40:38 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.05.15 15:06:15 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.06 04:11:44 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.12.05 22:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.04.07 16:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.01.2013 16:17:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\skynet\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 70,95% Memory free
6,50 Gb Paging File | 5,34 Gb Available in Paging File | 82,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98,57 Gb Total Space | 6,40 Gb Free Space | 6,50% Space Free | Partition Type: NTFS
Drive D: | 125,98 Gb Total Space | 62,61 Gb Free Space | 49,70% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 84,15 Gb Free Space | 9,03% Space Free | Partition Type: NTFS
Drive Z: | 98,57 Gb Total Space | 6,40 Gb Free Space | 6,50% Space Free | Partition Type: NTFS
 
Computer Name: SKYNERD | User Name: skynet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A1C97B6-B4AA-4068-A16C-19686584F663}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0A2BAE65-6C16-410B-8459-BEF4927849B9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0D945A51-7723-440B-ADDB-854883CD8314}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1B7242F0-6B8A-4DF3-A3BF-E7B68B6F5650}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{25281AC9-5C62-44EF-A8A4-DD7BE0D1D233}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2AB219C1-E988-4053-85FA-0F29EC6D1DA2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{45FD468C-6554-4BEB-A8EB-70D986583A62}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4B9BDD93-5B2C-4DE4-99BC-69FF657289E0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6ED833F0-E5EE-4AFA-BDAA-5C839C7DAD0F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{701DE0E7-739B-4452-B31C-FDEAB14547EC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7C68A664-A36D-4617-B03D-6BD2E5E87001}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7EAE0A76-C5F4-4B5D-9489-8A0B9E943DC1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{866D6B57-0F4A-43A7-9656-00223F0BA608}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8E7F4D0F-62BD-46F8-A82A-BD29A65C4016}" = lport=445 | protocol=6 | dir=in | app=system | 
"{93376D54-8BC7-44AB-9CBD-4F48480E0EBF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A2774AED-B179-44AA-A71C-718FA52D00CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A92036AA-B1EB-4D47-8651-1FC7FE268726}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B9678506-4D83-486A-95F7-A0B7A4BED2DA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C7A0F4A3-81E9-4EC0-A759-0DB1F2B9E681}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CA0DFAB4-B05D-4FE3-B7EE-AF646F0CEB18}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E52105EA-71F4-4B8A-9285-EC71C2CF6EB8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F3537288-D306-42D7-A89E-BA73A1332AC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F6D98EFC-D8CA-4B1F-B61B-92F33136F6A8}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{F6E45F4B-84F2-4218-95A5-AB65F5B73476}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{029CCE7E-DDA4-40C4-9E69-5CBBFF62A07F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0601DBE5-0B41-4294-81DE-4A644062A864}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F0AE4CB-728A-49B2-95A8-2BE796569AEC}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed iii\ac3mp.exe | 
"{0F85FAF1-618B-4DB3-9116-5ACD86A1EA6A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{168B651B-2449-48D6-837F-31C04332090C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{1975F7C1-6E9B-4D10-9863-5304C27B3A2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1B435E40-8055-4B8F-8410-0D58A2EB8541}" = protocol=17 | dir=in | app=d:\farcry\bin\fc3editor.exe | 
"{1CF2F60F-2BAC-4D37-AD24-C1F81BD52104}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{2070EE91-6A68-4F25-9215-2C406FC10CD6}" = protocol=6 | dir=in | app=c:\users\skynet\appdata\roaming\spotify\spotify.exe | 
"{22D22441-C736-4A9D-8FA1-E6985886A3E6}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed iii\ac3sp.exe | 
"{242849E3-5450-4A86-921E-5099F5BE678B}" = protocol=6 | dir=in | app=d:\farcry\bin\farcry3.exe | 
"{2C78C31A-EBE3-4493-B0C6-0CDEF4381CFD}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\hellkite13@gmx.de\counter-strike\hl.exe | 
"{2D1F9910-9A24-4B37-8EB5-4780C08992F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{473008BD-9DB9-40DF-8761-5D3FDA52F0A0}" = protocol=6 | dir=in | app=d:\farcry\bin\fc3updater.exe | 
"{4877674D-135E-4E75-ACB1-F6B441B65108}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{4D0A5BAD-E64E-4C36-8448-77D460B3215F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5B0857B0-155A-4442-85CC-BDC75F4908E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5EF6A066-5368-4CAB-8B26-ECE5D6DEBF36}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5FE56437-4F1C-467C-BC86-58E8FB9B0926}" = protocol=6 | dir=in | app=d:\farcry\bin\fc3editor.exe | 
"{65F98D8C-A4E8-478A-9895-91E34F4E0D4A}" = protocol=17 | dir=in | app=d:\farcry\bin\farcry3_d3d11.exe | 
"{6E5CFAD0-932C-40EA-8387-0880A08FDD0C}" = protocol=17 | dir=in | app=c:\users\skynet\appdata\roaming\spotify\spotify.exe | 
"{726CA265-1873-4489-8CC6-A0518C4E62E9}" = protocol=6 | dir=out | app=system | 
"{7A0A3AFD-7FA8-4F0C-BDA6-B3A544A1B8E8}" = protocol=6 | dir=in | app=d:\farcry\bin\farcry3_d3d11.exe | 
"{80A91850-4249-4A20-B199-2E1B9DCE7837}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{81275C2D-923E-45C8-81CC-22C5D8D0A419}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{85A48BB8-DC02-4F22-999E-C96CE0208E56}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{86A14634-F7F9-4E39-964B-954546284FAF}" = protocol=6 | dir=in | app=c:\users\skynet\appdata\roaming\dropbox\bin\dropbox.exe | 
"{896B77FA-4735-439B-AA19-0507AAEF99E7}" = protocol=17 | dir=in | app=c:\users\skynet\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8A485CFB-520E-481F-8CF3-2ECB22D3C89A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\hellkite13@gmx.de\counter-strike\hl.exe | 
"{9388A914-6F02-416C-86EC-07F9C2A4B71B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{958B21B3-B431-4840-962C-EB5716A9D0D3}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{A7AA9286-744E-4ECB-ACDA-75927ED60E26}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\hellkite13@gmx.de\counter-strike\hl.exe | 
"{B9D9A629-889C-4286-B0FB-09AE80A7D640}" = protocol=17 | dir=in | app=d:\farcry\bin\fc3updater.exe | 
"{BB1FF678-C94D-42FB-BCB7-D693F97660C5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BDE808BF-8A1C-46F3-9D11-19575867FEE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C16A7FC9-D7F6-4753-A6DB-119371081093}" = protocol=17 | dir=in | app=c:\users\skynet\appdata\roaming\spotify\spotify.exe | 
"{C18126A3-B513-4228-BB2D-DA193F68D783}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{CA2720FF-C53A-42E8-B9AE-E5AEF4091CA3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed iii\ac3sp.exe | 
"{CD32B26F-6C7A-4AB9-9CBD-42C5C9127E1E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{CFB2EAFA-034F-4C96-917C-510F165FBD99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D4F70E0E-6F89-463E-B686-98A76DABB4FA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{DC045D64-CAC1-4E4E-92C6-EF52430FE1FC}" = protocol=6 | dir=in | app=c:\users\skynet\appdata\roaming\spotify\spotify.exe | 
"{DDF800EB-6378-4704-9D7F-838A2B88F99B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{DFE14EF4-6D97-4D98-9E6B-DC79608263F0}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed iii\ac3mp.exe | 
"{E21B8FC8-3957-47FD-B172-BAB32677A5C4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\hellkite13@gmx.de\counter-strike\hl.exe | 
"{E43135B9-BFF0-4830-BAAF-A563DA1C9DD8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E85384BA-3A3E-4B09-BC05-9753C51103B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FAB07AEC-63A3-40EF-A31A-71C7554456BE}" = protocol=17 | dir=in | app=d:\farcry\bin\farcry3.exe | 
"{FE27C7F9-8D65-4B15-A85A-FA94265FAE82}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{2242C69C-5D6C-40A1-BF3F-A852209F5E7D}C:\program files\ubisoft\assassin's creed iii\ac3sp.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed iii\ac3sp.exe | 
"TCP Query User{648DC477-EC96-49CD-B9F7-4A463BF9A905}C:\users\skynet\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\skynet\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{92028DB7-C6AF-4093-A861-1BCBDF14E5CC}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{BA24C737-D25C-434E-BAC2-C79DAF53DF0C}C:\users\skynet\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=6 | dir=in | app=c:\users\skynet\appdata\roaming\cacaoweb\cacaoweb.exe | 
"TCP Query User{C4EFB3F8-3D9C-4704-A5C3-93829BAD451C}C:\program files\activision\call of duty black ops ii\t6sp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty black ops ii\t6sp.exe | 
"TCP Query User{E5902FC5-059F-4E19-9824-E81E18FE95B3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{FE5308C4-69D3-4A32-B8DD-0BA44711EAC2}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{1C729170-8CBA-4D7D-AF01-BF64668EDB0B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
"UDP Query User{83CED4F3-A9A2-4A27-944A-C732AEDAE481}C:\program files\activision\call of duty black ops ii\t6sp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty black ops ii\t6sp.exe | 
"UDP Query User{BC4D0922-4CF2-4556-BE1E-3F0A66087AFA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{C7A3EE79-4054-4E0F-A7D6-5A43AC038D34}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{EB32777B-0DF1-45EA-B5EA-14AB955D54D6}C:\users\skynet\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=17 | dir=in | app=c:\users\skynet\appdata\roaming\cacaoweb\cacaoweb.exe | 
"UDP Query User{FE1A7F95-0BA0-46BF-8DA6-91B25F50528D}C:\program files\ubisoft\assassin's creed iii\ac3sp.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed iii\ac3sp.exe | 
"UDP Query User{FF367DB9-9017-46CB-BF3F-2291DE48CA0E}C:\users\skynet\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\skynet\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.6
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
"{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
"{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
"{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
"{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = 
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
"{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{74FF7860-85D8-D261-52C6-D41E946235F1}" = AMD Drag and Drop Transcoding
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Guitar Rig Session I/O
"{7C723C94-CB1B-E2BD-0E90-BC64DA26074C}" = AMD Fuel
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.2.0
"{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91604354-2B64-4A59-AF15-81E85CB4F9BB}" = CBR
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A146E311-4ABF-57D5-3773-92D303458BEC}" = AMD Media Foundation Decoders
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
"{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
"{B33D8DA3-28E5-2EA8-CC16-8D8A9CED91C4}" = AMD Catalyst Install Manager
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
"{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = AMD VISION Engine Control Center
"{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB3D1784-421D-9942-3AC4-D90B18615BBC}" = ccc-utility
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
"{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Call of Duty Black Ops II_is1" = Call of Duty Black Ops II
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62
"DivX Setup" = DivX-Setup
"ElsterFormular 11.5.1.4843" = ElsterFormular
"energyXT2_is1" = energyXT2.07
"GPL Ghostscript 9.04" = GPL Ghostscript
"HD Tune_is1" = HD Tune 2.55
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"JDownloader" = JDownloader
"KRISTAL Audio Engine" = KRISTAL Audio Engine
"LAME_is1" = LAME v3.99.3 (for Windows)
"LastFM_is1" = Last.fm Scrobbler 2.1.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"MozBackup" = MozBackup 1.4.10
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MPE" = MyPhoneExplorer
"Native Instruments AC Box Combo" = Native Instruments AC Box Combo
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Guitar Rig Session I/O" = Native Instruments Guitar Rig Session I/O
"Native Instruments Service Center" = Native Instruments Service Center
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Songbird-release-2311" = Songbird 2.0.0 (Build 2311)
"Steam App 10" = Counter-Strike
"Uplay" = Uplay
"USB_AUDIO_DEusb-audio.deBehringer2902" = BEHRINGER USB AUDIO DRIVER
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.01.2013 04:35:24 | Computer Name = skynerd | Source = ESENT | ID = 455
Description = Windows (2136) Windows: Fehler -1811 beim Öffnen von Protokolldatei
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00030.log.
 
Error - 22.01.2013 04:35:24 | Computer Name = skynerd | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 22.01.2013 04:35:24 | Computer Name = skynerd | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 22.01.2013 04:35:24 | Computer Name = skynerd | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 22.01.2013 04:35:24 | Computer Name = skynerd | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 22.01.2013 04:35:24 | Computer Name = skynerd | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 22.01.2013 04:35:25 | Computer Name = skynerd | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 22.01.2013 04:35:25 | Computer Name = skynerd | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 22.01.2013 04:35:25 | Computer Name = skynerd | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 22.01.2013 04:35:25 | Computer Name = skynerd | Source = Windows Search Service | ID = 7010
Description = 
 
[ System Events ]
Error - 21.01.2013 06:00:30 | Computer Name = skynerd | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 21.01.2013 06:00:30 | Computer Name = skynerd | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 21.01.2013 06:00:31 | Computer Name = skynerd | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 21.01.2013 06:00:31 | Computer Name = skynerd | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR3 gefunden.
 
Error - 22.01.2013 04:34:59 | Computer Name = skynerd | Source = Service Control Manager | ID = 7000
Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 22.01.2013 04:35:25 | Computer Name = skynerd | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 22.01.2013 04:35:25 | Computer Name = skynerd | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 22.01.2013 04:35:55 | Computer Name = skynerd | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 22.01.2013 07:55:21 | Computer Name = skynerd | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 22.01.2013 11:14:11 | Computer Name = skynerd | Source = Service Control Manager | ID = 7000
Description = Der Dienst "eamonm" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
         
--- --- ---



edit: nach einem durch defogger-scan(?)-bedingten Neustart, den ich im Anschluss an das Erstellen dieses Threads gemacht habe und auch nach dem OTL-bedingten, bekam ich eine Fehlermeldung bzgl "eingeschränkter Konnektivität". Erneuter Neustart behob dieses Problem jeweils.
__________________

Alt 22.01.2013, 18:09   #4
markusg
/// Malware-holic
 
starfenster.com - Standard

starfenster.com



otl.txt ist unvollständig, bitte noch mal posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.01.2013, 20:38   #5
adh
 
starfenster.com - Standard

starfenster.com



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.01.2013 16:17:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\skynet\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 70,95% Memory free
6,50 Gb Paging File | 5,34 Gb Available in Paging File | 82,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 98,57 Gb Total Space | 6,40 Gb Free Space | 6,50% Space Free | Partition Type: NTFS
Drive D: | 125,98 Gb Total Space | 62,61 Gb Free Space | 49,70% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 84,15 Gb Free Space | 9,03% Space Free | Partition Type: NTFS
Drive Z: | 98,57 Gb Total Space | 6,40 Gb Free Space | 6,50% Space Free | Partition Type: NTFS
 
Computer Name: SKYNERD | User Name: skynet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.22 16:09:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\skynet\Downloads\OTL.exe
PRC - [2012.12.22 04:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\skynet\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.08 16:40:38 | 000,166,912 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.08.10 11:14:17 | 001,193,176 | ---- | M] () -- C:\Users\skynet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.08.08 11:32:11 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.04.24 01:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.06 04:12:16 | 000,404,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.12.06 04:11:44 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.12.05 22:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.04.07 16:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2011.03.07 14:33:08 | 000,089,456 | ---- | M] (Elaborate Bytes AG) -- C:\Programme\VirtualCloneDrive\VCDDaemon.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.04.27 09:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.03.30 14:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.10 15:15:46 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4f91a66a3f10565b979b758f6f08e8cc\WindowsFormsIntegration.ni.dll
MOD - [2013.01.10 13:51:11 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013.01.10 10:22:43 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 10:22:33 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0ac577a8ad6528ff03b50db5eeeac8be\System.Web.ni.dll
MOD - [2013.01.10 10:22:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 10:22:12 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013.01.10 10:21:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.10 10:21:50 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 10:21:48 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll
MOD - [2013.01.10 10:21:47 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.01.10 10:21:39 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 10:21:34 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 10:21:31 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 10:21:30 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 10:21:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.08.10 11:14:17 | 001,193,176 | ---- | M] () -- C:\Users\skynet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011.12.05 22:14:02 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011.12.05 22:10:38 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.07.14 09:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.02.27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Programme\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013.01.09 15:13:10 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.08 16:40:38 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.05.15 15:06:15 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.06 04:11:44 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.12.05 22:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.04.07 16:33:31 | 003,857,408 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.16 16:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\\SystemRoot\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - File not found [File_System | Auto | Stopped] -- system32\DRIVERS\eamonm.sys -- (eamonm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\skynet\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2012.08.20 14:48:44 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2012.08.20 14:48:44 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2012.04.27 09:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.24 23:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 20:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.12.06 04:44:22 | 009,067,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.12.06 03:11:50 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.10.17 18:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011.06.24 06:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011.06.24 06:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.0)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.23 09:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.27 08:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.04.27 08:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.02.18 08:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2010.01.28 15:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.08.23 23:55:32 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.08.04 09:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.07.16 04:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2007.11.06 16:40:18 | 000,340,480 | ---- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BUSB2902.sys -- (BEHRINGER_2902)
DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Linkury Smartbar Search"
FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
FF - prefs.js..extensions.enabledAddons: cacaoweb@cacaoweb.org:1.0.17
FF - prefs.js..extensions.enabledAddons: searchimdb@sogame.cat:1.2.0
FF - prefs.js..extensions.enabledAddons: {15a82062-5139-4855-9706-130a8a4be80c}:1.0.4
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.2
FF - prefs.js..extensions.enabledAddons: isreaditlater@ideashower.com:3.0.0
FF - prefs.js..extensions.enabledItems: linkuryfirefoxremoteplugin@linkury.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: searchimdb@sogame.cat:1.2.0
FF - prefs.js..extensions.enabledItems: {15a82062-5139-4855-9706-130a8a4be80c}:1.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..keyword.URL: "hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\skynet\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\skynet\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.24 14:49:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.09 09:46:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2013.01.09 09:46:21 | 000,000,000 | ---D | M]
 
[2012.09.24 14:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\skynet\AppData\Roaming\Mozilla\Extensions
[2011.04.29 21:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\skynet\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.09.24 14:03:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\skynet\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012.07.31 09:36:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions
[2011.06.13 16:17:04 | 000,000,000 | ---D | M] (cacaoweb) -- C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\cacaoweb@cacaoweb.org
[2012.05.18 13:56:26 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\ich@maltegoetz.de
[2011.04.18 12:34:32 | 000,000,000 | ---D | M] (SearchIMDB) -- C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\searchimdb@sogame.cat
[2012.07.12 08:09:17 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\isreaditlater@ideashower.com.xpi
[2011.12.02 14:33:40 | 000,742,808 | ---- | M] () (No name found) -- C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\{15a82062-5139-4855-9706-130a8a4be80c}.xpi
[2012.07.31 09:36:11 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.11.04 08:09:12 | 000,005,604 | ---- | M] () -- C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\searchplugins\Linkury Smartbar Search.xml
[2011.02.09 08:19:02 | 000,004,140 | ---- | M] () -- C:\Users\skynet\AppData\Roaming\Mozilla\Firefox\Profiles\ruleq0ut.default\searchplugins\youtube.xml
[2012.03.01 12:09:15 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\skynet\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\skynet\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\skynet\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\skynet\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - Extension: Auf den Amazon-Wunschzettel = C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.10_0\
CHR - Extension: AdBlock = C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.55_0\
CHR - Extension: ProxMate - unblock the Internet! = C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.1.7_0\
CHR - Extension: Pocket (formerly Read It Later) = C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj\1.1.5_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\skynet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012.04.30 15:30:06 | 000,000,913 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [Spotify] C:\Users\skynet\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\skynet\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\skynet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\skynet\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2328C50-41A7-4337-B8A9-5F9A71AAD5F5}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBBECBE2-3F77-4AD4-9F96-2FDB749BD5DD}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{84b57f9e-63a7-11e1-b93c-20cf30ab3407}\Shell - "" = AutoRun
O33 - MountPoints2\{84b57f9e-63a7-11e1-b93c-20cf30ab3407}\Shell\AutoRun\command - "" = E:\autorun.exe -auto
O33 - MountPoints2\{e67fb239-aace-11e0-bb69-20cf30ab3407}\Shell - "" = AutoRun
O33 - MountPoints2\{e67fb239-aace-11e0-bb69-20cf30ab3407}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^skynet^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.18 20:42:49 | 000,000,000 | ---D | C] -- C:\Users\skynet\AppData\Roaming\vlc
[2013.01.18 20:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.01.18 11:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[2013.01.10 10:23:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.09 09:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[561 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.22 16:14:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.22 16:14:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.22 16:14:04 | 2616,594,432 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.22 16:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.22 16:12:43 | 000,000,020 | ---- | M] () -- C:\Users\skynet\defogger_reenable
[2013.01.22 15:53:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000UA.job
[2013.01.22 15:27:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.22 09:42:26 | 000,016,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.22 09:42:26 | 000,016,896 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 16:53:04 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000Core.job
[2013.01.21 12:38:41 | 000,696,036 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.21 12:38:41 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.21 12:38:41 | 000,148,354 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.21 12:38:41 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.20 12:17:24 | 001,656,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.18 20:42:18 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.18 20:23:30 | 000,002,072 | ---- | M] () -- C:\Users\skynet\Desktop\relink.us__RE4_801f6fb7a7846c42f947748ce01919.dlc
[2013.01.13 10:34:14 | 000,138,032 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.01.13 10:34:08 | 000,281,688 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.01.12 16:19:37 | 000,281,688 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013.01.11 14:55:08 | 000,002,376 | ---- | M] () -- C:\Users\skynet\Desktop\Google Chrome.lnk
[2013.01.09 12:36:15 | 000,013,780 | ---- | M] () -- C:\Users\skynet\Documents\GEZ Befereiungs Antrag.pdf
[2013.01.01 22:07:29 | 000,001,190 | ---- | M] () -- C:\Users\skynet\Desktop\Startfenster.lnk
[2013.01.01 15:53:18 | 000,001,168 | ---- | M] () -- C:\Users\skynet\Desktop\Uplay.lnk
[2013.01.01 15:53:13 | 000,001,390 | ---- | M] () -- C:\Users\skynet\Desktop\Far Cry 3.lnk
[2012.12.31 00:56:58 | 000,082,219 | ---- | M] () -- C:\Users\skynet\Documents\Liste.pdf
[2012.12.27 10:43:24 | 000,001,053 | ---- | M] () -- C:\Users\skynet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.27 10:43:15 | 000,001,023 | ---- | M] () -- C:\Users\skynet\Desktop\Dropbox.lnk
[561 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.22 16:12:26 | 000,000,020 | ---- | C] () -- C:\Users\skynet\defogger_reenable
[2013.01.18 20:42:18 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.18 20:23:30 | 000,002,072 | ---- | C] () -- C:\Users\skynet\Desktop\relink.us__RE4_801f6fb7a7846c42f947748ce01919.dlc
[2013.01.09 12:36:14 | 000,013,780 | ---- | C] () -- C:\Users\skynet\Documents\GEZ Befereiungs Antrag.pdf
[2013.01.01 22:07:29 | 000,001,190 | ---- | C] () -- C:\Users\skynet\Desktop\Startfenster.lnk
[2013.01.01 15:53:13 | 000,001,390 | ---- | C] () -- C:\Users\skynet\Desktop\Far Cry 3.lnk
[2012.12.31 00:56:58 | 000,082,219 | ---- | C] () -- C:\Users\skynet\Documents\Liste.pdf
[2012.12.10 11:59:53 | 002,872,000 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2012.12.10 11:59:52 | 000,015,576 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2012.12.10 11:59:52 | 000,010,200 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2012.11.20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe
[2012.08.29 00:16:37 | 000,138,032 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.08.29 00:16:27 | 000,138,904 | ---- | C] () -- C:\Users\skynet\AppData\Roaming\PnkBstrK.sys
[2012.08.29 00:15:55 | 000,281,688 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.08.29 00:15:53 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.04.03 12:04:35 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.11.14 20:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.11.10 03:28:32 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011.11.10 03:28:32 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011.09.28 10:27:37 | 000,000,000 | ---- | C] () -- C:\Users\skynet\AppData\Local\{6E32E138-A02C-4353-AEAE-FE73199CDEE1}
[2011.09.24 13:04:31 | 000,000,000 | ---- | C] () -- C:\Users\skynet\AppData\Local\{9B3C3095-1C6D-4025-A1C7-21E3C71F32EA}
[2011.09.22 08:31:01 | 000,000,000 | ---- | C] () -- C:\Users\skynet\AppData\Local\{D99D0FDA-E93C-4EDF-880D-474F4BA59867}
[2011.09.22 08:29:06 | 000,000,000 | ---- | C] () -- C:\Users\skynet\AppData\Local\{DCA9B548-39A9-468B-BAA4-C596157C17AF}
[2011.09.21 08:36:09 | 000,000,000 | ---- | C] () -- C:\Users\skynet\AppData\Local\{2E6CC013-B1D7-4357-8C48-DCE38F495897}
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.08.31 09:49:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.08.31 09:49:21 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.06.21 14:14:57 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.15 11:35:15 | 000,000,827 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.15 11:35:15 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.05.15 11:33:46 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011.04.29 21:53:37 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.04.29 18:36:05 | 000,024,576 | ---- | C] () -- C:\Windows\System32\AsIO.dll
[2011.04.29 18:36:05 | 000,011,296 | ---- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2011.04.29 18:36:04 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2011.04.29 18:36:04 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2011.04.15 22:31:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.15 22:29:09 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.15 22:24:06 | 000,033,043 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.04.15 22:23:38 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.04.15 22:23:34 | 000,023,771 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.04.18 12:56:35 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\Audacity
[2011.08.21 17:22:53 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\cacaoweb
[2012.03.01 07:24:26 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\DAEMON Tools Lite
[2013.01.22 16:14:32 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\Dropbox
[2011.09.30 09:16:40 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\elsterformular
[2012.05.30 13:09:33 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\FreePDF
[2012.10.08 00:51:18 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\Frogwares
[2012.03.22 14:12:19 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\GetRightToGo
[2011.06.28 15:55:36 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\IrfanView
[2012.12.09 23:10:07 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\MyPhoneExplorer
[2011.05.10 05:17:41 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\Notepad++
[2011.11.03 14:10:33 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\OpenCandy
[2011.04.18 09:43:41 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\OpenOffice.org
[2012.04.03 12:14:56 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\pdfforge
[2011.04.16 09:54:27 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\PunkBuster
[2011.06.17 07:42:36 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\SharePod
[2012.09.24 14:02:59 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\Songbird2
[2013.01.22 16:14:31 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\Spotify
[2012.05.31 18:02:27 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\Steinberg
[2012.12.09 21:51:15 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\TeamViewer
[2011.04.29 21:53:37 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\Thunderbird
[2012.12.09 21:37:36 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\TuneUp Software
[2012.08.29 00:02:37 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\Ubisoft
[2012.06.01 07:58:19 | 000,000,000 | ---D | M] -- C:\Users\skynet\AppData\Roaming\VST3 Presets
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.01.31 09:40:45 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.02.05 10:14:06 | 000,000,000 | ---D | M] -- C:\AMD
[2012.12.09 22:44:49 | 000,000,000 | ---D | M] -- C:\Android
[2011.04.16 09:31:58 | 000,000,000 | ---D | M] -- C:\ATI
[2011.11.07 18:07:37 | 000,000,000 | ---D | M] -- C:\bb2e0b33df465aa987f58d13
[2011.08.04 09:48:50 | 000,000,000 | -HSD | M] -- C:\Boot
[2013.01.10 10:24:51 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.04.15 22:20:24 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.04.29 11:37:42 | 000,000,000 | ---D | M] -- C:\mgafold
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.10 10:53:45 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.10 12:25:29 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.04.15 22:20:24 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.04.15 22:20:24 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.01.22 16:19:23 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.25 16:43:39 | 000,000,000 | ---D | M] -- C:\Users
[2013.01.22 16:16:43 | 000,000,000 | ---D | M] -- C:\Windows
[2012.01.01 21:11:38 | 000,000,000 | ---D | M] -- C:\xxxSERIES
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[561 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2009.07.14 05:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.04.15 21:42:28 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.04.15 21:42:29 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.07.10 08:43:02 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.08.24 14:38:22 | 000,001,072 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000Core.job
[2012.08.24 14:38:22 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2823852888-2508949419-1921833563-1000UA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[561 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2013.01.22 16:12:43 | 000,000,020 | ---- | M] () -- C:\Users\skynet\defogger_reenable
[2013.01.22 16:19:26 | 002,359,296 | -HS- | M] () -- C:\Users\skynet\NTUSER.DAT
[2013.01.22 16:19:26 | 000,262,144 | -HS- | M] () -- C:\Users\skynet\ntuser.dat.LOG1
[2011.04.15 22:20:30 | 000,000,000 | -HS- | M] () -- C:\Users\skynet\ntuser.dat.LOG2
[2011.04.15 22:30:41 | 000,065,536 | -HS- | M] () -- C:\Users\skynet\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2011.04.15 22:30:41 | 000,524,288 | -HS- | M] () -- C:\Users\skynet\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2011.04.15 22:30:41 | 000,524,288 | -HS- | M] () -- C:\Users\skynet\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011.04.15 22:20:30 | 000,000,020 | -HS- | M] () -- C:\Users\skynet\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
         
--- --- ---


Alt 22.01.2013, 20:45   #6
markusg
/// Malware-holic
 
starfenster.com - Standard

starfenster.com



hi
deinstaliere dann auch mal deine vlc player version,denn davon kommts, und lad ihn von der original Seite:
VideoLAN - Official page for VLC media player, the Open Source video framework!
dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
FF - prefs.js..browser.search.defaultenginename: "Linkury Smartbar Search"
FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.startfenster.com"
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________
--> starfenster.com

Alt 22.01.2013, 20:54   #7
adh
 
starfenster.com - Standard

starfenster.com



All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "Linkury Smartbar Search" removed from browser.search.defaultenginename
Prefs.js: "Linkury Smartbar Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://www.startfenster.com" removed from browser.startup.homepage
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 58264 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: skynet
->Flash cache emptied: 56977 bytes

User: warez

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: skynet
->Temp folder emptied: 12162890 bytes
->Temporary Internet Files folder emptied: 655892 bytes
->Java cache emptied: 5328109 bytes
->FireFox cache emptied: 60435587 bytes
->Google Chrome cache emptied: 250590545 bytes
->Flash cache emptied: 0 bytes

User: warez

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 1190 bytes

Total Files Cleaned = 314,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01222013_204856

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 22.01.2013, 20:55   #8
markusg
/// Malware-holic
 
starfenster.com - Standard

starfenster.com



hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.01.2013, 21:00   #9
adh
 
starfenster.com - Standard

starfenster.com



20:58:38.0260 2948 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:58:38.0416 2948 ============================================================
20:58:38.0416 2948 Current date / time: 2013/01/22 20:58:38.0416
20:58:38.0416 2948 SystemInfo:
20:58:38.0416 2948
20:58:38.0416 2948 OS Version: 6.1.7601 ServicePack: 1.0
20:58:38.0416 2948 Product type: Workstation
20:58:38.0417 2948 ComputerName: SKYNERD
20:58:38.0417 2948 UserName: skynet
20:58:38.0417 2948 Windows directory: C:\Windows
20:58:38.0417 2948 System windows directory: C:\Windows
20:58:38.0417 2948 Processor architecture: Intel x86
20:58:38.0417 2948 Number of processors: 4
20:58:38.0417 2948 Page size: 0x1000
20:58:38.0417 2948 Boot type: Normal boot
20:58:38.0417 2948 ============================================================
20:58:41.0174 2948 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:58:41.0178 2948 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:58:41.0180 2948 ============================================================
20:58:41.0180 2948 \Device\Harddisk0\DR0:
20:58:41.0180 2948 MBR partitions:
20:58:41.0180 2948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC525000
20:58:41.0180 2948 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC525800, BlocksNum 0xFBF3800
20:58:41.0180 2948 \Device\Harddisk1\DR1:
20:58:41.0182 2948 MBR partitions:
20:58:41.0182 2948 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
20:58:41.0182 2948 ============================================================
20:58:41.0199 2948 C: <-> \Device\Harddisk0\DR0\Partition1
20:58:41.0234 2948 D: <-> \Device\Harddisk0\DR0\Partition2
20:58:41.0259 2948 H: <-> \Device\Harddisk1\DR1\Partition1
20:58:41.0260 2948 ============================================================
20:58:41.0260 2948 Initialize success
20:58:41.0260 2948 ============================================================
20:59:02.0326 1928 ============================================================
20:59:02.0326 1928 Scan started
20:59:02.0326 1928 Mode: Manual; SigCheck; TDLFS;
20:59:02.0326 1928 ============================================================
20:59:03.0541 1928 ================ Scan system memory ========================
20:59:03.0541 1928 System memory - ok
20:59:03.0542 1928 ================ Scan services =============================
20:59:03.0672 1928 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:59:03.0763 1928 1394ohci - ok
20:59:03.0782 1928 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:59:03.0792 1928 ACPI - ok
20:59:03.0827 1928 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:59:03.0892 1928 AcpiPmi - ok
20:59:03.0986 1928 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:59:04.0030 1928 AdobeARMservice - ok
20:59:04.0074 1928 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:59:04.0088 1928 AdobeFlashPlayerUpdateSvc - ok
20:59:04.0126 1928 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:59:04.0183 1928 adp94xx - ok
20:59:04.0202 1928 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:59:04.0225 1928 adpahci - ok
20:59:04.0241 1928 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:59:04.0262 1928 adpu320 - ok
20:59:04.0282 1928 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:59:04.0332 1928 AeLookupSvc - ok
20:59:04.0385 1928 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:59:04.0451 1928 AFD - ok
20:59:04.0463 1928 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:59:04.0481 1928 agp440 - ok
20:59:04.0495 1928 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:59:04.0513 1928 aic78xx - ok
20:59:04.0540 1928 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:59:04.0576 1928 ALG - ok
20:59:04.0590 1928 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:59:04.0605 1928 aliide - ok
20:59:04.0676 1928 ALSysIO - ok
20:59:04.0715 1928 [ EC98CA8298F67926FA50876348534B1D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:59:04.0785 1928 AMD External Events Utility - ok
20:59:04.0821 1928 AMD FUEL Service - ok
20:59:04.0829 1928 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:59:04.0846 1928 amdagp - ok
20:59:04.0855 1928 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:59:04.0871 1928 amdide - ok
20:59:04.0889 1928 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
20:59:04.0906 1928 amdiox86 - ok
20:59:04.0923 1928 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:59:04.0959 1928 AmdK8 - ok
20:59:05.0141 1928 [ 65B44179CF184B08E86097BFFBF03F24 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:59:05.0511 1928 amdkmdag - ok
20:59:05.0531 1928 [ 5E1C65524FF1713711CE27879D813384 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:59:05.0553 1928 amdkmdap - ok
20:59:05.0588 1928 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\Windows\system32\DRIVERS\AmdLLD.sys
20:59:05.0637 1928 AmdLLD - ok
20:59:05.0656 1928 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:59:05.0681 1928 AmdPPM - ok
20:59:05.0703 1928 [ E7F4D42D8076EC60E21715CD11743A0D ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:59:05.0741 1928 amdsata - ok
20:59:05.0755 1928 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:59:05.0774 1928 amdsbs - ok
20:59:05.0782 1928 [ 146459D2B08BFDCBFA856D9947043C81 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:59:05.0797 1928 amdxata - ok
20:59:05.0865 1928 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:59:05.0909 1928 AntiVirSchedulerService - ok
20:59:05.0935 1928 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:59:05.0953 1928 AntiVirService - ok
20:59:05.0974 1928 [ 62B03AFE5CC83BACF064848DAA295D9C ] AODDriver4.0 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
20:59:06.0008 1928 AODDriver4.0 ( UnsignedFile.Multi.Generic ) - warning
20:59:06.0008 1928 AODDriver4.0 - detected UnsignedFile.Multi.Generic (1)
20:59:06.0016 1928 [ 62B03AFE5CC83BACF064848DAA295D9C ] AODDriver4.01 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
20:59:06.0025 1928 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - warning
20:59:06.0025 1928 AODDriver4.01 - detected UnsignedFile.Multi.Generic (1)
20:59:06.0074 1928 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:59:06.0197 1928 AppID - ok
20:59:06.0232 1928 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:59:06.0288 1928 AppIDSvc - ok
20:59:06.0311 1928 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
20:59:06.0347 1928 Appinfo - ok
20:59:06.0386 1928 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
20:59:06.0426 1928 AppMgmt - ok
20:59:06.0446 1928 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:59:06.0466 1928 arc - ok
20:59:06.0483 1928 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:59:06.0502 1928 arcsas - ok
20:59:06.0554 1928 [ 9D8CB58B9A9E177DDD599791A58A654D ] AsIO C:\Windows\system32\drivers\AsIO.sys
20:59:06.0566 1928 AsIO - ok
20:59:06.0622 1928 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:59:06.0639 1928 aspnet_state - ok
20:59:06.0657 1928 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:59:06.0711 1928 AsyncMac - ok
20:59:06.0733 1928 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:59:06.0744 1928 atapi - ok
20:59:06.0791 1928 [ 7725AECCEDDF81BD8374C77157E450EA ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
20:59:06.0823 1928 AtiHDAudioService - ok
20:59:06.0852 1928 [ 36A49B49E982450AC117EDA6AB35BDF5 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
20:59:06.0870 1928 AtiHdmiService - ok
20:59:06.0882 1928 [ ACA01C43D065E546C6DC88EA669CECA6 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
20:59:06.0894 1928 AtiPcie - ok
20:59:06.0938 1928 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:59:06.0980 1928 AudioEndpointBuilder - ok
20:59:06.0989 1928 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:59:07.0011 1928 Audiosrv - ok
20:59:07.0036 1928 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:59:07.0049 1928 avgntflt - ok
20:59:07.0070 1928 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:59:07.0084 1928 avipbb - ok
20:59:07.0125 1928 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:59:07.0155 1928 avkmgr - ok
20:59:07.0188 1928 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:59:07.0231 1928 AxInstSV - ok
20:59:07.0260 1928 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:59:07.0296 1928 b06bdrv - ok
20:59:07.0317 1928 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:59:07.0339 1928 b57nd60x - ok
20:59:07.0356 1928 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:59:07.0389 1928 BDESVC - ok
20:59:07.0401 1928 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:59:07.0434 1928 Beep - ok
20:59:07.0472 1928 [ 4EE79DC79D821500D5174047A9AF708C ] BEHRINGER_2902 C:\Windows\system32\Drivers\BUSB2902.sys
20:59:07.0487 1928 BEHRINGER_2902 ( UnsignedFile.Multi.Generic ) - warning
20:59:07.0487 1928 BEHRINGER_2902 - detected UnsignedFile.Multi.Generic (1)
20:59:07.0546 1928 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
20:59:07.0615 1928 BFE - ok
20:59:07.0642 1928 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
20:59:07.0697 1928 BITS - ok
20:59:07.0708 1928 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:59:07.0730 1928 blbdrive - ok
20:59:07.0769 1928 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:59:07.0785 1928 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
20:59:07.0785 1928 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
20:59:07.0806 1928 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:59:07.0827 1928 bowser - ok
20:59:07.0835 1928 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:59:07.0873 1928 BrFiltLo - ok
20:59:07.0884 1928 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:59:07.0910 1928 BrFiltUp - ok
20:59:07.0945 1928 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
20:59:07.0997 1928 Browser - ok
20:59:08.0016 1928 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:59:08.0079 1928 Brserid - ok
20:59:08.0089 1928 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:59:08.0115 1928 BrSerWdm - ok
20:59:08.0119 1928 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:59:08.0146 1928 BrUsbMdm - ok
20:59:08.0160 1928 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:59:08.0175 1928 BrUsbSer - ok
20:59:08.0182 1928 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:59:08.0204 1928 BTHMODEM - ok
20:59:08.0226 1928 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:59:08.0258 1928 bthserv - ok
20:59:08.0270 1928 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:59:08.0298 1928 cdfs - ok
20:59:08.0351 1928 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:59:08.0406 1928 cdrom - ok
20:59:08.0447 1928 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:59:08.0508 1928 CertPropSvc - ok
20:59:08.0528 1928 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:59:08.0548 1928 circlass - ok
20:59:08.0554 1928 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:59:08.0566 1928 CLFS - ok
20:59:08.0603 1928 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:59:08.0616 1928 clr_optimization_v2.0.50727_32 - ok
20:59:08.0679 1928 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:59:08.0705 1928 clr_optimization_v4.0.30319_32 - ok
20:59:08.0720 1928 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:59:08.0735 1928 CmBatt - ok
20:59:08.0748 1928 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:59:08.0764 1928 cmdide - ok
20:59:08.0796 1928 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
20:59:08.0829 1928 CNG - ok
20:59:08.0839 1928 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:59:08.0851 1928 Compbatt - ok
20:59:08.0868 1928 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:59:08.0918 1928 CompositeBus - ok
20:59:08.0922 1928 COMSysApp - ok
20:59:08.0946 1928 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:59:08.0963 1928 crcdisk - ok
20:59:09.0001 1928 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:59:09.0039 1928 CryptSvc - ok
20:59:09.0070 1928 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
20:59:09.0121 1928 CSC - ok
20:59:09.0155 1928 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
20:59:09.0186 1928 CscService - ok
20:59:09.0205 1928 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:59:09.0228 1928 DcomLaunch - ok
20:59:09.0250 1928 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:59:09.0285 1928 defragsvc - ok
20:59:09.0313 1928 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:59:09.0346 1928 DfsC - ok
20:59:09.0380 1928 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:59:09.0405 1928 Dhcp - ok
20:59:09.0420 1928 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:59:09.0447 1928 discache - ok
20:59:09.0515 1928 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:59:09.0553 1928 Disk - ok
20:59:09.0573 1928 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:59:09.0602 1928 Dnscache - ok
20:59:09.0630 1928 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:59:09.0683 1928 dot3svc - ok
20:59:09.0699 1928 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:59:09.0730 1928 DPS - ok
20:59:09.0753 1928 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:59:09.0789 1928 drmkaud - ok
20:59:09.0812 1928 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:59:09.0844 1928 DXGKrnl - ok
20:59:09.0856 1928 eamonm - ok
20:59:09.0866 1928 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:59:09.0896 1928 EapHost - ok
20:59:09.0972 1928 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:59:10.0056 1928 ebdrv - ok
20:59:10.0079 1928 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:59:10.0099 1928 EFS - ok
20:59:10.0141 1928 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:59:10.0208 1928 ehRecvr - ok
20:59:10.0224 1928 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:59:10.0263 1928 ehSched - ok
20:59:10.0291 1928 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
20:59:10.0306 1928 ElbyCDIO - ok
20:59:10.0322 1928 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:59:10.0349 1928 elxstor - ok
20:59:10.0363 1928 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:59:10.0380 1928 ErrDev - ok
20:59:10.0397 1928 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:59:10.0427 1928 EventSystem - ok
20:59:10.0443 1928 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:59:10.0472 1928 exfat - ok
20:59:10.0486 1928 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:59:10.0514 1928 fastfat - ok
20:59:10.0537 1928 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:59:10.0561 1928 Fax - ok
20:59:10.0569 1928 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:59:10.0583 1928 fdc - ok
20:59:10.0595 1928 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:59:10.0621 1928 fdPHost - ok
20:59:10.0635 1928 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:59:10.0662 1928 FDResPub - ok
20:59:10.0674 1928 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:59:10.0686 1928 FileInfo - ok
20:59:10.0697 1928 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:59:10.0719 1928 Filetrace - ok
20:59:10.0788 1928 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:59:10.0842 1928 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:59:10.0842 1928 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:59:10.0854 1928 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:59:10.0875 1928 flpydisk - ok
20:59:10.0893 1928 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:59:10.0915 1928 FltMgr - ok
20:59:10.0971 1928 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
20:59:11.0048 1928 FontCache - ok
20:59:11.0084 1928 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:59:11.0107 1928 FontCache3.0.0.0 - ok
20:59:11.0126 1928 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:59:11.0144 1928 FsDepends - ok
20:59:11.0181 1928 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:59:11.0196 1928 Fs_Rec - ok
20:59:11.0235 1928 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:59:11.0264 1928 fvevol - ok
20:59:11.0285 1928 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:59:11.0303 1928 gagp30kx - ok
20:59:11.0364 1928 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
20:59:11.0396 1928 GEARAspiWDM - ok
20:59:11.0448 1928 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:59:11.0502 1928 gpsvc - ok
20:59:11.0534 1928 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:59:11.0560 1928 gupdate - ok
20:59:11.0564 1928 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:59:11.0573 1928 gupdatem - ok
20:59:11.0584 1928 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:59:11.0617 1928 hcw85cir - ok
20:59:11.0670 1928 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:59:11.0739 1928 HdAudAddService - ok
20:59:11.0755 1928 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:59:11.0778 1928 HDAudBus - ok
20:59:11.0786 1928 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:59:11.0813 1928 HidBatt - ok
20:59:11.0818 1928 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:59:11.0854 1928 HidBth - ok
20:59:11.0875 1928 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:59:11.0898 1928 HidIr - ok
20:59:11.0914 1928 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
20:59:11.0945 1928 hidserv - ok
20:59:11.0963 1928 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:59:11.0975 1928 HidUsb - ok
20:59:12.0002 1928 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:59:12.0049 1928 hkmsvc - ok
20:59:12.0059 1928 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:59:12.0099 1928 HomeGroupListener - ok
20:59:12.0120 1928 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:59:12.0160 1928 HomeGroupProvider - ok
20:59:12.0192 1928 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:59:12.0210 1928 HpSAMD - ok
20:59:12.0245 1928 [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
20:59:12.0282 1928 HTCAND32 - ok
20:59:12.0328 1928 [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
20:59:12.0384 1928 htcnprot - ok
20:59:12.0412 1928 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:59:12.0499 1928 HTTP - ok
20:59:12.0537 1928 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:59:12.0552 1928 hwpolicy - ok
20:59:12.0585 1928 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:59:12.0609 1928 i8042prt - ok
20:59:12.0637 1928 [ A3CAE5D281DB4CFF7CFF8233507EE5AD ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:59:12.0680 1928 iaStorV - ok
20:59:12.0741 1928 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:59:12.0778 1928 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:59:12.0778 1928 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:59:12.0818 1928 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:59:12.0865 1928 idsvc - ok
20:59:12.0891 1928 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:59:12.0908 1928 iirsp - ok
20:59:12.0951 1928 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:59:13.0037 1928 IKEEXT - ok
20:59:13.0120 1928 [ 441A9ADCE9394E18FF6C23F77C983C04 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:59:13.0174 1928 IntcAzAudAddService - ok
20:59:13.0182 1928 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:59:13.0193 1928 intelide - ok
20:59:13.0202 1928 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:59:13.0227 1928 intelppm - ok
20:59:13.0238 1928 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:59:13.0263 1928 IPBusEnum - ok
20:59:13.0273 1928 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:59:13.0299 1928 IpFilterDriver - ok
20:59:13.0344 1928 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:59:13.0430 1928 iphlpsvc - ok
20:59:13.0444 1928 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:59:13.0464 1928 IPMIDRV - ok
20:59:13.0474 1928 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:59:13.0506 1928 IPNAT - ok
20:59:13.0515 1928 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:59:13.0546 1928 IRENUM - ok
20:59:13.0554 1928 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:59:13.0566 1928 isapnp - ok
20:59:13.0580 1928 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:59:13.0597 1928 iScsiPrt - ok
20:59:13.0608 1928 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:59:13.0620 1928 kbdclass - ok
20:59:13.0623 1928 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:59:13.0645 1928 kbdhid - ok
20:59:13.0652 1928 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:59:13.0661 1928 KeyIso - ok
20:59:13.0683 1928 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:59:13.0697 1928 KSecDD - ok
20:59:13.0709 1928 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:59:13.0724 1928 KSecPkg - ok
20:59:13.0750 1928 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:59:13.0788 1928 KtmRm - ok
20:59:13.0798 1928 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
20:59:13.0822 1928 LanmanServer - ok
20:59:13.0857 1928 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:59:13.0907 1928 LanmanWorkstation - ok
20:59:13.0928 1928 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:59:13.0959 1928 lltdio - ok
20:59:13.0978 1928 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:59:14.0002 1928 lltdsvc - ok
20:59:14.0014 1928 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:59:14.0043 1928 lmhosts - ok
20:59:14.0059 1928 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:59:14.0072 1928 LSI_FC - ok
20:59:14.0084 1928 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:59:14.0098 1928 LSI_SAS - ok
20:59:14.0105 1928 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:59:14.0118 1928 LSI_SAS2 - ok
20:59:14.0127 1928 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:59:14.0141 1928 LSI_SCSI - ok
20:59:14.0155 1928 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:59:14.0178 1928 luafv - ok
20:59:14.0201 1928 MBAMSwissArmy - ok
20:59:14.0224 1928 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:59:14.0260 1928 Mcx2Svc - ok
20:59:14.0274 1928 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:59:14.0292 1928 megasas - ok
20:59:14.0309 1928 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:59:14.0332 1928 MegaSR - ok
20:59:14.0360 1928 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:59:14.0395 1928 MMCSS - ok
20:59:14.0413 1928 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:59:14.0452 1928 Modem - ok
20:59:14.0486 1928 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:59:14.0517 1928 monitor - ok
20:59:14.0553 1928 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:59:14.0584 1928 mouclass - ok
20:59:14.0608 1928 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:59:14.0624 1928 mouhid - ok
20:59:14.0652 1928 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:59:14.0671 1928 mountmgr - ok
20:59:14.0711 1928 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:59:14.0763 1928 mpio - ok
20:59:14.0778 1928 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:59:14.0811 1928 mpsdrv - ok
20:59:14.0846 1928 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:59:14.0914 1928 MpsSvc - ok
20:59:14.0936 1928 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:59:14.0953 1928 MRxDAV - ok
20:59:14.0990 1928 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:59:15.0034 1928 mrxsmb - ok
20:59:15.0058 1928 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:59:15.0086 1928 mrxsmb10 - ok
20:59:15.0095 1928 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:59:15.0124 1928 mrxsmb20 - ok
20:59:15.0137 1928 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:59:15.0153 1928 msahci - ok
20:59:15.0167 1928 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:59:15.0188 1928 msdsm - ok
20:59:15.0200 1928 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:59:15.0226 1928 MSDTC - ok
20:59:15.0241 1928 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:59:15.0271 1928 Msfs - ok
20:59:15.0280 1928 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:59:15.0312 1928 mshidkmdf - ok
20:59:15.0334 1928 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:59:15.0345 1928 msisadrv - ok
20:59:15.0370 1928 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:59:15.0406 1928 MSiSCSI - ok
20:59:15.0409 1928 msiserver - ok
20:59:15.0428 1928 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:59:15.0452 1928 MSKSSRV - ok
20:59:15.0462 1928 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:59:15.0488 1928 MSPCLOCK - ok
20:59:15.0497 1928 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:59:15.0518 1928 MSPQM - ok
20:59:15.0529 1928 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:59:15.0544 1928 MsRPC - ok
20:59:15.0557 1928 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:59:15.0565 1928 mssmbios - ok
20:59:15.0580 1928 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:59:15.0610 1928 MSTEE - ok
20:59:15.0623 1928 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:59:15.0637 1928 MTConfig - ok
20:59:15.0668 1928 [ CBE71C122434805CB73FFB6619F60598 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
20:59:15.0677 1928 MTsensor - ok
20:59:15.0690 1928 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:59:15.0702 1928 Mup - ok
20:59:15.0745 1928 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:59:15.0782 1928 napagent - ok
20:59:15.0802 1928 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:59:15.0822 1928 NativeWifiP - ok
20:59:15.0865 1928 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:59:15.0896 1928 NDIS - ok
20:59:15.0917 1928 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:59:15.0939 1928 NdisCap - ok
20:59:15.0953 1928 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:59:16.0007 1928 NdisTapi - ok
20:59:16.0042 1928 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:59:16.0071 1928 Ndisuio - ok
20:59:16.0106 1928 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:59:16.0144 1928 NdisWan - ok
20:59:16.0152 1928 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:59:16.0181 1928 NDProxy - ok
20:59:16.0193 1928 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:59:16.0223 1928 NetBIOS - ok
20:59:16.0269 1928 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:59:16.0363 1928 NetBT - ok
20:59:16.0367 1928 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:59:16.0379 1928 Netlogon - ok
20:59:16.0411 1928 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:59:16.0442 1928 Netman - ok
20:59:16.0479 1928 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:59:16.0493 1928 NetMsmqActivator - ok
20:59:16.0496 1928 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:59:16.0503 1928 NetPipeActivator - ok
20:59:16.0545 1928 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:59:16.0607 1928 netprofm - ok
20:59:16.0613 1928 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:59:16.0620 1928 NetTcpActivator - ok
20:59:16.0623 1928 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:59:16.0630 1928 NetTcpPortSharing - ok
20:59:16.0646 1928 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:59:16.0659 1928 nfrd960 - ok
20:59:16.0790 1928 [ BD7A1D7BEF2C0FDE73F7B87971ED9D2F ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
20:59:16.0903 1928 NIHardwareService ( UnsignedFile.Multi.Generic ) - warning
20:59:16.0904 1928 NIHardwareService - detected UnsignedFile.Multi.Generic (1)
20:59:16.0929 1928 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:59:16.0954 1928 NlaSvc - ok
20:59:16.0964 1928 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:59:16.0986 1928 Npfs - ok
20:59:17.0008 1928 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:59:17.0030 1928 nsi - ok
20:59:17.0039 1928 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:59:17.0066 1928 nsiproxy - ok
20:59:17.0132 1928 [ 33C3093D09017CFE2E219F2472BFF6EB ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:59:17.0210 1928 Ntfs - ok
20:59:17.0218 1928 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:59:17.0245 1928 Null - ok
20:59:17.0272 1928 [ 03AD379554B50FA1802BE4EC2E291E92 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
20:59:17.0283 1928 nusb3hub - ok
20:59:17.0291 1928 [ 06FE87C9D181AF5F04D192E604E10E6C ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:59:17.0303 1928 nusb3xhc - ok
20:59:17.0344 1928 [ AF2EEC9580C1D32FB7EAF105D9784061 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:59:17.0381 1928 nvraid - ok
20:59:17.0390 1928 [ 9283C58EBAA2618F93482EB5DABCEC82 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:59:17.0410 1928 nvstor - ok
20:59:17.0440 1928 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:59:17.0471 1928 nv_agp - ok
20:59:17.0509 1928 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:59:17.0567 1928 ohci1394 - ok
20:59:17.0613 1928 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:59:17.0682 1928 p2pimsvc - ok
20:59:17.0705 1928 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:59:17.0749 1928 p2psvc - ok
20:59:17.0759 1928 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:59:17.0777 1928 Parport - ok
20:59:17.0813 1928 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:59:17.0830 1928 partmgr - ok
20:59:17.0876 1928 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:59:17.0890 1928 Parvdm - ok
20:59:17.0956 1928 [ 5F731DD45D3B176C071E4CCEEB87B06B ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
20:59:17.0966 1928 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
20:59:17.0966 1928 PassThru Service - detected UnsignedFile.Multi.Generic (1)
20:59:17.0981 1928 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:59:17.0999 1928 PcaSvc - ok
20:59:18.0015 1928 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:59:18.0024 1928 pci - ok
20:59:18.0028 1928 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:59:18.0039 1928 pciide - ok
20:59:18.0052 1928 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:59:18.0071 1928 pcmcia - ok
20:59:18.0075 1928 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:59:18.0089 1928 pcw - ok
20:59:18.0115 1928 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:59:18.0159 1928 PEAUTH - ok
20:59:18.0183 1928 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:59:18.0221 1928 PeerDistSvc - ok
20:59:18.0279 1928 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:59:18.0377 1928 pla - ok
20:59:18.0432 1928 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:59:18.0455 1928 PlugPlay - ok
20:59:18.0489 1928 [ 3A2E85F7D90D15460C337CE80C2E3B29 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
20:59:18.0532 1928 PnkBstrA - ok
20:59:18.0552 1928 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:59:18.0577 1928 PNRPAutoReg - ok
20:59:18.0594 1928 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:59:18.0608 1928 PNRPsvc - ok
20:59:18.0638 1928 [ 7D7A9C17D5455203DEA11E5EF886CC59 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
20:59:18.0669 1928 Point32 - ok
20:59:18.0687 1928 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:59:18.0725 1928 PolicyAgent - ok
20:59:18.0772 1928 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:59:18.0832 1928 Power - ok
20:59:18.0851 1928 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:59:18.0889 1928 PptpMiniport - ok
20:59:18.0899 1928 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:59:18.0927 1928 Processor - ok
20:59:18.0941 1928 [ 43CA4CCC22D52FB58E8988F0198851D0 ] ProfSvc C:\Windows\system32\profsvc.dll
20:59:18.0965 1928 ProfSvc - ok
20:59:18.0975 1928 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:59:18.0983 1928 ProtectedStorage - ok
20:59:18.0993 1928 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:59:19.0026 1928 Psched - ok
20:59:19.0073 1928 [ CFACAA25576D473EF7B771ECE1B24D73 ] pwdrvio C:\Windows\system32\pwdrvio.sys
20:59:19.0111 1928 pwdrvio - ok
20:59:19.0172 1928 [ 0B675A61B23561C86E8710F751842276 ] pwdspio C:\Windows\system32\pwdspio.sys
20:59:19.0206 1928 pwdspio - ok
20:59:19.0233 1928 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:59:19.0307 1928 ql2300 - ok
20:59:19.0324 1928 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:59:19.0344 1928 ql40xx - ok
20:59:19.0362 1928 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:59:19.0394 1928 QWAVE - ok
20:59:19.0405 1928 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:59:19.0424 1928 QWAVEdrv - ok
20:59:19.0436 1928 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:59:19.0465 1928 RasAcd - ok
20:59:19.0485 1928 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:59:19.0513 1928 RasAgileVpn - ok
20:59:19.0521 1928 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:59:19.0545 1928 RasAuto - ok
20:59:19.0549 1928 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:59:19.0572 1928 Rasl2tp - ok
20:59:19.0583 1928 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:59:19.0611 1928 RasMan - ok
20:59:19.0625 1928 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:59:19.0647 1928 RasPppoe - ok
20:59:19.0658 1928 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:59:19.0685 1928 RasSstp - ok
20:59:19.0700 1928 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:59:19.0733 1928 rdbss - ok
20:59:19.0741 1928 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:59:19.0760 1928 rdpbus - ok
20:59:19.0790 1928 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:59:19.0819 1928 RDPCDD - ok
20:59:19.0830 1928 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:59:19.0851 1928 RDPDR - ok
20:59:19.0870 1928 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:59:19.0889 1928 RDPENCDD - ok
20:59:19.0894 1928 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:59:19.0912 1928 RDPREFMP - ok
20:59:19.0944 1928 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:59:19.0991 1928 RDPWD - ok
20:59:20.0039 1928 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:59:20.0084 1928 rdyboost - ok
20:59:20.0100 1928 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:59:20.0140 1928 RemoteAccess - ok
20:59:20.0154 1928 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:59:20.0179 1928 RemoteRegistry - ok
20:59:20.0199 1928 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:59:20.0220 1928 RpcEptMapper - ok
20:59:20.0233 1928 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:59:20.0244 1928 RpcLocator - ok
20:59:20.0258 1928 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:59:20.0277 1928 RpcSs - ok
20:59:20.0296 1928 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:59:20.0318 1928 rspndr - ok
20:59:20.0347 1928 [ D5EDE44CA85899E0478208C8413C1C31 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
20:59:20.0383 1928 RTL8167 - ok
20:59:20.0425 1928 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:59:20.0487 1928 s3cap - ok
20:59:20.0500 1928 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:59:20.0511 1928 SamSs - ok
20:59:20.0546 1928 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:59:20.0566 1928 sbp2port - ok
20:59:20.0614 1928 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
20:59:20.0654 1928 SBSDWSCService - ok
20:59:20.0668 1928 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:59:20.0697 1928 SCardSvr - ok
20:59:20.0729 1928 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:59:20.0749 1928 scfilter - ok
20:59:20.0795 1928 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:59:20.0866 1928 Schedule - ok
20:59:20.0874 1928 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:59:20.0895 1928 SCPolicySvc - ok
20:59:20.0932 1928 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:59:20.0974 1928 SDRSVC - ok
20:59:20.0986 1928 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:59:21.0014 1928 secdrv - ok
20:59:21.0024 1928 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:59:21.0056 1928 seclogon - ok
20:59:21.0065 1928 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:59:21.0093 1928 SENS - ok
20:59:21.0118 1928 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:59:21.0164 1928 SensrSvc - ok
20:59:21.0189 1928 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:59:21.0222 1928 Serenum - ok
20:59:21.0234 1928 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:59:21.0258 1928 Serial - ok
20:59:21.0276 1928 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:59:21.0291 1928 sermouse - ok
20:59:21.0336 1928 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:59:21.0386 1928 SessionEnv - ok
20:59:21.0413 1928 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:59:21.0455 1928 sffdisk - ok
20:59:21.0477 1928 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:59:21.0494 1928 sffp_mmc - ok
20:59:21.0498 1928 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:59:21.0515 1928 sffp_sd - ok
20:59:21.0528 1928 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:59:21.0543 1928 sfloppy - ok
20:59:21.0568 1928 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:59:21.0596 1928 SharedAccess - ok
20:59:21.0638 1928 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:59:21.0667 1928 ShellHWDetection - ok
20:59:21.0685 1928 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:59:21.0697 1928 sisagp - ok
20:59:21.0711 1928 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:59:21.0723 1928 SiSRaid2 - ok
20:59:21.0731 1928 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:59:21.0744 1928 SiSRaid4 - ok
20:59:21.0785 1928 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:59:21.0857 1928 SkypeUpdate - ok
20:59:21.0873 1928 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:59:21.0905 1928 Smb - ok
20:59:21.0926 1928 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:59:21.0939 1928 SNMPTRAP - ok
20:59:21.0947 1928 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:59:21.0959 1928 spldr - ok
20:59:21.0972 1928 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
20:59:21.0999 1928 Spooler - ok
20:59:22.0067 1928 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:59:22.0145 1928 sppsvc - ok
20:59:22.0176 1928 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:59:22.0208 1928 sppuinotify - ok
20:59:22.0232 1928 sptd - ok
20:59:22.0275 1928 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:59:22.0320 1928 srv - ok
20:59:22.0340 1928 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:59:22.0371 1928 srv2 - ok
20:59:22.0387 1928 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:59:22.0414 1928 srvnet - ok
20:59:22.0428 1928 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:59:22.0473 1928 SSDPSRV - ok
20:59:22.0496 1928 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
20:59:22.0506 1928 ssmdrv - ok
20:59:22.0513 1928 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:59:22.0537 1928 SstpSvc - ok
20:59:22.0571 1928 Steam Client Service - ok
20:59:22.0598 1928 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:59:22.0633 1928 stexstor - ok
20:59:22.0648 1928 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:59:22.0686 1928 StiSvc - ok
20:59:22.0696 1928 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:59:22.0707 1928 storflt - ok
20:59:22.0722 1928 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
20:59:22.0743 1928 StorSvc - ok
20:59:22.0770 1928 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:59:22.0791 1928 storvsc - ok
20:59:22.0804 1928 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:59:22.0840 1928 swenum - ok
20:59:22.0851 1928 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:59:22.0884 1928 swprv - ok
20:59:22.0984 1928 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:59:23.0039 1928 SysMain - ok
20:59:23.0074 1928 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:59:23.0104 1928 TabletInputService - ok
20:59:23.0144 1928 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:59:23.0212 1928 TapiSrv - ok
20:59:23.0239 1928 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:59:23.0280 1928 TBS - ok
20:59:23.0323 1928 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:59:23.0481 1928 Tcpip - ok
20:59:23.0512 1928 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:59:23.0533 1928 TCPIP6 - ok
20:59:23.0571 1928 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:59:23.0592 1928 tcpipreg - ok
20:59:23.0615 1928 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:59:23.0646 1928 TDPIPE - ok
20:59:23.0672 1928 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:59:23.0709 1928 TDTCP - ok
20:59:23.0748 1928 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:59:23.0790 1928 tdx - ok
20:59:23.0802 1928 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:59:23.0814 1928 TermDD - ok
20:59:23.0846 1928 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:59:23.0876 1928 TermService - ok
20:59:23.0889 1928 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:59:23.0903 1928 Themes - ok
20:59:23.0913 1928 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:59:23.0933 1928 THREADORDER - ok
20:59:23.0954 1928 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:59:23.0984 1928 TrkWks - ok
20:59:24.0039 1928 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:59:24.0082 1928 TrustedInstaller - ok
20:59:24.0104 1928 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:59:24.0132 1928 tssecsrv - ok
20:59:24.0156 1928 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:59:24.0193 1928 TsUsbFlt - ok
20:59:24.0237 1928 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:59:24.0278 1928 tunnel - ok
20:59:24.0296 1928 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:59:24.0310 1928 uagp35 - ok
20:59:24.0352 1928 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:59:24.0417 1928 udfs - ok
20:59:24.0435 1928 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:59:24.0454 1928 UI0Detect - ok
20:59:24.0487 1928 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:59:24.0523 1928 uliagpkx - ok
20:59:24.0556 1928 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
20:59:24.0596 1928 umbus - ok
20:59:24.0619 1928 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:59:24.0634 1928 UmPass - ok
20:59:24.0675 1928 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
20:59:24.0728 1928 UmRdpService - ok
20:59:24.0739 1928 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:59:24.0781 1928 upnphost - ok
20:59:24.0812 1928 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:59:24.0848 1928 usbaudio - ok
20:59:24.0862 1928 [ 7E72E7D7E0757D59481D530FD2B0BFAE ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:59:24.0880 1928 usbccgp - ok
20:59:24.0916 1928 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:59:24.0960 1928 usbcir - ok
20:59:24.0968 1928 [ CFBCE999C057D78979A181C9C60F208E ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:59:24.0990 1928 usbehci - ok
20:59:25.0009 1928 [ 9D22AAD9AC6A07C691A1113E5F860868 ] usbhub C:\Windows\system32\drivers\usbhub.sys
20:59:25.0041 1928 usbhub - ok
20:59:25.0052 1928 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:59:25.0073 1928 usbohci - ok
20:59:25.0084 1928 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:59:25.0101 1928 usbprint - ok
20:59:25.0122 1928 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:59:25.0141 1928 usbscan - ok
20:59:25.0150 1928 [ BF63EBFC6979FEFB2BC03DF7989A0C1A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:59:25.0202 1928 USBSTOR - ok
20:59:25.0217 1928 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:59:25.0239 1928 usbuhci - ok
20:59:25.0260 1928 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
20:59:25.0300 1928 usb_rndisx - ok
20:59:25.0332 1928 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:59:25.0484 1928 UxSms - ok
20:59:25.0522 1928 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:59:25.0533 1928 VaultSvc - ok
20:59:25.0639 1928 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
20:59:25.0720 1928 VClone - ok
20:59:25.0733 1928 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:59:25.0773 1928 vdrvroot - ok
20:59:25.0820 1928 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:59:25.0908 1928 vds - ok
20:59:25.0921 1928 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:59:25.0941 1928 vga - ok
20:59:25.0953 1928 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:59:25.0983 1928 VgaSave - ok
20:59:26.0001 1928 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:59:26.0016 1928 vhdmp - ok
20:59:26.0027 1928 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:59:26.0040 1928 viaagp - ok
20:59:26.0050 1928 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:59:26.0073 1928 ViaC7 - ok
20:59:26.0115 1928 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:59:26.0156 1928 viaide - ok
20:59:26.0198 1928 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:59:26.0215 1928 vmbus - ok
20:59:26.0218 1928 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:59:26.0238 1928 VMBusHID - ok
20:59:26.0260 1928 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:59:26.0272 1928 volmgr - ok
20:59:26.0284 1928 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:59:26.0306 1928 volmgrx - ok
20:59:26.0316 1928 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:59:26.0336 1928 volsnap - ok
20:59:26.0355 1928 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:59:26.0373 1928 vsmraid - ok
20:59:26.0431 1928 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:59:26.0489 1928 VSS - ok
20:59:26.0521 1928 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:59:26.0541 1928 vwifibus - ok
20:59:26.0561 1928 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:59:26.0599 1928 W32Time - ok
20:59:26.0639 1928 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:59:26.0659 1928 WacomPen - ok
20:59:26.0680 1928 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:59:26.0711 1928 WANARP - ok
20:59:26.0714 1928 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:59:26.0730 1928 Wanarpv6 - ok
20:59:26.0773 1928 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:59:26.0839 1928 wbengine - ok
20:59:26.0856 1928 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:59:26.0874 1928 WbioSrvc - ok
20:59:26.0912 1928 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:59:26.0955 1928 wcncsvc - ok
20:59:26.0966 1928 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:59:26.0994 1928 WcsPlugInService - ok
20:59:27.0003 1928 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:59:27.0020 1928 Wd - ok
20:59:27.0033 1928 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:59:27.0065 1928 Wdf01000 - ok
20:59:27.0078 1928 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:59:27.0131 1928 WdiServiceHost - ok
20:59:27.0135 1928 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:59:27.0150 1928 WdiSystemHost - ok
20:59:27.0174 1928 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:59:27.0193 1928 WebClient - ok
20:59:27.0206 1928 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:59:27.0231 1928 Wecsvc - ok
20:59:27.0242 1928 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:59:27.0263 1928 wercplsupport - ok
20:59:27.0280 1928 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:59:27.0307 1928 WerSvc - ok
20:59:27.0327 1928 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:59:27.0347 1928 WfpLwf - ok
20:59:27.0353 1928 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:59:27.0365 1928 WIMMount - ok
20:59:27.0398 1928 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:59:27.0449 1928 WinDefend - ok
20:59:27.0456 1928 WinHttpAutoProxySvc - ok
20:59:27.0503 1928 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:59:27.0528 1928 Winmgmt - ok
20:59:27.0564 1928 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:59:27.0627 1928 WinRM - ok
20:59:27.0685 1928 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:59:27.0731 1928 WinUsb - ok
20:59:27.0754 1928 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:59:27.0793 1928 Wlansvc - ok
20:59:27.0888 1928 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:59:27.0953 1928 wlidsvc - ok
20:59:27.0976 1928 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:59:27.0983 1928 WmiAcpi - ok
20:59:27.0995 1928 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:59:28.0016 1928 wmiApSrv - ok
20:59:28.0057 1928 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:59:28.0118 1928 WMPNetworkSvc - ok
20:59:28.0138 1928 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:59:28.0211 1928 WPCSvc - ok
20:59:28.0252 1928 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:59:28.0307 1928 WPDBusEnum - ok
20:59:28.0337 1928 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:59:28.0369 1928 ws2ifsl - ok
20:59:28.0386 1928 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
20:59:28.0404 1928 wscsvc - ok
20:59:28.0407 1928 WSearch - ok
20:59:28.0481 1928 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:59:28.0570 1928 wuauserv - ok
20:59:28.0585 1928 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:59:28.0607 1928 WudfPf - ok
20:59:28.0652 1928 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:59:28.0700 1928 WUDFRd - ok
20:59:28.0712 1928 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:59:28.0739 1928 wudfsvc - ok
20:59:28.0750 1928 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:59:28.0774 1928 WwanSvc - ok
20:59:28.0782 1928 ================ Scan global ===============================
20:59:28.0806 1928 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:59:28.0844 1928 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
20:59:28.0874 1928 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
20:59:28.0893 1928 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:59:28.0913 1928 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:59:28.0925 1928 [Global] - ok
20:59:28.0925 1928 ================ Scan MBR ==================================
20:59:28.0933 1928 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:59:29.0142 1928 \Device\Harddisk0\DR0 - ok
20:59:29.0150 1928 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:59:29.0317 1928 \Device\Harddisk1\DR1 - ok
20:59:29.0317 1928 ================ Scan VBR ==================================
20:59:29.0320 1928 [ E121EBCBB3F643B3878406FA64F4C46A ] \Device\Harddisk0\DR0\Partition1
20:59:29.0322 1928 \Device\Harddisk0\DR0\Partition1 - ok
20:59:29.0332 1928 [ 0B096E6F57D8EB2F35F8A60AC460E15D ] \Device\Harddisk0\DR0\Partition2
20:59:29.0341 1928 \Device\Harddisk0\DR0\Partition2 - ok
20:59:29.0345 1928 [ 1C234433CD14B9F29419B84475251E97 ] \Device\Harddisk1\DR1\Partition1
20:59:29.0348 1928 \Device\Harddisk1\DR1\Partition1 - ok
20:59:29.0348 1928 ============================================================
20:59:29.0348 1928 Scan finished
20:59:29.0348 1928 ============================================================
20:59:29.0355 4596 Detected object count: 8
20:59:29.0355 4596 Actual detected object count: 8
20:59:42.0608 4596 AODDriver4.0 ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:42.0608 4596 AODDriver4.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:42.0610 4596 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:42.0610 4596 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:42.0611 4596 BEHRINGER_2902 ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:42.0612 4596 BEHRINGER_2902 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:42.0613 4596 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:42.0613 4596 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:42.0614 4596 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:42.0614 4596 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:42.0615 4596 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:42.0615 4596 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:42.0617 4596 NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:42.0617 4596 NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:59:42.0618 4596 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:59:42.0618 4596 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 22.01.2013, 21:04   #10
markusg
/// Malware-holic
 
starfenster.com - Standard

starfenster.com



hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 22.01.2013, 22:51   #11
adh
 
starfenster.com - Standard

starfenster.com



Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.01.22.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
skynet :: SKYNERD [Administrator]

22.01.2013 21:10:46
mbam-log-2013-01-22 (21-10-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 393011
Laufzeit: 1 Stunde(n), 31 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\skynet\Downloads\SoftonicDownloader_for_steam.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 23.01.2013, 12:25   #12
markusg
/// Malware-holic
 
starfenster.com - Standard

starfenster.com



Hi,
bitte verzichte auf
Softonic
lade nur vom Hersteller.
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.01.2013, 12:54   #13
adh
 
starfenster.com - Standard

starfenster.com



ja = benötigt
nein = kann theoretisch weg, muss aber nicht zwingend.
?, usw = weiß nicht wirklich, was es macht, etc


Adobe AIR Adobe Systems Incorporated (?)
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated (ja, denke ich)
Adobe Flash Player 11 Plugin Adobe Systems Incorporated (ja, denke ich)
Adobe Photoshop CS3 Adobe Systems Incorporated (ja)
Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated (ja, aber warum 2 versionen?)
Adobe Reader X (10.1.5) Adobe Systems Incorporated (ja, aber welche von beiden?)
AMD Catalyst Install Manager Advanced Micro Devices, Inc. (ja, glaube ich)
Assassin's Creed III Ubisoft (ja)
Audacity 2.0 Audacity Team (ja)
Avira Free Antivirus Avira (alternativen?)
BEHRINGER USB AUDIO DRIVER (ja)
CBR G.Waser (ja)
CCleaner Piriform (ja, vermutlich)
Counter-Strike Valve (nein)
CPUID CPU-Z 1.62 (?)
DivX-Setup (ich denke schon?)
Dropbox Dropbox, Inc. (ja)
Dual-Core Optimizer AMD (ich denke schon)
ElsterFormular Landesfinanzdirektion Thüringen (ja)
energyXT2.07 XT Software AS (nein)
Far Cry 3 Ubisoft (ja)
Google Chrome Google Inc. (ja)
GPL Ghostscript Artifex Software Inc. (ja)
HD Tune 2.55 EFD Software (?)
HTC BMP USB Driver HTC (ja)
HTC Driver Installer HTC Corporation (ja, vermutlich auch)
Java(TM) 6 Update 37 Oracle (ja)
JDownloader AppWork UG (ja)
KRISTAL Audio Engine (nein)
LAME v3.99.3 (for Windows) (ja)
Last.fm Scrobbler 2.1.30 Last.fm (nein)
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation (ja? nur temporär?)
Microsoft .NET Framework 4 Client Profile Microsoft Corporation (denke schon)
Microsoft .NET Framework 4 Extended Microsoft Corporation (denke schon)
Microsoft Games for Windows - LIVE Microsoft Corporation (nein, aber lässt sich glaub ich nicht deinstallieren)
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation (nein, aber lässt sich glaub ich nicht deinstallieren)
Microsoft IntelliPoint 8.1 Microsoft (ja)
Microsoft Silverlight Microsoft Corporation (nein)
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation (ja?)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation (ja?)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation (ja?)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation (ja?)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation (ja?)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation (ja?)
Microsoft WSE 3.0 Runtime Microsoft Corp. (ja?)
MiniTool Partition Wizard Home Edition 7.6 MiniTool Solution Ltd. (ja)
MozBackup 1.4.10 Pavel Cvrcek (nein)
Mozilla Thunderbird 17.0.2 (x86 de) Mozilla (ja)
MSXML 4.0 SP3 Parser Microsoft Corporation (?)
MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation (?)
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation (?)
MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation (?)
MyPhoneExplorer F.J. Wechselberger (ja)
Native Instruments AC Box Combo (ja)
Native Instruments Controller Editor Native Instruments (ja)
Native Instruments Guitar Rig 5 Native Instruments (ja)
Native Instruments Guitar Rig Session I/O Native Instruments (ja)
Native Instruments Service Center Native Instruments (ja)
Notepad++ (ja?)
NVIDIA PhysX NVIDIA Corporation (ja?)
OpenAL (?)
OpenOffice.org 3.3 OpenOffice.org (ja)
PC Probe II ASUSTeK Computer Inc. (?)
PDF24 Creator 3.2.0 PDF24.org (ja)
PunkBuster Services Even Balance, Inc. (nein)
Realtek Ethernet Controller Driver For Windows 7 Realtek (ja?)
Realtek High Definition Audio Driver Realtek Semiconductor Corp. (ja?)
RedMon - Redirection Port Monitor (ja?)
Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation (ja?)
Skype™ 6.0 Skype Technologies S.A. (nein)
Songbird 2.0.0 (Build 2311) (nein)
Spotify Spotify AB (nein)
Spybot - Search & Destroy (ja/nein?)
Steam Valve Corporation (ja)
Steinberg Cubase 5 Steinberg Media Technologies GmbH (ja)
Steinberg Drum Loop Expansion 01 Steinberg Media Technologies GmbH (ja)
Steinberg Groove Agent ONE Content Steinberg Media Technologies GmbH (ja)
Steinberg HALionOne Steinberg Media Technologies GmbH (ja)
Steinberg HALionOne Additional Content Set 01 Steinberg Media Technologies GmbH (ja)
Steinberg HALionOne Expression Set Steinberg Media Technologies GmbH (ja)
Steinberg HALionOne GM Drum Set Steinberg Media Technologies GmbH (ja)
Steinberg HALionOne GM Set Steinberg Media Technologies GmbH (ja)
Steinberg HALionOne Pro Set Steinberg Media Technologies GmbH (ja)
Steinberg HALionOne Studio Drum Set Steinberg Media Technologies GmbH (ja)
Steinberg HALionOne Studio Set Steinberg Media Technologies GmbH (ja)
Steinberg LoopMash Content Steinberg Media Technologies GmbH (ja)
Steinberg REVerence Content 01 Steinberg Media Technologies GmbH (ja)
Ubisoft Game Launcher UBISOFT 31.08.2012 (ja)
Uplay Ubisoft (ja)
VirtualCloneDrive Elaborate Bytes (nein)
Winamp Nullsoft, Inc (ja)
Winamp Erkennungs-Plug-in Nullsoft, Inc (nein)
Windows Live ID Sign-in Assistant Microsoft Corporation (ja/nein?)
WinRAR 4.00 beta 3 (32-bit) win.rar GmbH (ja)

Alt 23.01.2013, 12:55   #14
markusg
/// Malware-holic
 
starfenster.com - Standard

starfenster.com



und wieso haben manche ein fragezeichen, machs doch einfach so, wies da steht.
ich möchte wissen, was für dich nötig, unnötig und unbekannt ist
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 23.01.2013, 13:10   #15
adh
 
starfenster.com - Standard

starfenster.com



Adobe AIR Adobe Systems Incorporated (unbekannt)
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated (unbekannt)
Adobe Flash Player 11 Plugin Adobe Systems Incorporated (unbekannt)
Adobe Photoshop CS3 Adobe Systems Incorporated (notwendig)
Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated (unbekannt)
Adobe Reader X (10.1.5) Adobe Systems Incorporated (unbekannt)
AMD Catalyst Install Manager Advanced Micro Devices, Inc. (unbekannt)
Assassin's Creed III Ubisoft (notwendig)
Audacity 2.0 Audacity Team (notwendig)
Avira Free Antivirus Avira (notwendig? alternative?)
BEHRINGER USB AUDIO DRIVER (notwendig)
CBR G.Waser (notwendig)
CCleaner Piriform (notwendig)
Counter-Strike Valve (unnötig)
CPUID CPU-Z 1.62 (unbekannt)
DivX-Setup (unbekannt)
Dropbox Dropbox, Inc. (notwendig)
Dual-Core Optimizer AMD (unbekannt)
ElsterFormular Landesfinanzdirektion Thüringen (notwendig)
energyXT2.07 XT Software AS (unnötig)
Far Cry 3 Ubisoft (notwendig)
Google Chrome Google Inc. (notwendig)
GPL Ghostscript Artifex Software Inc. (unbekannt)
HD Tune 2.55 EFD Software (unbekannt)
HTC BMP USB Driver HTC (notwendig)
HTC Driver Installer HTC Corporation (notwendig)
Java(TM) 6 Update 37 Oracle (notwendig)
JDownloader AppWork UG (notwendig)
KRISTAL Audio Engine (unnötig)
LAME v3.99.3 (for Windows) (notwendig)
Last.fm Scrobbler 2.1.30 Last.fm (unnötig)
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation (notwendig?)
Microsoft .NET Framework 4 Client Profile Microsoft Corporation (unbekannt)
Microsoft .NET Framework 4 Extended Microsoft Corporation (unbekannt)
Microsoft Games for Windows - LIVE Microsoft Corporation (unnötig)
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation (unnötig)
Microsoft IntelliPoint 8.1 Microsoft (notwendig)
Microsoft Silverlight Microsoft Corporation (unnötig)
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation (unbekannt)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation (unbekannt)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation (unbekannt)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation (unbekannt)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation (unbekannt)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation (unbekannt)
Microsoft WSE 3.0 Runtime Microsoft Corp. (unbekannt)
MiniTool Partition Wizard Home Edition 7.6 MiniTool Solution Ltd. (notwendig)
MozBackup 1.4.10 Pavel Cvrcek (unnötig)
Mozilla Thunderbird 17.0.2 (x86 de) Mozilla (notwendig)
MSXML 4.0 SP3 Parser Microsoft Corporation (unbekannt)
MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation (unbekannt)
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation (unbekannt)
MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation (unbekannt)
MyPhoneExplorer F.J. Wechselberger (notwendig)
Native Instruments AC Box Combo (notwendig)
Native Instruments Controller Editor Native Instruments (notwendig)
Native Instruments Guitar Rig 5 Native Instruments (notwendig)
Native Instruments Guitar Rig Session I/O Native Instruments (notwendig)
Native Instruments Service Center Native Instruments (notwendig)
Notepad++ (unbekannt)
NVIDIA PhysX NVIDIA Corporation (unbekannt)
OpenAL (unbekannt)
OpenOffice.org 3.3 OpenOffice.org (notwendig)
PC Probe II ASUSTeK Computer Inc. (unbekannt)
PDF24 Creator 3.2.0 PDF24.org (notwendig)
PunkBuster Services Even Balance, Inc. (unnötig)
Realtek Ethernet Controller Driver For Windows 7 Realtek (unbekannt)
Realtek High Definition Audio Driver Realtek Semiconductor Corp. (unbekannt)
RedMon - Redirection Port Monitor (unbekannt)
Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation (unbekannt)
Skype™ 6.0 Skype Technologies S.A. (unnötig)
Songbird 2.0.0 (Build 2311) (unnötig)
Spotify Spotify AB (unnötig)
Spybot - Search & Destroy (nötig/unnötig? alternative?)
Steam Valve Corporation (notwendig)
Steinberg Cubase 5 Steinberg Media Technologies GmbH (notwendig)
Steinberg Drum Loop Expansion 01 Steinberg Media Technologies GmbH (notwendig)
Steinberg Groove Agent ONE Content Steinberg Media Technologies GmbH (notwendig)
Steinberg HALionOne Steinberg Media Technologies GmbH (notwendig)
Steinberg HALionOne Additional Content Set 01 Steinberg Media Technologies GmbH (notwendig)
Steinberg HALionOne Expression Set Steinberg Media Technologies GmbH (notwendig)
Steinberg HALionOne GM Drum Set Steinberg Media Technologies GmbH (notwendig)
Steinberg HALionOne GM Set Steinberg Media Technologies GmbH (notwendig)
Steinberg HALionOne Pro Set Steinberg Media Technologies GmbH (notwendig)
Steinberg HALionOne Studio Drum Set Steinberg Media Technologies GmbH (notwendig)
Steinberg HALionOne Studio Set Steinberg Media Technologies GmbH (notwendig)
Steinberg LoopMash Content Steinberg Media Technologies GmbH (notwendig)
Steinberg REVerence Content 01 Steinberg Media Technologies GmbH (notwendig)
Ubisoft Game Launcher UBISOFT 31.08.2012 (notwendig)
Uplay Ubisoft (notwendig)
VirtualCloneDrive Elaborate Bytes (unnötig)
Winamp Nullsoft, Inc (notwendig)
Winamp Erkennungs-Plug-in Nullsoft, Inc (unnötig)
Windows Live ID Sign-in Assistant Microsoft Corporation (unnötig)
WinRAR 4.00 beta 3 (32-bit) win.rar GmbH (notwendig)

Antwort

Themen zu starfenster.com
allgemeine, anderes, antivirus, beste, besten, eingefangen, entpacken, erstellen, fenster, free, gen, lange, log, lösung, natürlich, neustart, nichts, problem, programm, prozesse, schei, schneller, updates, vlc-player, weiterhelfen, welchem





Zum Thema starfenster.com - Hallo, bin wohl nicht der erste wie es scheint, der sich das Teil eingefangen hat, obwohl ich mich nicht erinnere anders als über updates aus dem vlc-player heraus, eben solche - starfenster.com...
Archiv
Du betrachtest: starfenster.com auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.