| |
| |||||||
Log-Analyse und Auswertung: BDS/ZeroAccess.Gen - kehrt stets zurückWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.01.2013, 23:24
| #1 | |
| |  BDS/ZeroAccess.Gen - kehrt stets zurück Hallo liebe User, auch mich hat der "BDS/ZeroAccess.Gen" jetzt erwischt. In anderen Threads habe ich mich eingelesen, aber auf eigene Faust noch keine der Tipps unternommen. Was passiert? Ich bekomme alle paar Stunden (zumindest bei geöffnetem google chrome) eine Antivir Meldung. Zitat:
Dazu öffnet sich ein Fenster, das den adobe flash player updaten will. Normalerweise bestätige ich dies, in dieser Situation natürlich nicht. Schließen des Fensters führt dazu, dass sich ein neues öffnet. Und so weiter....Im Taskmanager finde ich jedes Mal 2 neue Prozesse mit eigenartigen Namen. Ich öffne den Dateipfad und lande im Ordner "C:\Users\Florian\AppData\Local\Temp". Die beiden Prozesse schließe ich, und lösche die beiden Dateien sowie den restlichen Inhalt des Temp Ordners. Dann ist Ruhe mit den flash player update Fenstern. Dann habe ich gestern einen Antivir-Scan gemacht, der einen Virusfund zur Folge hatte. Ein zweiter Scan fand keinen mehr. Kein Problem, kein Virusfund -> alles in Ordnung... hatte ich gehofft, aber heute ging dasselbe Spiel wieder los. Ich hoffe jemand von euch kann sich die Zeit nehmen mir zu helfen. Auf "Formatieren-Neu installieren-Datensicherung rüber kopieren" bin ich leider überhaupt nicht vorbereitet, sodass ich vor dem damit verbundenen Aufwand und Stress zurückschrecke. Dieser Virus wird mir aber auf jeden Fall eine Lehre sein, regelmäßig Sicherungen zu erstellen. AntiVir Code:
ATTFilter Die Datei 'C:\$RECYCLE.BIN\S-1-5-21-3277516210-1328599762-3551408589-1000\$d6fd68f97d7580893303acf0a06ebff7\n'
enthielt einen Virus oder unerwünschtes Programm 'BDS/ZeroAccess.Gen' [backdoor].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '592f7a34.qua' verschoben!
AntiVir Systemscan: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 28. Januar 2013 00:02
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Florian
Computername : NOTEBOOK
Versionsinformationen:
BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00
AVSCAN.EXE : 13.6.0.402 639264 Bytes 13.12.2012 06:30:22
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 13.12.2012 06:30:23
LUKE.DLL : 13.6.0.400 67360 Bytes 13.12.2012 06:32:09
AVSCPLR.DLL : 13.6.0.402 93984 Bytes 13.12.2012 06:32:39
AVREG.DLL : 13.6.0.406 248096 Bytes 13.12.2012 06:32:35
avlode.dll : 13.6.1.402 428832 Bytes 13.12.2012 06:32:42
avlode.rdf : 13.0.0.26 7958 Bytes 13.12.2012 06:32:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 12:03:20
VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 11:39:52
VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 11:39:52
VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 11:39:52
VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 11:39:52
VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 11:39:52
VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 20:38:15
VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 00:37:37
VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 00:37:40
VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 00:37:43
VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 19:32:15
VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 19:59:59
VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 12:09:58
VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 17:27:49
VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 00:09:34
VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 16:34:08
VBASE023.VDF : 7.11.58.49 140288 Bytes 22.01.2013 18:44:48
VBASE024.VDF : 7.11.58.119 137728 Bytes 24.01.2013 13:03:09
VBASE025.VDF : 7.11.58.175 132608 Bytes 25.01.2013 22:41:49
VBASE026.VDF : 7.11.58.213 116736 Bytes 27.01.2013 14:52:17
VBASE027.VDF : 7.11.58.214 2048 Bytes 27.01.2013 14:52:17
VBASE028.VDF : 7.11.58.215 2048 Bytes 27.01.2013 14:52:17
VBASE029.VDF : 7.11.58.216 2048 Bytes 27.01.2013 14:52:18
VBASE030.VDF : 7.11.58.217 2048 Bytes 27.01.2013 14:52:18
VBASE031.VDF : 7.11.58.226 36864 Bytes 27.01.2013 14:52:18
Engineversion : 8.2.10.238
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.84 467322 Bytes 24.01.2013 19:03:25
AESCN.DLL : 8.1.10.0 131445 Bytes 13.12.2012 18:28:50
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 18:19:03
AEPACK.DLL : 8.3.1.2 819574 Bytes 20.12.2012 15:56:49
AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 18:43:16
AEHEUR.DLL : 8.1.4.182 5706104 Bytes 24.01.2013 19:03:23
AEHELP.DLL : 8.1.25.2 258423 Bytes 26.10.2012 11:37:57
AEGEN.DLL : 8.1.6.16 434549 Bytes 24.01.2013 19:03:04
AEEXP.DLL : 8.3.0.14 188788 Bytes 24.01.2013 19:03:26
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.30.0 201079 Bytes 13.12.2012 18:28:45
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 18:43:08
AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30
AVPREF.DLL : 13.4.0.360 50464 Bytes 13.12.2012 06:30:20
AVREP.DLL : 13.4.0.360 177952 Bytes 13.12.2012 06:32:38
AVARKT.DLL : 13.6.0.402 260384 Bytes 13.12.2012 06:29:52
AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 13.12.2012 06:30:07
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54
NETNT.DLL : 13.4.0.360 15648 Bytes 13.12.2012 06:32:15
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 13.12.2012 06:29:26
RCTEXT.DLL : 13.4.0.360 68384 Bytes 13.12.2012 06:29:26
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 28. Januar 2013 00:02
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'chrome.exe' - '96' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmplayer.exe' - '119' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.exe' - '180' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'VAIOUpdt.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'YahooAUService.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'xaudio.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'VcmIAlzMgr.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '92' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtkAudioService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'UMVPFSrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '162' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Users\Florian\Local Settings\Temp\msqkfmu.com
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Gamarue.I.626
Die Registry wurde durchsucht ( '2763' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\' <Lokaler Datenträger>
Beginne mit der Desinfektion:
Der Registrierungseintrag <HKEY_USERS\S-1-5-21-3277516210-1328599762-3551408589-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500> wurde erfolgreich repariert.
Der Registrierungseintrag <HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load> wurde erfolgreich entfernt.
C:\Users\Florian\Local Settings\Temp\msqkfmu.com
[FUND] Enthält Erkennungsmuster des Wurmes WORM/Gamarue.I.626
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56d350f0.qua' verschoben!
[HINWEIS] Der Registrierungseintrag <HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load> wurde erfolgreich repariert.
Ende des Suchlaufs: Montag, 28. Januar 2013 05:25
Benötigte Zeit: 5:21:54 Stunde(n)
Der Suchlauf wurde abgebrochen!
22531 Verzeichnisse wurden überprüft
1318563 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
1318562 Dateien ohne Befall
7163 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Macht es Sinn wie in anderen hier (erfolgreich) gelösten Fällen eine Bereinigung durchzuführen? Ich hoffe es  Edit: Der BDS/ZeroAccess.Gen scheint schon länger drauf zu sein (oder wieder neu). Zwischenzeitlich hatte ich keine Probleme, aber Antivir zeigt mir einen Fund vom 13.01. an. Danach 2 Wochen keine weiteren. |
|
29.01.2013, 11:12
| #2 |
| /// Malwareteam    | BDS/ZeroAccess.Gen - kehrt stets zurück Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung. Schritt 2: OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
Schritt 3: Gmer Bitte
__________________ |
|
29.01.2013, 14:49
| #3 |
| | BDS/ZeroAccess.Gen - kehrt stets zurück Hey, danke dir für deine Hilfe!! Die defogger und OTL Schritte habe ich gemacht. Gmer folgt gleich.
__________________OTL.txt Code:
ATTFilter OTL logfile created on: 29.01.2013 13:56:03 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Florian\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,85% Memory free 5,93 Gb Paging File | 4,35 Gb Available in Paging File | 73,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 452,86 Gb Total Space | 121,85 Gb Free Space | 26,91% Space Free | Partition Type: NTFS Computer Name: NOTEBOOK | User Name: Florian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Florian\Desktop\Defogger.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation) PRC - C:\Programme\Dexpot1\dexpot.exe (Dexpot GbR) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) PRC - C:\Programme\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor) PRC - C:\Programme\sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Florian\Desktop\Defogger.exe () MOD - C:\Users\Florian\AppData\Local\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Florian\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Florian\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll () MOD - C:\Users\Florian\AppData\Local\Google\Chrome\Application\24.0.1312.56\libglesv2.dll () MOD - C:\Users\Florian\AppData\Local\Google\Chrome\Application\24.0.1312.56\libegl.dll () MOD - C:\Users\Florian\AppData\Local\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll () MOD - C:\Programme\Notepad++\NppShell_04.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll () MOD - C:\Programme\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (UMVPFSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (VUAgent) -- C:\Programme\sony\VAIO Update 5\VUAgent.exe (Sony Corporation) SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (SwitchBoard) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (SOHPlMgr) -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDms) -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (SOHDs) -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Programme\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (VcmIAlzMgr) -- C:\Programme\sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor) SRV - (AdobeActiveFileMonitor7.0) -- C:\Programme\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (YahooAUService) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Florian\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (LVUVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (CompFilter) -- C:\Windows\System32\drivers\lvbusflt.sys (Logitech Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNYT IE - HKLM\..\SearchScopes\{73B60328-40E2-4CBC-AAFD-169B4DB776FB}: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}&meta= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Florian\Desktop\D\downloads IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {552BA3AA-B0FB-494B-A83A-E7FE882CC4F2} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{552BA3AA-B0FB-494B-A83A-E7FE882CC4F2}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search..." FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351}:1.8 FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:1.2.1 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.13 FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22 FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.7 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mytalkpal.com/ffplugin: C:\Program Files\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Florian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Florian\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.21 08:44:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.10 14:27:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions [2013.01.01 22:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\dfek68p9.default\extensions [2013.01.01 22:33:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\dfek68p9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.04.24 09:57:22 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\dfek68p9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.06 17:22:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\dfek68p9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.12.06 18:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\dfek68p9.default\extensions\staged [2011.06.21 09:03:24 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\dfek68p9.default\extensions\personas@christopher.beard.xpi [2011.11.12 00:51:41 | 000,048,898 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\dfek68p9.default\extensions\stealthyextension@gmail.com.xpi [2012.09.24 17:13:17 | 000,339,888 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\dfek68p9.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011.06.21 09:00:14 | 000,179,007 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\dfek68p9.default\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}.xpi [2012.06.25 16:26:00 | 000,709,293 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\dfek68p9.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.12.06 18:04:28 | 000,344,610 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\dfek68p9.default\extensions\staged\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.12.06 18:04:28 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Florian\AppData\Roaming\mozilla\firefox\profiles\dfek68p9.default\extensions\staged\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.04.15 19:14:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.15 19:14:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.15 19:14:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2010.02.09 19:16:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.06.21 08:44:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: https://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: https://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Florian\AppData\Local\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Florian\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Florian\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: simfy = C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\akohipccgobjbbaglfphnjpmfdceeimm\2.0.0.0_0\ CHR - Extension: Regentropfen = C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcipapbfhdnmgihoimbjiadmhpcgcnil\1.0.0.2_0\ CHR - Extension: YouTube = C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: TripAdvisor = C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnegghdcleoigballbmdmlhklhcdjli\1.0_0\ CHR - Extension: Google Maps = C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\ CHR - Extension: Picasa = C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0\ CHR - Extension: Google Mail = C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.08.01 11:26:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKCU..\Run: [adobeupdate] "C:\Users\Florian\AppData\Roaming\Update\bat99.bat" File not found O4 - HKCU..\Run: [Dexpot] C:\Programme\Dexpot1\dexpot.exe (Dexpot GbR) O4 - HKCU..\Run: [HotKeysCmds] C:\Users\Florian\AppData\Local\Temp\6202.EXE File not found O4 - HKCU..\Run: [OpenOffice.org] C:\Users\Florian\AppData\Roaming\7E231F\7E231F.exe () O4 - HKCU..\Run: [pdoubrhgfjkxeiqndts] C:\Users\Florian\AppData\Roaming\pdoubrhgfjkxeiqndts.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Florian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B7D3D92-07B0-4374-A4EC-BBE3A7941B4C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A017C41E-C727-41AC-A634-FF0F56357C14}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.29 13:55:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe [2013.01.29 10:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.01.27 00:22:42 | 000,000,000 | ---D | C] -- C:\Users\Florian\Local Settings [2013.01.21 16:53:10 | 000,000,000 | R--D | C] -- C:\Users\Florian\Desktop\Studium [2013.01.09 15:40:29 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.01.09 15:39:49 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2013.01.09 15:39:49 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.01.09 15:39:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2013.01.09 15:39:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2013.01.09 15:39:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 15:39:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 15:39:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 15:39:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 15:39:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 15:39:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 15:39:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 15:39:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2013.01.09 15:39:40 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll [2013.01.09 15:39:40 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll [2013.01.09 15:39:40 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs [2013.01.09 15:39:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs [2013.01.09 15:39:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs [2013.01.09 15:39:40 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs [2013.01.09 15:39:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs [2013.01.09 15:39:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs [2013.01.09 15:39:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs [2013.01.09 15:39:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs [2013.01.09 15:39:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs [2013.01.09 15:39:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs [2013.01.09 15:39:38 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs [2013.01.09 15:39:38 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs [2013.01.09 15:39:38 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs [2013.01.09 15:39:38 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs [2013.01.09 15:39:29 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013.01.09 15:39:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe [2013.01.01 22:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion [2013.01.01 22:33:12 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Yahoo! [2013.01.01 22:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger [2013.01.01 22:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! [2013.01.01 22:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! ========== Files - Modified Within 30 Days ========== [2013.01.29 13:55:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe [2013.01.29 13:54:25 | 000,000,000 | ---- | M] () -- C:\Users\Florian\defogger_reenable [2013.01.29 13:53:26 | 000,050,477 | ---- | M] () -- C:\Users\Florian\Desktop\Defogger.exe [2013.01.29 13:52:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.29 13:40:03 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.29 13:06:18 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3277516210-1328599762-3551408589-1000Core.job [2013.01.29 13:06:11 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3277516210-1328599762-3551408589-1000UA.job [2013.01.29 04:11:50 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.01.29 04:11:50 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.01.29 04:11:50 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.01.29 04:11:50 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.01.28 15:40:08 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.28 13:12:06 | 000,011,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.28 13:12:06 | 000,011,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.28 13:04:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.28 13:04:31 | 2389,983,232 | -HS- | M] () -- C:\hiberfil.sys [2013.01.19 16:22:04 | 000,220,225 | ---- | M] () -- C:\Users\Florian\Desktop\IMG_19012013_092218.png [2013.01.10 07:12:22 | 003,736,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.01.09 11:52:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.01.09 11:52:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.01.29 13:54:25 | 000,000,000 | ---- | C] () -- C:\Users\Florian\defogger_reenable [2013.01.29 13:53:25 | 000,050,477 | ---- | C] () -- C:\Users\Florian\Desktop\Defogger.exe [2013.01.19 16:22:00 | 000,220,225 | ---- | C] () -- C:\Users\Florian\Desktop\IMG_19012013_092218.png [2012.08.01 11:00:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.08.01 11:00:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.08.01 11:00:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.08.01 11:00:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.08.01 11:00:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.05.15 23:06:07 | 000,000,096 | ---- | C] () -- C:\Users\Florian\.asadminpass [2012.05.15 23:00:03 | 000,000,600 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\winscp.rnd [2012.03.07 03:51:12 | 000,003,673 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\Sys2657a.DLL [2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2011.11.17 02:40:38 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2011.08.12 11:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2011.06.03 17:03:57 | 000,000,176 | ---- | C] () -- C:\Users\Florian\.jupload.properties [2011.05.02 00:08:42 | 000,000,080 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.02.10 03:03:24 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2010.10.31 11:55:17 | 000,005,077 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2010.06.17 20:52:12 | 000,007,608 | ---- | C] () -- C:\Users\Florian\AppData\Local\resmon.resmoncfg [2010.03.26 22:48:32 | 000,012,288 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.19 14:39:49 | 000,000,000 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "ThreadingModel" = Both "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-3277516210-1328599762-3551408589-1000\$d6fd68f97d7580893303acf0a06ebff7\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.01.2013 13:56:03 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Florian\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,85% Memory free
5,93 Gb Paging File | 4,35 Gb Available in Paging File | 73,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 452,86 Gb Total Space | 121,85 Gb Free Space | 26,91% Space Free | Partition Type: NTFS
Computer Name: NOTEBOOK | User Name: Florian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11EA252D-702B-4780-A40B-74B1908662FA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8A311333-1835-4BC5-A665-1CE97BD7F871}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8C73B35A-9D41-4ACD-8C94-087718503EC0}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{92E08C54-E9A0-4661-873F-6857A207F1B5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{A7F76A97-0407-4C7F-BECF-408DADD9D449}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{B1068905-2660-4513-B40A-BA70A05D5F38}" = protocol=6 | dir=in | app=c:\program files\adobe\photoshop elements 7.0\adobephotoshopelementsmediaserver.exe |
"{CA80907C-DA4E-4C34-8FDE-793851321DB2}" = protocol=17 | dir=in | app=c:\program files\adobe\photoshop elements 7.0\adobephotoshopelementsmediaserver.exe |
"{D98EDCBF-612F-42CC-B187-0D22AE32214E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E54281B7-C684-4271-A42A-A76B91033710}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"TCP Query User{0CDFA725-5C44-46C2-8028-20845E61A837}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{10A79114-9A53-4B87-9996-7A43A8AC960D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{2B32F3AD-8796-4E94-8AE7-70C30C95D789}C:\program files\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"TCP Query User{2F53FC08-FC7C-4A8E-9691-A1F90833CA2C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{3199A697-5B2F-4DF5-BAD8-C08B075B5823}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{35788FA5-724C-4003-B595-0E71EEDC9ABA}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{43E097CA-D68C-453F-8D77-C9B06AF5ED71}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{6E0DF15F-7FBC-4777-8162-B58A7F7472EB}C:\program files\java\jdk1.6.0_16\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_16\jre\bin\java.exe |
"TCP Query User{792F808C-C49E-4F43-9FF8-EC00FCFB3375}C:\program files\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 10\fifa10.exe |
"TCP Query User{8BBEB1CC-C961-4624-911A-CA3CF52CB8DA}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{8C198451-BDF7-4635-BE00-AF654F7B1809}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{97EBCD0B-44AA-4805-9A69-AF3273410F35}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{9C2F7153-B4C4-493A-96A1-6DBCC8F54D77}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{B474C59F-B5F9-4E38-B042-E1ABF920F89F}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{B4AFA24A-C47D-4644-A47C-528A540792D7}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{BC392205-35E2-4A4C-A505-C8D60171B88C}C:\users\florian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\florian\appdata\roaming\spotify\spotify.exe |
"TCP Query User{CD87D72F-61DC-4568-8405-F5B23E7D3FA5}F:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=6 | dir=in | app=f:\easysetupassistant\wr741n\easysetupassistant.exe |
"TCP Query User{DC8FF74D-25DF-498D-B7DB-80E51C4244E7}C:\program files\java\jdk1.6.0_16\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_16\jre\bin\javaw.exe |
"TCP Query User{E0802CE9-63A5-4B29-8657-6D68723D0D92}C:\windows\system32\wuauclt.exe" = protocol=6 | dir=in | app=c:\windows\system32\wuauclt.exe |
"TCP Query User{E7CF677D-E32F-4222-B01C-1E2C096B74AD}C:\program files\java\jdk1.6.0_16\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_16\jre\bin\java.exe |
"TCP Query User{FF2EFEA9-360A-4EDC-91C2-B1A8DEBCE449}C:\glassfish3\jdk7\bin\java.exe" = protocol=6 | dir=in | app=c:\glassfish3\jdk7\bin\java.exe |
"UDP Query User{00EBC899-9C89-4E11-953D-3AACE4ECF736}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{00EF6C91-C3F2-44E5-90B1-8BE736495D3E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{0A422664-5BC3-4DA8-8390-1294B0223757}C:\program files\java\jdk1.6.0_16\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_16\jre\bin\javaw.exe |
"UDP Query User{2F4E9C8C-D493-422E-986D-AF96A751280D}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{445A073A-5632-4FEF-971B-C4F478FBBBDD}C:\program files\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 10\fifa10.exe |
"UDP Query User{5C716B26-CE31-4C23-847D-142B1CA60244}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{5CCF4F51-FD2F-41F0-A9B6-57CB684F0D2F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{62A0A402-764D-4463-9D44-0B5038E5F4DA}C:\users\florian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\florian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{6D523F05-1A9E-4698-BAD2-A383F45D1D9C}C:\program files\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"UDP Query User{7ECA31FE-F60B-4FE8-83A1-F0B8E918067A}C:\program files\java\jdk1.6.0_16\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_16\jre\bin\java.exe |
"UDP Query User{8D43E3D0-769B-4624-8554-52C969F5344C}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{975686A9-9871-483C-86C3-061E528BF503}C:\glassfish3\jdk7\bin\java.exe" = protocol=17 | dir=in | app=c:\glassfish3\jdk7\bin\java.exe |
"UDP Query User{9AB99ACA-3B37-433E-9230-EB21533C93C5}C:\program files\java\jdk1.6.0_16\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_16\jre\bin\java.exe |
"UDP Query User{9ADB67A0-7637-467E-A902-ADB4858E1088}F:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=17 | dir=in | app=f:\easysetupassistant\wr741n\easysetupassistant.exe |
"UDP Query User{A7A9FA36-8719-481D-855F-6A348DCAEABB}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{C32F48F7-2772-430E-B64E-742F9E05E9BC}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{CF7E2F6E-2F87-4FA4-BEDA-3E7390D541D2}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{D7DDB839-6580-48BB-821A-C9D7CF54084C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DB2FEFB3-0C3E-43B8-8147-B13C9C680F3E}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{F06C7317-01CF-46EF-900E-448407484900}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{F85F60EE-417D-4E6F-91A0-60725A5F7FC0}C:\windows\system32\wuauclt.exe" = protocol=17 | dir=in | app=c:\windows\system32\wuauclt.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00809523-1C0F-5D4C-6A66-E816429C5904}" = ATI Catalyst Install Manager
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19B683DF-B562-4C0B-8AAA-2A92409D190A}" = Sony Home Network Library
"{1A782D80-40D7-2F7F-A39F-1B165AD46E62}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{208FB02A-6E13-8B1B-7FA6-29AFE4B62196}" = Catalyst Control Center Graphics Light
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23DD6DAA-DDEF-41F5-A527-CECF07FA2CAF}" = 1500
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java(TM) SE Development Kit 6 Update 14
"{32A3A4F4-B792-11D6-A78A-00B0D0160160}" = Java(TM) SE Development Kit 6 Update 16
"{32A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35F69628-290E-0D50-D000-22181DFD656C}" = CCC Help Turkish
"{36BDB1C2-CC66-41EB-B7DD-76339A7BB046}" = VAIO Edit Components
"{3A511640-A7F5-2507-1BD6-7C5C6226F8B4}" = CCC Help Danish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C4DDA4D-329A-3D3A-F9BE-92E366312549}" = CCC Help Korean
"{3D8E9442-142B-E178-3887-21EA931CECA6}" = Catalyst Control Center Graphics Full New
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4755EBD0-72E4-3631-C6AC-C2E68217E3AD}" = CCC Help German
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B7F8E5A-7B00-23AB-57BD-2CE451419B51}" = Catalyst Control Center Localization All
"{547FD64B-98D9-1D8F-9001-BE027E3A7BD8}" = Catalyst Control Center InstallProxy
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{568B51E9-2EEF-AE85-2655-B34FAA8B2F2E}" = CCC Help Chinese Traditional
"{5754AB15-F61B-4B9B-91AA-E286F55CFA8B}" = PDF-XChange Viewer
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{607A2D6D-6961-8E66-5349-F725E87D5BCB}" = CCC Help Thai
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CD3132A-7678-00EE-E48D-C0A1691F4327}" = CCC Help Russian
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{745BA266-2FC5-8A1D-75DF-339F415406DD}" = ccc-core-static
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{7A2E6C37-68D2-6EA5-C9AF-47CDA652ECD6}" = CCC Help Spanish
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7B7FE54D-291A-B444-A92D-692FE2AF68A9}" = CCC Help Czech
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7FEF4A05-5371-DA6A-1BFF-E362D5219BA0}" = CCC Help Japanese
"{822A0363-2F68-C3D3-C986-39DEE7B82ABA}" = CCC Help Chinese Standard
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{98CDBF7F-4967-DFF9-2B6B-30FFBD2301CE}" = Catalyst Control Center Graphics Full Existing
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9D21771C-7E3D-8FCB-204E-37FD640329D5}" = CCC Help Finnish
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009.10.22
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3486626-A3E8-630B-B435-3FFF91DFEA06}" = CCC Help Greek
"{B6C33515-3D89-99BE-5A77-1CBD5F4815F2}" = CCC Help Hungarian
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.6
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BD0581BA-5D68-BC02-F257-D570C59486F5}" = CCC Help English
"{BD0AF750-A83F-6E0E-9F0F-60C0C3AC409C}" = CCC Help Dutch
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C62AEA0E-90B0-4049-9780-8499A18A34D7}" = VAIO Content Metadata Manager Setting
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC3A79FE-9AB0-6A5C-7297-22F01DD55DF8}" = CCC Help French
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = WIDCOMM Bluetooth Software
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D49E8AD8-2CA5-C337-64EB-2E880188060B}" = Skins
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5377161-8EC8-C1AA-92A5-648D415E614B}" = CCC Help Portuguese
"{D54E7851-2F34-F4C3-4C1E-BE6824D25BBC}" = CCC Help Italian
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DB8977-D520-4B04-6302-E678FF89A9A9}" = CCC Help Swedish
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.2.8
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E7FB96A3-7361-072B-D414-B2351CD8B703}" = Catalyst Control Center Core Implementation
"{EA810D55-C1FA-60E6-6FA8-05CE2A8D6AD1}" = ccc-utility
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1166CD2-117D-9AD6-75FB-70CABEAACC69}" = Catalyst Control Center Graphics Previews Common
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F1F4CE5F-20E6-9A4C-D3CA-7394462ECDA2}" = Catalyst Control Center Graphics Previews Vista
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6872904-AF27-6B7F-EFCF-94A5E0B58C9D}" = CCC Help Polish
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F88A7EB0-90F4-4012-9194-33AF2F1C5BF1}" = VAIO Movie Story 1.5 Upgrade
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlueJ_is1" = BlueJ 2.5.1
"CCleaner" = CCleaner (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dt icon module" =
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GeoGebra" = GeoGebra
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"IcoFX_is1" = IcoFX 1.6.4
"Image Grabber II" = Image Grabber II
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.0 (Full)
"Logitech Vid" = Logitech Vid HD
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mp3tag" = Mp3tag v2.45a
"Notepad++" = Notepad++
"PokerStars" = PokerStars
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"The KMPlayer" = The KMPlayer (remove only)
"VAIO Help and Support" =
"VLC media player" = VLC media player 1.0.1
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.7
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.01.2013 16:48:54 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8aebc41a ID des fehlerhaften
Prozesses: 0xa098 Startzeit der fehlerhaften Anwendung: 0x01cdfcb88408a7a4 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: f5ae775c-68c2-11e2-a00a-001dbab87a38
Error - 27.01.2013 16:48:54 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x92adbc76 ID des fehlerhaften
Prozesses: 0xb08 Startzeit der fehlerhaften Anwendung: 0x01cdfc6ae88a959e Pfad der
fehlerhaften Anwendung: C:\Windows\Explorer.EXE Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
f5fe1f27-68c2-11e2-a00a-001dbab87a38
Error - 27.01.2013 16:48:55 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8b09c41a ID des fehlerhaften
Prozesses: 0x8d44 Startzeit der fehlerhaften Anwendung: 0x01cdfcb8bed3dea7 Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: f666f4a0-68c2-11e2-a00a-001dbab87a38
Error - 27.01.2013 16:48:56 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 24.0.1312.56,
Zeitstempel: 0x50f8e9e4 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8bbbc41a ID des fehlerhaften
Prozesses: 0x10034 Startzeit der fehlerhaften Anwendung: 0x01cdfccc3b5dfc10 Pfad
der fehlerhaften Anwendung: C:\Users\Florian\AppData\Local\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: f7050bb1-68c2-11e2-a00a-001dbab87a38
Error - 27.01.2013 16:49:05 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8b4fc41a ID des fehlerhaften
Prozesses: 0xdad0 Startzeit der fehlerhaften Anwendung: 0x01cdfcca39d4cb0a Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: fc4a7523-68c2-11e2-a00a-001dbab87a38
Error - 27.01.2013 16:49:05 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8ab6c41a ID des fehlerhaften
Prozesses: 0xa4b8 Startzeit der fehlerhaften Anwendung: 0x01cdfcb883eda52f Pfad der
fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe Pfad des
fehlerhaften Moduls: unknown Berichtskennung: fc692126-68c2-11e2-a00a-001dbab87a38
Error - 27.01.2013 16:49:20 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmplayer.exe, Version: 12.0.7601.17514,
Zeitstempel: 0x4ce7a485 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x8b03c41a ID des fehlerhaften
Prozesses: 0x10f8 Startzeit der fehlerhaften Anwendung: 0x01cdfcb3bb2c38fb Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmplayer.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 0545ef9e-68c3-11e2-a00a-001dbab87a38
Error - 27.01.2013 17:54:05 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ISBMgr.exe, Version: 3.2.0.11180,
Zeitstempel: 0x49230a2c Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x898bc41a ID des fehlerhaften
Prozesses: 0xcb8 Startzeit der fehlerhaften Anwendung: 0x01cdfc6aeb29d9ab Pfad der
fehlerhaften Anwendung: C:\Program Files\sony\ISB Utility\ISBMgr.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 10e10dff-68cc-11e2-a00a-001dbab87a38
Error - 27.01.2013 20:47:18 | Computer Name = Notebook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.18010,
Zeitstempel: 0x50aee407 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x898bc41a ID des fehlerhaften
Prozesses: 0xad0 Startzeit der fehlerhaften Anwendung: 0x01cdfc6ae73fb658 Pfad der
fehlerhaften Anwendung: C:\Windows\system32\taskhost.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 43afb90b-68e4-11e2-a00a-001dbab87a38
Error - 28.01.2013 08:06:17 | Computer Name = Notebook | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 27.01.2013 04:46:57 | Computer Name = Notebook | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 27.01.2013 04:46:57 | Computer Name = Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 27.01.2013 19:01:54 | Computer Name = Notebook | Source = DCOM | ID = 10010
Description =
Error - 28.01.2013 08:04:39 | Computer Name = Notebook | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 28.01.2013 08:04:39 | Computer Name = Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.01.2013 09:41:08 | Computer Name = Notebook | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 28.01.2013 09:41:08 | Computer Name = Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.01.2013 09:41:56 | Computer Name = Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.01.2013 09:42:00 | Computer Name = Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.01.2013 17:42:23 | Computer Name = Notebook | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
|
|
31.01.2013, 19:19
| #4 |
| /// Malwareteam | BDS/ZeroAccess.Gen - kehrt stets zurück lass GMER weg... Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
31.01.2013, 23:05
| #5 |
| | BDS/ZeroAccess.Gen - kehrt stets zurück Danke, hat beides funktioniert. aswMBR Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-31 22:57:49
-----------------------------
22:57:49.827 OS Version: Windows 6.1.7601 Service Pack 1
22:57:49.827 Number of processors: 2 586 0x170A
22:57:49.829 ComputerName: NOTEBOOK UserName: Florian
22:58:17.535 Initialize success
22:59:07.821 AVAST engine download error: 0
22:59:17.679 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:59:17.683 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
22:59:17.688 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000067
22:59:17.693 Disk 1 Vendor: RICOH 01 Size: 476940MB BusType: 0
22:59:17.698 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000068
22:59:17.701 Disk 2 Vendor: RICOH 02 Size: 476940MB BusType: 0
22:59:17.763 Disk 0 MBR read successfully
22:59:17.769 Disk 0 MBR scan
22:59:17.776 Disk 0 Windows 7 default MBR code
22:59:17.798 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13207 MB offset 2048
22:59:17.812 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 463731 MB offset 27049984
22:59:17.818 Disk 0 scanning sectors +976771120
22:59:17.893 Disk 0 scanning C:\Windows\system32\drivers
22:59:28.480 Service scanning
23:00:06.406 Modules scanning
23:00:25.325 Disk 0 trace - called modules:
23:00:25.355 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
23:00:25.361 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8709a460]
23:00:25.367 3 CLASSPNP.SYS[8bb8d59e] -> nt!IofCallDriver -> [0x86668888]
23:00:25.373 5 ACPI.sys[8b4993d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8669e028]
23:00:25.379 Scan finished successfully
23:00:34.660 Disk 0 MBR has been saved successfully to "C:\Users\Florian\Desktop\MBR.dat"
23:00:34.666 The log file has been saved successfully to "C:\Users\Florian\Desktop\aswMBR.txt"
Code:
ATTFilter 23:00:54.0867 1272 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:00:54.0878 1272 ============================================================
23:00:54.0878 1272 Current date / time: 2013/01/31 23:00:54.0878
23:00:54.0878 1272 SystemInfo:
23:00:54.0878 1272
23:00:54.0878 1272 OS Version: 6.1.7601 ServicePack: 1.0
23:00:54.0878 1272 Product type: Workstation
23:00:54.0878 1272 ComputerName: NOTEBOOK
23:00:54.0878 1272 UserName: Florian
23:00:54.0878 1272 Windows directory: C:\Windows
23:00:54.0878 1272 System windows directory: C:\Windows
23:00:54.0878 1272 Processor architecture: Intel x86
23:00:54.0878 1272 Number of processors: 2
23:00:54.0878 1272 Page size: 0x1000
23:00:54.0878 1272 Boot type: Normal boot
23:00:54.0878 1272 ============================================================
23:00:55.0323 1272 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:00:55.0326 1272 Drive \Device\Harddisk3\DR3 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
23:00:55.0340 1272 ============================================================
23:00:55.0340 1272 \Device\Harddisk0\DR0:
23:00:55.0340 1272 MBR partitions:
23:00:55.0340 1272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x19CC000, BlocksNum 0x389B9830
23:00:55.0340 1272 \Device\Harddisk3\DR3:
23:00:55.0340 1272 MBR partitions:
23:00:55.0340 1272 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
23:00:55.0340 1272 ============================================================
23:00:55.0365 1272 C: <-> \Device\Harddisk0\DR0\Partition1
23:00:55.0433 1272 G: <-> \Device\Harddisk3\DR3\Partition1
23:00:55.0434 1272 ============================================================
23:00:55.0434 1272 Initialize success
23:00:55.0434 1272 ============================================================
23:00:58.0983 2464 ============================================================
23:00:58.0983 2464 Scan started
23:00:58.0983 2464 Mode: Manual;
23:00:58.0983 2464 ============================================================
23:00:59.0342 2464 ================ Scan system memory ========================
23:00:59.0342 2464 System memory - ok
23:00:59.0345 2464 ================ Scan services =============================
23:00:59.0769 2464 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:00:59.0770 2464 1394ohci - ok
23:00:59.0865 2464 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:00:59.0868 2464 ACDaemon - ok
23:00:59.0919 2464 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:00:59.0922 2464 ACPI - ok
23:00:59.0960 2464 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:00:59.0961 2464 AcpiPmi - ok
23:01:00.0027 2464 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:01:00.0033 2464 adp94xx - ok
23:01:00.0055 2464 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:01:00.0060 2464 adpahci - ok
23:01:00.0096 2464 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:01:00.0097 2464 adpu320 - ok
23:01:00.0137 2464 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:01:00.0138 2464 AeLookupSvc - ok
23:01:00.0194 2464 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
23:01:00.0197 2464 AFD - ok
23:01:00.0226 2464 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
23:01:00.0227 2464 agp440 - ok
23:01:00.0279 2464 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:01:00.0280 2464 aic78xx - ok
23:01:00.0334 2464 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:01:00.0336 2464 ALG - ok
23:01:00.0368 2464 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
23:01:00.0368 2464 aliide - ok
23:01:00.0409 2464 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:01:00.0411 2464 AMD External Events Utility - ok
23:01:00.0437 2464 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:01:00.0438 2464 amdagp - ok
23:01:00.0481 2464 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
23:01:00.0482 2464 amdide - ok
23:01:00.0528 2464 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:01:00.0529 2464 AmdK8 - ok
23:01:00.0539 2464 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:01:00.0540 2464 AmdPPM - ok
23:01:00.0584 2464 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:01:00.0585 2464 amdsata - ok
23:01:00.0617 2464 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:01:00.0619 2464 amdsbs - ok
23:01:00.0644 2464 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:01:00.0644 2464 amdxata - ok
23:01:00.0693 2464 [ 9325E49D555D8F12CE1735227DBB3D80 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
23:01:00.0695 2464 ApfiltrService - ok
23:01:00.0741 2464 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
23:01:00.0742 2464 AppID - ok
23:01:00.0784 2464 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:01:00.0785 2464 AppIDSvc - ok
23:01:00.0859 2464 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
23:01:00.0860 2464 Appinfo - ok
23:01:00.0925 2464 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:01:00.0927 2464 arc - ok
23:01:00.0953 2464 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:01:00.0954 2464 arcsas - ok
23:01:01.0000 2464 [ 857B48965A0503B7AB795D4BFE7CBD8B ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
23:01:01.0001 2464 ArcSoftKsUFilter - ok
23:01:01.0031 2464 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:01:01.0031 2464 AsyncMac - ok
23:01:01.0085 2464 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
23:01:01.0086 2464 atapi - ok
23:01:01.0321 2464 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:01:01.0443 2464 atikmdag - ok
23:01:01.0501 2464 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:01:01.0506 2464 AudioEndpointBuilder - ok
23:01:01.0517 2464 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:01:01.0520 2464 Audiosrv - ok
23:01:01.0534 2464 avgntflt - ok
23:01:01.0551 2464 avkmgr - ok
23:01:01.0584 2464 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:01:01.0586 2464 AxInstSV - ok
23:01:01.0638 2464 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:01:01.0643 2464 b06bdrv - ok
23:01:01.0685 2464 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:01:01.0688 2464 b57nd60x - ok
23:01:01.0723 2464 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:01:01.0725 2464 BDESVC - ok
23:01:01.0770 2464 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:01:01.0771 2464 Beep - ok
23:01:01.0833 2464 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
23:01:01.0841 2464 BFE - ok
23:01:01.0890 2464 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
23:01:01.0902 2464 BITS - ok
23:01:01.0917 2464 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:01:01.0918 2464 blbdrive - ok
23:01:01.0952 2464 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:01:01.0953 2464 bowser - ok
23:01:01.0976 2464 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:01:01.0976 2464 BrFiltLo - ok
23:01:01.0997 2464 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:01:01.0998 2464 BrFiltUp - ok
23:01:02.0076 2464 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:01:02.0077 2464 BridgeMP - ok
23:01:02.0120 2464 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
23:01:02.0121 2464 Browser - ok
23:01:02.0149 2464 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:01:02.0153 2464 Brserid - ok
23:01:02.0178 2464 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:01:02.0179 2464 BrSerWdm - ok
23:01:02.0198 2464 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:01:02.0198 2464 BrUsbMdm - ok
23:01:02.0215 2464 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:01:02.0215 2464 BrUsbSer - ok
23:01:02.0270 2464 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
23:01:02.0271 2464 BthEnum - ok
23:01:02.0285 2464 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:01:02.0286 2464 BTHMODEM - ok
23:01:02.0342 2464 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:01:02.0344 2464 BthPan - ok
23:01:02.0401 2464 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
23:01:02.0407 2464 BTHPORT - ok
23:01:02.0456 2464 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:01:02.0459 2464 bthserv - ok
23:01:02.0492 2464 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
23:01:02.0493 2464 BTHUSB - ok
23:01:02.0603 2464 catchme - ok
23:01:02.0647 2464 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:01:02.0648 2464 cdfs - ok
23:01:02.0700 2464 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
23:01:02.0702 2464 cdrom - ok
23:01:02.0750 2464 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
23:01:02.0753 2464 CertPropSvc - ok
23:01:02.0797 2464 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:01:02.0798 2464 circlass - ok
23:01:02.0836 2464 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:01:02.0839 2464 CLFS - ok
23:01:02.0921 2464 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:01:02.0923 2464 clr_optimization_v2.0.50727_32 - ok
23:01:03.0002 2464 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:01:03.0004 2464 clr_optimization_v4.0.30319_32 - ok
23:01:03.0040 2464 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:01:03.0040 2464 CmBatt - ok
23:01:03.0072 2464 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:01:03.0073 2464 cmdide - ok
23:01:03.0118 2464 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
23:01:03.0123 2464 CNG - ok
23:01:03.0153 2464 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:01:03.0153 2464 Compbatt - ok
23:01:03.0207 2464 [ 9704B9C442E3EF2989746D08F80A3743 ] CompFilter C:\Windows\system32\DRIVERS\lvbusflt.sys
23:01:03.0208 2464 CompFilter - ok
23:01:03.0258 2464 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:01:03.0259 2464 CompositeBus - ok
23:01:03.0280 2464 COMSysApp - ok
23:01:03.0313 2464 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:01:03.0314 2464 crcdisk - ok
23:01:03.0360 2464 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:01:03.0362 2464 CryptSvc - ok
23:01:03.0405 2464 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
23:01:03.0414 2464 DcomLaunch - ok
23:01:03.0448 2464 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:01:03.0453 2464 defragsvc - ok
23:01:03.0485 2464 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:01:03.0486 2464 DfsC - ok
23:01:03.0555 2464 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:01:03.0560 2464 Dhcp - ok
23:01:03.0590 2464 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:01:03.0590 2464 discache - ok
23:01:03.0618 2464 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:01:03.0619 2464 Disk - ok
23:01:03.0653 2464 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
23:01:03.0654 2464 DMICall - ok
23:01:03.0683 2464 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:01:03.0686 2464 Dnscache - ok
23:01:03.0712 2464 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
23:01:03.0718 2464 dot3svc - ok
23:01:03.0762 2464 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
23:01:03.0763 2464 Dot4 - ok
23:01:03.0823 2464 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:01:03.0824 2464 Dot4Print - ok
23:01:03.0843 2464 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
23:01:03.0844 2464 dot4usb - ok
23:01:03.0868 2464 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
23:01:03.0871 2464 DPS - ok
23:01:03.0906 2464 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:01:03.0907 2464 drmkaud - ok
23:01:03.0955 2464 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:01:03.0966 2464 DXGKrnl - ok
23:01:04.0000 2464 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:01:04.0003 2464 EapHost - ok
23:01:04.0121 2464 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:01:04.0176 2464 ebdrv - ok
23:01:04.0224 2464 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
23:01:04.0226 2464 EFS - ok
23:01:04.0292 2464 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:01:04.0302 2464 ehRecvr - ok
23:01:04.0332 2464 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
23:01:04.0334 2464 ehSched - ok
23:01:04.0383 2464 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:01:04.0390 2464 elxstor - ok
23:01:04.0421 2464 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:01:04.0422 2464 ErrDev - ok
23:01:04.0461 2464 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:01:04.0466 2464 EventSystem - ok
23:01:04.0486 2464 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:01:04.0489 2464 exfat - ok
23:01:04.0513 2464 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:01:04.0514 2464 fastfat - ok
23:01:04.0568 2464 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
23:01:04.0579 2464 Fax - ok
23:01:04.0616 2464 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:01:04.0616 2464 fdc - ok
23:01:04.0639 2464 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:01:04.0642 2464 fdPHost - ok
23:01:04.0652 2464 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:01:04.0655 2464 FDResPub - ok
23:01:04.0673 2464 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:01:04.0674 2464 FileInfo - ok
23:01:04.0703 2464 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:01:04.0703 2464 Filetrace - ok
23:01:04.0777 2464 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:01:04.0789 2464 FLEXnet Licensing Service - ok
23:01:04.0813 2464 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:01:04.0814 2464 flpydisk - ok
23:01:04.0849 2464 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:01:04.0852 2464 FltMgr - ok
23:01:04.0901 2464 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
23:01:04.0915 2464 FontCache - ok
23:01:04.0991 2464 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:01:04.0993 2464 FontCache3.0.0.0 - ok
23:01:05.0014 2464 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:01:05.0015 2464 FsDepends - ok
23:01:05.0055 2464 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:01:05.0056 2464 Fs_Rec - ok
23:01:05.0100 2464 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:01:05.0102 2464 fvevol - ok
23:01:05.0141 2464 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:01:05.0143 2464 gagp30kx - ok
23:01:05.0185 2464 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
23:01:05.0193 2464 gpsvc - ok
23:01:05.0306 2464 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:01:05.0307 2464 gupdate - ok
23:01:05.0332 2464 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:01:05.0334 2464 gupdatem - ok
23:01:05.0370 2464 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:01:05.0371 2464 hcw85cir - ok
23:01:05.0427 2464 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:01:05.0431 2464 HdAudAddService - ok
23:01:05.0472 2464 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:01:05.0473 2464 HDAudBus - ok
23:01:05.0503 2464 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:01:05.0504 2464 HidBatt - ok
23:01:05.0533 2464 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:01:05.0534 2464 HidBth - ok
23:01:05.0568 2464 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:01:05.0569 2464 HidIr - ok
23:01:05.0609 2464 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
23:01:05.0612 2464 hidserv - ok
23:01:05.0671 2464 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
23:01:05.0672 2464 HidUsb - ok
23:01:05.0700 2464 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:01:05.0703 2464 hkmsvc - ok
23:01:05.0727 2464 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:01:05.0732 2464 HomeGroupListener - ok
23:01:05.0761 2464 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:01:05.0765 2464 HomeGroupProvider - ok
23:01:05.0804 2464 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:01:05.0805 2464 HpSAMD - ok
23:01:05.0828 2464 HSF_DPV - ok
23:01:05.0836 2464 HSXHWAZL - ok
23:01:05.0877 2464 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:01:05.0883 2464 HTTP - ok
23:01:05.0912 2464 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:01:05.0913 2464 hwpolicy - ok
23:01:05.0948 2464 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:01:05.0949 2464 i8042prt - ok
23:01:05.0978 2464 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:01:05.0980 2464 iaStor - ok
23:01:06.0023 2464 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:01:06.0027 2464 iaStorV - ok
23:01:06.0148 2464 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:01:06.0150 2464 IDriverT - ok
23:01:06.0247 2464 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:01:06.0262 2464 idsvc - ok
23:01:06.0306 2464 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:01:06.0307 2464 iirsp - ok
23:01:06.0353 2464 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
23:01:06.0364 2464 IKEEXT - ok
23:01:06.0388 2464 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
23:01:06.0389 2464 intelide - ok
23:01:06.0431 2464 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:01:06.0432 2464 intelppm - ok
23:01:06.0462 2464 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:01:06.0465 2464 IPBusEnum - ok
23:01:06.0487 2464 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:01:06.0487 2464 IpFilterDriver - ok
23:01:06.0528 2464 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:01:06.0535 2464 iphlpsvc - ok
23:01:06.0567 2464 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:01:06.0569 2464 IPMIDRV - ok
23:01:06.0590 2464 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:01:06.0591 2464 IPNAT - ok
23:01:06.0634 2464 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:01:06.0635 2464 IRENUM - ok
23:01:06.0662 2464 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:01:06.0663 2464 isapnp - ok
23:01:06.0702 2464 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:01:06.0705 2464 iScsiPrt - ok
23:01:06.0733 2464 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:01:06.0733 2464 kbdclass - ok
23:01:06.0765 2464 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:01:06.0766 2464 kbdhid - ok
23:01:06.0791 2464 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
23:01:06.0793 2464 KeyIso - ok
23:01:06.0823 2464 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:01:06.0824 2464 KSecDD - ok
23:01:06.0864 2464 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:01:06.0865 2464 KSecPkg - ok
23:01:06.0911 2464 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:01:06.0917 2464 KtmRm - ok
23:01:06.0965 2464 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
23:01:06.0971 2464 LanmanServer - ok
23:01:06.0998 2464 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:01:07.0004 2464 LanmanWorkstation - ok
23:01:07.0059 2464 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:01:07.0060 2464 lltdio - ok
23:01:07.0086 2464 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:01:07.0092 2464 lltdsvc - ok
23:01:07.0109 2464 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:01:07.0112 2464 lmhosts - ok
23:01:07.0167 2464 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:01:07.0169 2464 LSI_FC - ok
23:01:07.0177 2464 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:01:07.0178 2464 LSI_SAS - ok
23:01:07.0210 2464 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:01:07.0210 2464 LSI_SAS2 - ok
23:01:07.0223 2464 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:01:07.0224 2464 LSI_SCSI - ok
23:01:07.0262 2464 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:01:07.0263 2464 luafv - ok
23:01:07.0303 2464 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
23:01:07.0306 2464 LVRS - ok
23:01:07.0459 2464 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
23:01:07.0562 2464 LVUVC - ok
23:01:07.0603 2464 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:01:07.0606 2464 Mcx2Svc - ok
23:01:07.0611 2464 mdmxsdk - ok
23:01:07.0646 2464 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:01:07.0646 2464 megasas - ok
23:01:07.0682 2464 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:01:07.0686 2464 MegaSR - ok
23:01:07.0721 2464 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:01:07.0724 2464 MMCSS - ok
23:01:07.0734 2464 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:01:07.0735 2464 Modem - ok
23:01:07.0784 2464 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:01:07.0785 2464 monitor - ok
23:01:07.0820 2464 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
23:01:07.0821 2464 mouclass - ok
23:01:07.0838 2464 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:01:07.0839 2464 mouhid - ok
23:01:07.0871 2464 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:01:07.0872 2464 mountmgr - ok
23:01:07.0910 2464 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
23:01:07.0912 2464 mpio - ok
23:01:07.0945 2464 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:01:07.0946 2464 mpsdrv - ok
23:01:07.0991 2464 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:01:08.0002 2464 MpsSvc - ok
23:01:08.0054 2464 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:01:08.0055 2464 MRxDAV - ok
23:01:08.0104 2464 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:01:08.0105 2464 mrxsmb - ok
23:01:08.0141 2464 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:01:08.0145 2464 mrxsmb10 - ok
23:01:08.0174 2464 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:01:08.0176 2464 mrxsmb20 - ok
23:01:08.0199 2464 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
23:01:08.0200 2464 msahci - ok
23:01:08.0254 2464 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:01:08.0256 2464 msdsm - ok
23:01:08.0288 2464 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:01:08.0294 2464 MSDTC - ok
23:01:08.0346 2464 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:01:08.0347 2464 Msfs - ok
23:01:08.0358 2464 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:01:08.0358 2464 mshidkmdf - ok
23:01:08.0395 2464 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:01:08.0396 2464 msisadrv - ok
23:01:08.0445 2464 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:01:08.0449 2464 MSiSCSI - ok
23:01:08.0456 2464 msiserver - ok
23:01:08.0503 2464 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:01:08.0503 2464 MSKSSRV - ok
23:01:08.0531 2464 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:01:08.0532 2464 MSPCLOCK - ok
23:01:08.0575 2464 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:01:08.0576 2464 MSPQM - ok
23:01:08.0603 2464 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:01:08.0605 2464 MsRPC - ok
23:01:08.0633 2464 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:01:08.0634 2464 mssmbios - ok
23:01:08.0664 2464 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:01:08.0665 2464 MSTEE - ok
23:01:08.0695 2464 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:01:08.0696 2464 MTConfig - ok
23:01:08.0734 2464 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:01:08.0735 2464 Mup - ok
23:01:08.0773 2464 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
23:01:08.0781 2464 napagent - ok
23:01:08.0836 2464 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:01:08.0839 2464 NativeWifiP - ok
23:01:08.0892 2464 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:01:08.0903 2464 NDIS - ok
23:01:08.0939 2464 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:01:08.0940 2464 NdisCap - ok
23:01:08.0966 2464 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:01:08.0967 2464 NdisTapi - ok
23:01:09.0009 2464 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:01:09.0010 2464 Ndisuio - ok
23:01:09.0039 2464 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:01:09.0041 2464 NdisWan - ok
23:01:09.0060 2464 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:01:09.0061 2464 NDProxy - ok
23:01:09.0106 2464 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:01:09.0107 2464 NetBIOS - ok
23:01:09.0135 2464 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:01:09.0138 2464 NetBT - ok
23:01:09.0157 2464 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
23:01:09.0160 2464 Netlogon - ok
23:01:09.0201 2464 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:01:09.0208 2464 Netman - ok
23:01:09.0245 2464 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:01:09.0252 2464 netprofm - ok
23:01:09.0284 2464 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:01:09.0286 2464 NetTcpPortSharing - ok
23:01:09.0420 2464 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
23:01:09.0489 2464 netw5v32 - ok
23:01:09.0522 2464 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:01:09.0523 2464 nfrd960 - ok
23:01:09.0562 2464 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
23:01:09.0566 2464 NlaSvc - ok
23:01:09.0585 2464 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:01:09.0586 2464 Npfs - ok
23:01:09.0619 2464 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:01:09.0621 2464 nsi - ok
23:01:09.0633 2464 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:01:09.0633 2464 nsiproxy - ok
23:01:09.0688 2464 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:01:09.0703 2464 Ntfs - ok
23:01:09.0739 2464 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:01:09.0739 2464 Null - ok
23:01:09.0767 2464 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:01:09.0768 2464 nvraid - ok
23:01:09.0785 2464 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:01:09.0787 2464 nvstor - ok
23:01:09.0815 2464 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:01:09.0816 2464 nv_agp - ok
23:01:09.0914 2464 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:01:09.0922 2464 odserv - ok
23:01:09.0966 2464 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:01:09.0968 2464 ohci1394 - ok
23:01:10.0023 2464 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:01:10.0026 2464 ose - ok
23:01:10.0069 2464 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:01:10.0077 2464 p2pimsvc - ok
23:01:10.0125 2464 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:01:10.0135 2464 p2psvc - ok
23:01:10.0168 2464 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:01:10.0170 2464 Parport - ok
23:01:10.0199 2464 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:01:10.0200 2464 partmgr - ok
23:01:10.0227 2464 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:01:10.0228 2464 Parvdm - ok
23:01:10.0258 2464 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:01:10.0265 2464 PcaSvc - ok
23:01:10.0301 2464 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
23:01:10.0302 2464 pci - ok
23:01:10.0320 2464 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
23:01:10.0320 2464 pciide - ok
23:01:10.0363 2464 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:01:10.0365 2464 pcmcia - ok
23:01:10.0388 2464 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:01:10.0388 2464 pcw - ok
23:01:10.0409 2464 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:01:10.0415 2464 PEAUTH - ok
23:01:10.0541 2464 [ ACC93675D78D1C07DAD09D7837F2397A ] pgsql-8.3 C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
23:01:10.0543 2464 pgsql-8.3 - ok
23:01:10.0612 2464 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
23:01:10.0635 2464 pla - ok
23:01:10.0680 2464 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:01:10.0685 2464 PlugPlay - ok
23:01:10.0722 2464 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:01:10.0725 2464 PNRPAutoReg - ok
23:01:10.0747 2464 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:01:10.0751 2464 PNRPsvc - ok
23:01:10.0789 2464 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:01:10.0796 2464 PolicyAgent - ok
23:01:10.0829 2464 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
23:01:10.0833 2464 Power - ok
23:01:10.0872 2464 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:01:10.0873 2464 PptpMiniport - ok
23:01:10.0893 2464 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:01:10.0893 2464 Processor - ok
23:01:10.0932 2464 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
23:01:10.0935 2464 ProfSvc - ok
23:01:10.0947 2464 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:01:10.0949 2464 ProtectedStorage - ok
23:01:11.0019 2464 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:01:11.0021 2464 Psched - ok
23:01:11.0056 2464 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:01:11.0057 2464 PxHelp20 - ok
23:01:11.0108 2464 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:01:11.0130 2464 ql2300 - ok
23:01:11.0158 2464 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:01:11.0159 2464 ql40xx - ok
23:01:11.0190 2464 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:01:11.0196 2464 QWAVE - ok
23:01:11.0207 2464 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:01:11.0208 2464 QWAVEdrv - ok
23:01:11.0232 2464 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:01:11.0232 2464 RasAcd - ok
23:01:11.0274 2464 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:01:11.0275 2464 RasAgileVpn - ok
23:01:11.0309 2464 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:01:11.0313 2464 RasAuto - ok
23:01:11.0351 2464 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:01:11.0352 2464 Rasl2tp - ok
23:01:11.0385 2464 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
23:01:11.0390 2464 RasMan - ok
23:01:11.0409 2464 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:01:11.0410 2464 RasPppoe - ok
23:01:11.0443 2464 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:01:11.0444 2464 RasSstp - ok
23:01:11.0472 2464 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:01:11.0475 2464 rdbss - ok
23:01:11.0510 2464 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:01:11.0510 2464 rdpbus - ok
23:01:11.0538 2464 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:01:11.0538 2464 RDPCDD - ok
23:01:11.0570 2464 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:01:11.0571 2464 RDPENCDD - ok
23:01:11.0578 2464 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:01:11.0579 2464 RDPREFMP - ok
23:01:11.0620 2464 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:01:11.0622 2464 RDPWD - ok
23:01:11.0673 2464 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:01:11.0675 2464 rdyboost - ok
23:01:11.0713 2464 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:01:11.0717 2464 RemoteAccess - ok
23:01:11.0740 2464 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:01:11.0746 2464 RemoteRegistry - ok
23:01:11.0786 2464 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:01:11.0787 2464 RFCOMM - ok
23:01:11.0835 2464 [ F7D9ECF41EBD3CF6C65944368150F66B ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
23:01:11.0836 2464 rimsptsk - ok
23:01:11.0855 2464 [ 1BE6C42767A7C67BA31AE32B293B37A3 ] risdptsk C:\Windows\system32\DRIVERS\risdptsk.sys
23:01:11.0856 2464 risdptsk - ok
23:01:11.0885 2464 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:01:11.0889 2464 RpcEptMapper - ok
23:01:11.0931 2464 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:01:11.0934 2464 RpcLocator - ok
23:01:11.0973 2464 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
23:01:11.0980 2464 RpcSs - ok
23:01:12.0016 2464 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:01:12.0017 2464 rspndr - ok
23:01:12.0057 2464 [ 4B3795EBECAE570DEF38BA7924C2A3DC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
23:01:12.0058 2464 RtkAudioService - ok
23:01:12.0081 2464 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
23:01:12.0084 2464 SamSs - ok
23:01:12.0111 2464 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:01:12.0113 2464 sbp2port - ok
23:01:12.0143 2464 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:01:12.0150 2464 SCardSvr - ok
23:01:12.0181 2464 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:01:12.0182 2464 scfilter - ok
23:01:12.0231 2464 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
23:01:12.0244 2464 Schedule - ok
23:01:12.0262 2464 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:01:12.0264 2464 SCPolicySvc - ok
23:01:12.0313 2464 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:01:12.0319 2464 SDRSVC - ok
23:01:12.0361 2464 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:01:12.0362 2464 secdrv - ok
23:01:12.0384 2464 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:01:12.0388 2464 seclogon - ok
23:01:12.0403 2464 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
23:01:12.0407 2464 SENS - ok
23:01:12.0444 2464 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:01:12.0449 2464 SensrSvc - ok
23:01:12.0485 2464 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:01:12.0486 2464 Serenum - ok
23:01:12.0515 2464 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:01:12.0517 2464 Serial - ok
23:01:12.0550 2464 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:01:12.0551 2464 sermouse - ok
23:01:12.0596 2464 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
23:01:12.0602 2464 SessionEnv - ok
23:01:12.0642 2464 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
23:01:12.0643 2464 SFEP - ok
23:01:12.0670 2464 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:01:12.0671 2464 sffdisk - ok
23:01:12.0693 2464 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:01:12.0694 2464 sffp_mmc - ok
23:01:12.0714 2464 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:01:12.0715 2464 sffp_sd - ok
23:01:12.0740 2464 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:01:12.0741 2464 sfloppy - ok
23:01:12.0782 2464 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:01:12.0790 2464 SharedAccess - ok
23:01:12.0834 2464 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:01:12.0841 2464 ShellHWDetection - ok
23:01:12.0878 2464 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:01:12.0881 2464 sisagp - ok
23:01:12.0929 2464 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:01:12.0930 2464 SiSRaid2 - ok
23:01:12.0961 2464 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:01:12.0962 2464 SiSRaid4 - ok
23:01:13.0021 2464 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:01:13.0023 2464 SkypeUpdate - ok
23:01:13.0047 2464 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:01:13.0048 2464 Smb - ok
23:01:13.0095 2464 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:01:13.0099 2464 SNMPTRAP - ok
23:01:13.0128 2464 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:01:13.0129 2464 spldr - ok
23:01:13.0164 2464 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
23:01:13.0172 2464 Spooler - ok
23:01:13.0271 2464 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
23:01:13.0323 2464 sppsvc - ok
23:01:13.0357 2464 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:01:13.0361 2464 sppuinotify - ok
23:01:13.0396 2464 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:01:13.0399 2464 srv - ok
23:01:13.0419 2464 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:01:13.0421 2464 srv2 - ok
23:01:13.0487 2464 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:01:13.0490 2464 SrvHsfHDA - ok
23:01:13.0527 2464 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:01:13.0541 2464 SrvHsfV92 - ok
23:01:13.0615 2464 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:01:13.0624 2464 SrvHsfWinac - ok
23:01:13.0656 2464 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:01:13.0657 2464 srvnet - ok
23:01:13.0697 2464 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:01:13.0701 2464 SSDPSRV - ok
23:01:13.0721 2464 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:01:13.0724 2464 SstpSvc - ok
23:01:13.0755 2464 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:01:13.0756 2464 stexstor - ok
23:01:13.0818 2464 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
23:01:13.0829 2464 StiSvc - ok
23:01:13.0864 2464 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
23:01:13.0865 2464 swenum - ok
23:01:13.0892 2464 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:01:13.0898 2464 swprv - ok
23:01:13.0954 2464 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
23:01:13.0974 2464 SysMain - ok
23:01:13.0998 2464 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:01:14.0002 2464 TabletInputService - ok
23:01:14.0035 2464 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
23:01:14.0039 2464 TapiSrv - ok
23:01:14.0073 2464 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:01:14.0076 2464 TBS - ok
23:01:14.0137 2464 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:01:14.0156 2464 Tcpip - ok
23:01:14.0212 2464 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:01:14.0219 2464 TCPIP6 - ok
23:01:14.0256 2464 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:01:14.0256 2464 tcpipreg - ok
23:01:14.0287 2464 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:01:14.0288 2464 TDPIPE - ok
23:01:14.0326 2464 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:01:14.0327 2464 TDTCP - ok
23:01:14.0363 2464 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:01:14.0364 2464 tdx - ok
23:01:14.0373 2464 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:01:14.0374 2464 TermDD - ok
23:01:14.0407 2464 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
23:01:14.0418 2464 TermService - ok
23:01:14.0444 2464 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:01:14.0447 2464 Themes - ok
23:01:14.0456 2464 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:01:14.0458 2464 THREADORDER - ok
23:01:14.0476 2464 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:01:14.0479 2464 TrkWks - ok
23:01:14.0538 2464 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:01:14.0539 2464 TrustedInstaller - ok
23:01:14.0570 2464 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:01:14.0571 2464 tssecsrv - ok
23:01:14.0618 2464 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:01:14.0619 2464 TsUsbFlt - ok
23:01:14.0666 2464 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:01:14.0668 2464 tunnel - ok
23:01:14.0701 2464 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:01:14.0702 2464 uagp35 - ok
23:01:14.0756 2464 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
23:01:14.0759 2464 uCamMonitor - ok
23:01:14.0795 2464 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:01:14.0799 2464 udfs - ok
23:01:14.0838 2464 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:01:14.0844 2464 UI0Detect - ok
23:01:14.0878 2464 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:01:14.0880 2464 uliagpkx - ok
23:01:14.0913 2464 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
23:01:14.0914 2464 umbus - ok
23:01:14.0954 2464 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:01:14.0955 2464 UmPass - ok
23:01:15.0043 2464 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
23:01:15.0048 2464 UMVPFSrv - ok
23:01:15.0099 2464 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:01:15.0108 2464 upnphost - ok
23:01:15.0172 2464 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:01:15.0206 2464 usbaudio - ok
23:01:15.0256 2464 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:01:15.0258 2464 usbccgp - ok
23:01:15.0294 2464 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:01:15.0296 2464 usbcir - ok
23:01:15.0323 2464 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:01:15.0325 2464 usbehci - ok
23:01:15.0391 2464 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:01:15.0395 2464 usbhub - ok
23:01:15.0426 2464 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:01:15.0427 2464 usbohci - ok
23:01:15.0474 2464 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:01:15.0475 2464 usbprint - ok
23:01:15.0517 2464 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:01:15.0518 2464 usbscan - ok
23:01:15.0548 2464 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:01:15.0550 2464 USBSTOR - ok
23:01:15.0569 2464 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:01:15.0570 2464 usbuhci - ok
23:01:15.0620 2464 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:01:15.0623 2464 usbvideo - ok
23:01:15.0654 2464 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:01:15.0659 2464 UxSms - ok
23:01:15.0669 2464 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
23:01:15.0672 2464 VaultSvc - ok
23:01:15.0709 2464 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
23:01:15.0710 2464 VClone - ok
23:01:15.0741 2464 VcmXmlIfHelper - ok
23:01:15.0767 2464 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:01:15.0768 2464 vdrvroot - ok
23:01:15.0817 2464 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
23:01:15.0829 2464 vds - ok
23:01:15.0862 2464 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:01:15.0864 2464 vga - ok
23:01:15.0900 2464 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:01:15.0901 2464 VgaSave - ok
23:01:15.0938 2464 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:01:15.0941 2464 vhdmp - ok
23:01:15.0975 2464 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:01:15.0976 2464 viaagp - ok
23:01:16.0007 2464 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:01:16.0008 2464 ViaC7 - ok
23:01:16.0035 2464 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
23:01:16.0036 2464 viaide - ok
23:01:16.0060 2464 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:01:16.0061 2464 volmgr - ok
23:01:16.0080 2464 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:01:16.0084 2464 volmgrx - ok
23:01:16.0103 2464 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:01:16.0107 2464 volsnap - ok
23:01:16.0157 2464 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:01:16.0159 2464 vsmraid - ok
23:01:16.0207 2464 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
23:01:16.0218 2464 VSS - ok
23:01:16.0241 2464 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:01:16.0242 2464 vwifibus - ok
23:01:16.0333 2464 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:01:16.0342 2464 W32Time - ok
23:01:16.0372 2464 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:01:16.0373 2464 WacomPen - ok
23:01:16.0395 2464 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:01:16.0397 2464 WANARP - ok
23:01:16.0402 2464 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:01:16.0403 2464 Wanarpv6 - ok
23:01:16.0490 2464 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:01:16.0513 2464 WatAdminSvc - ok
23:01:16.0553 2464 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
23:01:16.0572 2464 wbengine - ok
23:01:16.0611 2464 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:01:16.0616 2464 WbioSrvc - ok
23:01:16.0651 2464 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:01:16.0660 2464 wcncsvc - ok
23:01:16.0697 2464 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:01:16.0701 2464 WcsPlugInService - ok
23:01:16.0725 2464 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:01:16.0726 2464 Wd - ok
23:01:16.0766 2464 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:01:16.0774 2464 Wdf01000 - ok
23:01:16.0793 2464 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:01:16.0798 2464 WdiServiceHost - ok
23:01:16.0804 2464 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:01:16.0809 2464 WdiSystemHost - ok
23:01:16.0847 2464 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
23:01:16.0855 2464 WebClient - ok
23:01:16.0889 2464 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:01:16.0896 2464 Wecsvc - ok
23:01:16.0917 2464 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:01:16.0923 2464 wercplsupport - ok
23:01:16.0950 2464 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:01:16.0955 2464 WerSvc - ok
23:01:16.0997 2464 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:01:16.0998 2464 WfpLwf - ok
23:01:17.0035 2464 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
23:01:17.0037 2464 WimFltr - ok
23:01:17.0062 2464 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:01:17.0063 2464 WIMMount - ok
23:01:17.0069 2464 winachsf - ok
23:01:17.0139 2464 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:01:17.0151 2464 WinDefend - ok
23:01:17.0159 2464 WinHttpAutoProxySvc - ok
23:01:17.0218 2464 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:01:17.0220 2464 Winmgmt - ok
23:01:17.0273 2464 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
23:01:17.0298 2464 WinRM - ok
23:01:17.0363 2464 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:01:17.0364 2464 WinUsb - ok
23:01:17.0415 2464 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:01:17.0431 2464 Wlansvc - ok
23:01:17.0458 2464 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:01:17.0459 2464 WmiAcpi - ok
23:01:17.0496 2464 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:01:17.0499 2464 wmiApSrv - ok
23:01:17.0573 2464 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:01:17.0592 2464 WMPNetworkSvc - ok
23:01:17.0631 2464 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:01:17.0636 2464 WPCSvc - ok
23:01:17.0664 2464 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:01:17.0670 2464 WPDBusEnum - ok
23:01:17.0700 2464 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:01:17.0701 2464 ws2ifsl - ok
23:01:17.0733 2464 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
23:01:17.0739 2464 wscsvc - ok
23:01:17.0750 2464 WSearch - ok
23:01:17.0829 2464 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:01:17.0864 2464 wuauserv - ok
23:01:17.0897 2464 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:01:17.0898 2464 WudfPf - ok
23:01:17.0934 2464 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:01:17.0936 2464 WUDFRd - ok
23:01:17.0981 2464 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:01:17.0985 2464 wudfsvc - ok
23:01:18.0026 2464 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:01:18.0034 2464 WwanSvc - ok
23:01:18.0073 2464 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
23:01:18.0077 2464 yukonw7 - ok
23:01:18.0102 2464 ================ Scan global ===============================
23:01:18.0142 2464 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:01:18.0173 2464 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
23:01:18.0187 2464 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
23:01:18.0223 2464 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:01:18.0254 2464 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:01:18.0261 2464 [Global] - ok
23:01:18.0262 2464 ================ Scan MBR ==================================
23:01:18.0280 2464 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:01:18.0469 2464 \Device\Harddisk0\DR0 - ok
23:01:18.0475 2464 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
23:01:18.0481 2464 \Device\Harddisk3\DR3 - ok
23:01:18.0482 2464 ================ Scan VBR ==================================
23:01:18.0486 2464 [ 04355BDA2B0CDCDAA6C20BA68CFA2314 ] \Device\Harddisk0\DR0\Partition1
23:01:18.0488 2464 \Device\Harddisk0\DR0\Partition1 - ok
23:01:18.0494 2464 [ EE70B55686DF88DB9A4734B5AD393B2D ] \Device\Harddisk3\DR3\Partition1
23:01:18.0498 2464 \Device\Harddisk3\DR3\Partition1 - ok
23:01:18.0499 2464 ============================================================
23:01:18.0499 2464 Scan finished
23:01:18.0499 2464 ============================================================
23:01:18.0514 1952 Detected object count: 0
23:01:18.0515 1952 Actual detected object count: 0
|
|
01.02.2013, 13:04
| #6 | |
| /// Malwareteam | BDS/ZeroAccess.Gen - kehrt stets zurück Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> BDS/ZeroAccess.Gen - kehrt stets zurück |
|
01.02.2013, 22:21
| #7 |
| | BDS/ZeroAccess.Gen - kehrt stets zurück Combofix Code:
ATTFilter ComboFix 13-02-01.04 - Florian 01.02.2013 22:08:36.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3039.2146 [GMT 1:00]
ausgeführt von:: c:\users\Florian\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Florian\AppData\Roaming\Sys2657a.DLL
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-01 bis 2013-02-01 ))))))))))))))))))))))))))))))
.
.
2013-02-01 21:16 . 2013-02-01 21:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-02-01 21:16 . 2013-02-01 21:16 -------- d-----w- c:\users\postgres\AppData\Local\temp
2013-02-01 21:16 . 2013-02-01 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-01 21:11 . 2013-02-01 21:11 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F44589E-0F79-4DD4-87AC-2DAA2AC94522}\offreg.dll
2013-02-01 10:15 . 2013-02-01 10:15 -------- d-----w- c:\program files\Avira
2013-01-30 19:38 . 2013-01-30 19:39 -------- d-----w- c:\users\Florian\AppData\Local\Google
2013-01-30 13:36 . 2013-01-30 14:04 -------- d-----w- c:\users\Florian\AppData\Local\VirtualStore
2013-01-30 11:57 . 2013-01-30 11:57 -------- d-----w- c:\windows\system32\syncdb
2013-01-30 11:24 . 2013-01-30 11:24 -------- d-----w- C:\8b1dc2e758a48d0bb2bf6c58
2013-01-09 14:40 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 14:40 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 14:40 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 14:40 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 14:13 . 2012-12-21 23:25 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 23:25 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-14 02:09 . 2012-12-13 02:06 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 02:06 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 02:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 02:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 02:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 02:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 14:20 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dexpot"="c:\program files\Dexpot1\dexpot.exe" [2009-11-13 1277952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 10:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Florian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Florian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
path=c:\users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Florian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wecker für Windows 6.lnk]
path=c:\users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wecker für Windows 6.lnk
backup=c:\windows\pss\Wecker für Windows 6.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 16:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-09-30 00:04 122880 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2010-11-20 12:17 144384 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2010-10-29 20:06 5915480 ----a-w- c:\program files\Logitech\Vid HD\Vid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-11-11 12:08 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-03-02 19:40 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Jmigacihirewa"=rundll32.exe "c:\users\Florian\AppData\Local\opsA32.dll",Startup
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [x]
R3 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avipbb
*Deregistered* - regi
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-26 22:05]
.
2013-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-26 22:05]
.
2013-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3277516210-1328599762-3551408589-1000Core.job
- c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-30 19:38]
.
2013-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3277516210-1328599762-3551408589-1000UA.job
- c:\users\Florian\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-30 19:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.de/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Free YouTube to MP3 Converter - c:\users\Florian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-pdoubrhgfjkxeiqndts - c:\users\Florian\AppData\Roaming\pdoubrhgfjkxeiqndts.exe
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AdobeCS5 - c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
MSConfigStartUp-Facebook Update - c:\users\Florian\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-Spotify - c:\users\Florian\AppData\Roaming\Spotify\spotify.exe
MSConfigStartUp-Spotify Web Helper - c:\users\Florian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3277516210-1328599762-3551408589-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3277516210-1328599762-3551408589-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3277516210-1328599762-3551408589-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9c,a4,70,27,dd,ef,3c,1b,82,71,b5,a7,ed,1b,ca,5d,71,fb,24,d9,c0,e3,76,
45,25,d9,57,32,ae,9b,2b,ea,f4,db,4d,e2,eb,ea,d6,56,05,ea,67,0f,b7,f2,92,19,\
"??"=hex:ec,b9,09,a0,35,9b,6e,93,38,38,d8,ca,73,30,3e,f3
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000004
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-01 22:17:58
ComboFix-quarantined-files.txt 2013-02-01 21:17
ComboFix2.txt 2012-08-01 10:29
.
Vor Suchlauf: 22 Verzeichnis(se), 175.046.344.704 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 175.046.127.616 Bytes frei
.
- - End Of File - - E3798E5B9CC03D2DB1379CAD9C184A03
 Achja, vollkommen vergessen dir mitzuteilen..das Problem mit den immer wieder neu auftauchenden Virusmeldungen hat sich erledigt. Antivir hat gestern und heute nichts mehr gefunden, trotz Neustart+Internet. Ich weiß, heißt nicht, dass alles weg ist, aber es klingt schon mal besser als vor ein paar Tagen. Geändert von florianfiele (01.02.2013 um 23:13 Uhr) |
|
03.02.2013, 17:52
| #8 |
| /// Malwareteam | BDS/ZeroAccess.Gen - kehrt stets zurück Downloade Dir bitte Malwarebytes
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
03.02.2013, 22:36
| #9 |
| | BDS/ZeroAccess.Gen - kehrt stets zurück Ist das richtig so? Der Scan hat nichts gefunden. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.03.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Florian :: NOTEBOOK [Administrator] 03.02.2013 22:19:45 mbam-log-2013-02-03 (22-19-45).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 228832 Laufzeit: 7 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
04.02.2013, 08:09
| #10 |
| /// Malwareteam | BDS/ZeroAccess.Gen - kehrt stets zurück Sieht ganz gut aus - kontrollieren wir alles nochmal! Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
04.02.2013, 19:55
| #11 |
| | BDS/ZeroAccess.Gen - kehrt stets zurück Malwarebytes bricht immer nach ca. einer Minute an der gleichen Datei ab...bootmgr.exe.mui...im boot-Ordner. |
|
05.02.2013, 06:35
| #12 |
| /// Malwareteam | BDS/ZeroAccess.Gen - kehrt stets zurück Lass Malwarebytes weg und scanne mit ESET
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
06.02.2013, 01:31
| #13 |
| | BDS/ZeroAccess.Gen - kehrt stets zurück ESET hat keine threats gefunden. |
|
06.02.2013, 06:26
| #14 |
| /// Malwareteam | BDS/ZeroAccess.Gen - kehrt stets zurück Gibt es noch Probleme oder können wir nachbereiten?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
06.02.2013, 08:27
| #15 |
| | BDS/ZeroAccess.Gen - kehrt stets zurück Danke, Probleme gibts keine mehr. Alles wieder so wie vor dem ersten Virenfund. Ich hatte zwischenzeitlich eine kleine Löschaktion gestartet. Glaube am 30., weil mehrere Antivir Meldungen kamen und ich den Kram weghaben wollte. Ein paar Programme runtergeschmissen (inklusive antivir, chrome und adobe-Programmen), komische Ordner gelöscht, mit Antivir noch ein paar Mal gescannt (wieder mit Funden). Danach war das Problem mit den immer wieder auftauchenden Virenmeldungen und Viren im Taskmanager verschwunden. Wenn das alle Schritte sind, die du mir empfiehlst, würde ich sagen, dass der Thread zu kann. Vielen, vielen Dank für die Unterstützung! Ich hoffe es dauert eine Weile bis ich wieder hier auftauche |
|
| Themen zu BDS/ZeroAccess.Gen - kehrt stets zurück |
| adobe, adobe flash player, antivir, avg, backdoor, bds/zeroaccess.gen, desktop, flash player, google, home, modul, ordner, problem, programm, prozesse, recycle.bin, registry, schließen, services.exe, software, svchost.exe, taskhost.exe, taskmanager, temp, windows, winlogon.exe, worm/gamarue.i.626 |
Linear-Darstellung
