| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Deutsche Post MailWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.01.2013, 17:03
| #1 |
| |  Deutsche Post Mail Hallo, ich habe exakt das gleiche Problem wie in dem Thread: deutsche post fehler in der lieferanschrift - aber keine zip datei Ja, ich bin ein Depp, auf den Link zu klicken. Dummerweise habe ich Tage davor ein Paketkleber online gedruckt. Sagt dir das was? Gruss, Joachim Code:
ATTFilter ComboFix 13-01-31.01 - jo 31.01.2013 15:59:46.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.1977.1019 [GMT 1:00]
ausgeführt von:: c:\users\jo\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\jo\AppData\Roaming\.#
c:\users\jo\AppData\Roaming\inst.exe
c:\users\jo\AppData\Roaming\siw_sdk.dll
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-28 bis 2013-01-31 ))))))))))))))))))))))))))))))
.
.
2013-01-31 15:08 . 2013-01-31 15:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-30 09:46 . 2013-01-30 09:50 -------- d-----w- c:\programdata\HitmanPro
2013-01-29 14:34 . 2013-01-15 01:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48CA11FA-3518-4D33-9016-9528B8A36638}\mpengine.dll
2013-01-29 10:41 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-29 10:41 . 2013-01-29 10:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-28 07:56 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-21 16:45 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-21 16:45 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-21 16:45 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-21 16:45 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-21 16:45 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-21 16:45 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-21 16:45 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-21 16:45 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-21 16:45 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-21 16:45 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-21 16:43 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-13 10:42 . 2013-01-19 17:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-01-11 13:35 . 2013-01-12 13:20 -------- d-----w- c:\programdata\On-ScreenKeyboardPortable
2013-01-11 13:30 . 2013-01-11 14:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-11 13:30 . 2013-01-31 14:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-01-03 14:48 . 2013-01-31 10:16 -------- d-----w- c:\users\jo\AppData\Roaming\vlc
2013-01-03 14:47 . 2013-01-03 14:47 -------- d-----w- c:\program files\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-21 16:57 . 2010-03-06 14:12 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 16:40 . 2012-04-01 09:42 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 16:40 . 2011-08-14 17:59 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-18 10:15 . 2009-11-27 08:42 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-12-16 17:11 . 2012-12-22 12:23 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 12:23 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 12:23 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 12:23 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-02 14:25 . 2012-12-02 14:25 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-02 14:25 . 2012-12-02 14:25 289768 ----a-w- c:\windows\system32\javaws.exe
2012-12-02 14:25 . 2012-12-02 14:25 189416 ----a-w- c:\windows\system32\javaw.exe
2012-12-02 14:25 . 2012-12-02 14:25 188904 ----a-w- c:\windows\system32\java.exe
2012-12-02 14:25 . 2012-12-02 14:22 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-02 14:25 . 2012-12-02 14:22 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-30 04:45 . 2013-01-21 16:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-09 05:45 . 2012-12-16 08:50 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-16 08:50 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-06 11:33 220608 ----a-w- c:\users\jo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-06 11:33 220608 ----a-w- c:\users\jo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-06 11:33 220608 ----a-w- c:\users\jo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\jo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-11 1231368]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-06-11 3695416]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2009-11-27 1265664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avisfltr;avisfltr;c:\windows\system32\DRIVERS\avisfltr.sys [2012-05-29 388168]
R3 cpuz135;cpuz135;c:\users\jo\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [2009-05-07 63264]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [2009-05-07 49696]
R3 OV550I;OVT Scanner;c:\windows\system32\Drivers\ov550ivx.sys [2008-02-21 196992]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-11-17 352816]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-11 24576]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2011-04-15 610816]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-04-07 82816]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-06 11:33 244672 ----a-w- c:\users\jo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-06 11:33 244672 ----a-w- c:\users\jo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-06 11:33 244672 ----a-w- c:\users\jo\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\jo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2009-07-21 492032]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2011-04-15 1172480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5230&r=27361109a126l03e8z1j5i4711t285
uSearchAssistant = hxxp://www.google.com
uCustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms}
mSearchAssistant = hxxp://www.google.com/ie
mCustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to Mp3 Converter - c:\users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://www.ixquick.de/
FF - prefs.js: network.proxy.ftp - 95.141.193.49
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 95.141.193.49
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 95.141.193.49
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 95.141.193.49
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2012-12-02 10:27; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bmp"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcx"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dib"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.emf"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.gif"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jfif"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jif"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpe"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpeg"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpg"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcx"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pic"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.png"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rle"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tga"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.thm"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tif"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-776483207-145609781-3413881836-1003)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tiff"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9o"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9p"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9pf"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbm"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbmp"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wmf"
.
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xif"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-31 16:12:10
ComboFix-quarantined-files.txt 2013-01-31 15:12
.
Vor Suchlauf: 107938349056 Bytes frei
Nach Suchlauf: 107552894976 Bytes frei
.
- - End Of File - - E76FF355488DD130C343E802E3B45689
Geändert von Roadmaster (31.01.2013 um 17:24 Uhr) |
|
03.02.2013, 10:48
| #2 |
| /// TB-Ausbilder   | Deutsche Post Mail Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Wieso führst du ComboFix ohne Anweisung aus? Haben Hitman und ComboFix dein Problem behoben? Welches Problem hattest du? Eine genauere Beschreibung wäre hilfreich. Hast du diesen Proxy Server eingerichtet? FF - prefs.js: network.proxy.socks - 95.141.193.49 |
|
03.02.2013, 11:17
| #3 |
| | Deutsche Post Mail Hallo,
__________________> Haben Hitman und ComboFix dein Problem behoben? bzw. > Welches Problem hattest du? Eine genauere Beschreibung wäre hilfreich. Genau genommen weiss ich garnicht, ob ich überhaupt ein Problem habe. Jedenfalls kann ich keine Auffälligkeiten an meinem Läppi feststellen. Ich habe nur dummerweise den Link in der Postmail angeklickt, wo allerdings ein 404 zu sehen war. Ob das jetzt ein gefaktes 404 war, kenn ich nicht beurteilen. Ich habe keine Zip Datei runtergeladen, noch eine exe ausgeführt. Bei Hitman oder Combofix konnte ich jedenfalls keinen Trojaner erkennen. Gruss, Joachim > Hast du diesen Proxy Server eingerichtet? > FF - prefs.js: network.proxy.socks - 95.141.193.49 Er wurde mal von mir eingetragen, ist aber nicht aktiviert. |
|
03.02.2013, 11:25
| #4 |
| /// TB-Ausbilder | Deutsche Post Mail Servus, möchtest du deinen Rechner einer genaueren Analyse unterziehen? |
|
03.02.2013, 12:25
| #5 |
| | Deutsche Post Mail Hallo, ja, kann ja nicht schaden. Gruss, Joachim |
|
03.02.2013, 13:36
| #6 |
| /// TB-Ausbilder | Deutsche Post Mail Servus Joachim, na dann geht es gleich los.  Schritt 1 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Bitte
Bitte poste mit deiner nächsten Antwort
|
|
03.02.2013, 16:54
| #7 |
| | Deutsche Post Mail So, das Ergebnis: Code:
ATTFilter OTL logfile created on: 03.02.2013 14:45:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.93 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 59.93% Memory free 5.84 Gb Paging File | 4.52 Gb Available in Paging File | 77.39% Paging File free Paging file location(s): c:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 137.23 Gb Total Space | 97.01 Gb Free Space | 70.69% Space Free | Partition Type: NTFS Computer Name: JO-PC | User Name: jo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.02.03 14:42:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe PRC - [2013.01.31 16:23:54 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.01.31 16:23:09 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.01.31 16:23:09 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2010.03.24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.03.18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.08.11 23:08:50 | 001,231,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2008.10.17 15:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe PRC - [2007.07.02 07:14:44 | 001,265,664 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe ========== Modules (No Company Name) ========== MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2007.07.02 05:56:43 | 000,438,272 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll MOD - [2007.02.22 09:33:43 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_K_Win32.dll MOD - [2003.11.20 12:18:06 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.04.15 17:46:40 | 000,610,816 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV:64bit: - [2009.08.12 00:29:42 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2007.02.13 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV - [2013.01.31 16:23:54 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.01.31 16:23:09 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.01.19 17:07:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.09 17:40:07 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.31 16:24:28 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.01.31 16:24:28 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.01.31 16:24:27 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.05.29 17:41:20 | 000,388,168 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avisfltr.sys -- (avisfltr) DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.17 15:37:16 | 000,572,336 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2011.11.17 15:37:16 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2011.11.17 15:37:14 | 000,352,816 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.04.07 15:55:16 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2010.02.25 15:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2009.10.05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.31 00:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.05.25 04:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.05.07 23:29:16 | 000,049,696 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR) DRV:64bit: - [2009.05.07 23:20:08 | 000,063,264 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR) DRV:64bit: - [2008.02.21 02:10:36 | 000,196,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ov550ivx.sys -- (OV550I) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.09.30 17:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5230&r=27361109a126l03e8z1j5i4711t285 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5230&r=27361109a126l03e8z1j5i4711t285 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{4CCF9AF7-541E-449C-AB6A-84D81FAEBB7D}: "URL" = hxxp://www.internetscout.biz/google/?q={searchTerms}&lang=Deutsch (Deutschland) IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms} IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{4CCF9AF7-541E-449C-AB6A-84D81FAEBB7D}: "URL" = https://www.pagessyndication.com/google/?q={searchTerms}&lang=Deutsch (Deutschland) IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{7E393A76-B290-4911-9C41-B78C9344EC21}: "URL" = hxxp://www.internetscout.biz/google/?q={searchTerms} IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{88CF48AE-4FA0-42F9-8DC9-AA6855C96701}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=FB5006C4-C306-4372-8407-9FA2A0CA9ACA&apn_sauid=2C0A8D87-BB76-4D35-83AE-3DDEF5175421 IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\jo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.12.20 11:45:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.02 10:27:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:07:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 17:07:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.26 11:49:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:07:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 17:07:49 | 000,000,000 | ---D | M] [2013.01.19 17:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 17:07:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.15 10:44:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll CHR - Extension: YouTube = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google-Suche = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Google Mail = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.01.31 16:08:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1740A04-164B-48FB-8F7B-8644309CAE82}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8B154C-3C44-4055-BCF5-FC9E2CFFADF5}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^Users^jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\jo\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig:64bit - StartUpFolder: C:^Users^jo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk - - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - File not found MsConfig:64bit - StartUpReg: KeePass 2 PreLoad - hkey= - key= - File not found MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RegistryBooster - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SDTray - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) MsConfig:64bit - StartUpReg: TomTomHOME.exe - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Vidalia - hkey= - key= - File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.I420 - File not found Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: VIDC.ACDV - C:\Windows\SysWow64\ACDV.dll (ACD Systems) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: hitmanpro37 - Reg Error: Value error. SafeBootMin:64bit: hitmanpro37.sys - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: hitmanpro37 - Reg Error: Value error. SafeBootMin: hitmanpro37.sys - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: hitmanpro37 - Reg Error: Value error. SafeBootNet:64bit: hitmanpro37.sys - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: hitmanpro37 - Reg Error: Value error. SafeBootNet: hitmanpro37.sys - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.03 14:42:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe [2013.01.31 16:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.01.31 16:31:22 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.01.31 16:30:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.31 16:30:27 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN [2013.01.31 16:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.31 16:26:02 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.31 16:26:02 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.31 16:26:01 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.31 16:25:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.01.31 16:12:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.31 15:57:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.31 15:57:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.31 15:57:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.31 15:36:18 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.31 15:36:18 | 000,000,000 | ---D | C] -- \Qoobox [2013.01.31 15:35:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.30 10:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.01.29 11:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.29 11:41:24 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.29 11:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.28 08:56:01 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.25 08:42:59 | 000,000,000 | -H-D | C] -- C:\Users\jo\Documents\Freemake_do_not_remove_this_folder [2013.01.21 17:45:21 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.21 17:45:20 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.21 17:45:08 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.21 17:45:08 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.21 17:44:20 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.21 17:44:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.21 17:44:20 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.21 17:44:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.21 17:44:20 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.21 17:44:20 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.21 17:44:20 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.21 17:44:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.21 17:44:20 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.21 17:44:20 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.21 17:44:20 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.21 17:44:20 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.21 17:44:20 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.21 17:44:20 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.21 17:44:20 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.21 17:44:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.21 17:44:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.21 17:44:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.21 17:44:20 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.21 17:44:20 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.21 17:44:20 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.21 17:44:19 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.21 17:44:19 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.21 17:44:19 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.21 17:44:17 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.21 17:44:17 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.21 17:44:17 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.21 17:44:17 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.21 17:44:17 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.21 17:44:17 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.21 17:44:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.21 17:44:17 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.21 17:43:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.21 17:43:53 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.21 17:43:53 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.21 17:43:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.21 17:43:53 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.21 17:43:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.21 17:43:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.21 17:43:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.21 17:43:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.21 17:43:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.21 17:43:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.21 17:43:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.21 17:43:52 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.21 17:43:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.21 17:43:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.21 17:43:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.21 17:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.21 17:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.21 17:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.21 17:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.21 17:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.21 17:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.21 17:43:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.21 17:43:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.21 17:43:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.21 17:43:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.21 17:43:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.21 17:43:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.21 17:43:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.21 17:43:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.21 17:43:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.21 17:43:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.21 17:43:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.19 17:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.13 11:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.01.11 14:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\On-ScreenKeyboardPortable [2013.01.11 14:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.01.11 14:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.01.07 14:42:43 | 000,000,000 | ---D | C] -- C:\Users\jo\Desktop\gopro [2009.08.26 06:27:37 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.02.03 14:42:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe [2013.02.03 14:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.03 14:06:41 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.03 14:06:41 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.03 14:05:32 | 001,640,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.03 14:05:32 | 000,711,482 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.03 14:05:32 | 000,656,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.03 14:05:32 | 000,152,690 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.03 14:05:32 | 000,125,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.03 14:00:10 | 000,000,328 | ---- | M] () -- C:\Windows\Brownie.ini [2013.02.03 13:58:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.03 13:58:25 | 1554,743,296 | -HS- | M] () -- C:\hiberfil.sys [2013.01.31 16:24:28 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.31 16:24:28 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.31 16:24:27 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.31 16:08:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.01.26 17:27:29 | 014,822,190 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0.1 (de) - 2013-01-26.pcv [2013.01.23 12:05:56 | 000,088,267 | ---- | M] () -- C:\Users\jo\Documents\Hardcopy.pdf [2013.01.23 11:42:07 | 000,169,328 | ---- | M] () -- C:\Users\jo\Documents\DHL-Marke-MMKPT2WPXG.pdf [2013.01.22 17:19:23 | 005,056,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.21 18:07:17 | 001,618,638 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.13 12:06:49 | 014,338,402 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-13.pcv [2013.01.13 11:42:21 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.11 11:27:54 | 014,773,407 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-11.pcv [2013.01.09 17:40:05 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 17:40:05 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.06 15:33:49 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI ========== Files Created - No Company Name ========== [2013.01.31 16:31:34 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.01.31 15:57:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.31 15:57:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.31 15:57:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.31 15:57:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.31 15:57:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.26 17:27:15 | 014,822,190 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0.1 (de) - 2013-01-26.pcv [2013.01.23 11:42:04 | 000,169,328 | ---- | C] () -- C:\Users\jo\Documents\DHL-Marke-MMKPT2WPXG.pdf [2013.01.13 11:52:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.01.13 11:42:21 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.13 11:42:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.13 11:35:23 | 014,338,402 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-13.pcv [2013.01.11 11:27:41 | 014,773,407 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-11.pcv [2012.10.17 09:31:24 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2012.05.23 20:01:54 | 000,000,355 | ---- | C] () -- C:\Users\jo\Netzwerk - Verknüpfung.lnk [2012.04.02 13:18:00 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012.04.01 10:41:54 | 000,017,408 | ---- | C] () -- C:\Users\jo\AppData\Local\WebpageIcons.db [2012.02.23 19:03:22 | 000,000,218 | ---- | C] () -- C:\Users\jo\.recently-used.xbel [2011.12.19 13:59:04 | 000,000,132 | ---- | C] () -- C:\Windows\winamp.ini [2011.10.12 16:18:58 | 000,000,000 | ---- | C] () -- C:\Users\jo\AppData\Local\{45511484-10CE-4BDD-B175-20E8C66390BC} [2011.04.19 15:37:29 | 000,000,049 | ---- | C] () -- C:\Windows\VCDWizardDLL.INI [2011.02.15 10:55:04 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.09.08 13:55:34 | 000,002,793 | ---- | C] () -- C:\Users\jo\jo2.wmi [2010.08.14 12:42:59 | 000,005,120 | ---- | C] () -- C:\Users\jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.25 09:20:21 | 000,001,457 | ---- | C] () -- C:\Users\jo\AppData\Local\RecConfig.xml [2010.02.18 18:51:54 | 000,007,598 | ---- | C] () -- C:\Users\jo\AppData\Local\Resmon.ResmonCfg [2009.11.27 09:42:57 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.09.09 01:38:10 | 000,002,716 | RHS- | C] () -- \Patch.rev [2009.09.08 15:51:25 | 1554,743,296 | -HS- | C] () -- \hiberfil.sys [2009.08.22 11:16:37 | 000,000,174 | RHS- | C] () -- \Preload.rev [2009.07.27 21:40:53 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK [2009.07.27 21:40:51 | 000,383,562 | RHS- | C] () -- \bootmgr [2007.11.07 08:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI [2007.11.07 08:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab [2007.11.07 08:03:18 | 000,097,296 | ---- | C] () -- \install.res.1036.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | C] () -- \install.res.3082.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | C] () -- \install.res.1031.dll [2007.11.07 08:03:18 | 000,095,248 | ---- | C] () -- \install.res.1040.dll [2007.11.07 08:03:18 | 000,091,152 | ---- | C] () -- \install.res.1033.dll [2007.11.07 08:03:18 | 000,081,424 | ---- | C] () -- \install.res.1041.dll [2007.11.07 08:03:18 | 000,079,888 | ---- | C] () -- \install.res.1042.dll [2007.11.07 08:03:18 | 000,076,304 | ---- | C] () -- \install.res.1028.dll [2007.11.07 08:03:18 | 000,075,792 | ---- | C] () -- \install.res.2052.dll [2007.11.07 08:00:40 | 000,005,686 | ---- | C] () -- \vcredist.bmp [2007.11.07 08:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini [2007.11.07 08:00:40 | 000,000,843 | ---- | C] () -- \install.ini ========== ZeroAccess Check ========== [2012.11.09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013.01.19 17:07:53 | 000,866,616 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013.01.19 17:07:53 | 000,866,616 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013.01.19 17:07:53 | 000,866,616 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" < hklm\software\clients\startmenuinternet|command /64 /rs > 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013.01.19 17:07:53 | 000,866,616 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013.01.19 17:07:53 | 000,866,616 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013.01.19 17:07:53 | 000,866,616 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:93DE1838 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E3C56885 < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.02.2013 14:45:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.93 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 59.93% Memory free
5.84 Gb Paging File | 4.52 Gb Available in Paging File | 77.39% Paging File free
Paging file location(s): c:\pagefile.sys 4000 4000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 137.23 Gb Total Space | 97.01 Gb Free Space | 70.69% Space Free | Partition Type: NTFS
Computer Name: JO-PC | User Name: jo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017803BA-50CE-456D-8206-91CFCE10BE48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0C3B6D49-0BDC-4BD3-8314-6BB459221788}" = lport=138 | protocol=17 | dir=in | app=system |
"{14C275A8-77B7-4C47-B04B-B16D2BE8D1FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2946FE09-7803-4001-ABB5-B2036A909704}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4185DEE9-3A9E-4DEC-BFF7-096A5FCB1666}" = lport=137 | protocol=17 | dir=in | app=system |
"{664EF62D-0FE6-43E4-A80C-DEECB921161F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7A57A46E-18C3-4F60-A42C-1FBFE9BBC9D5}" = lport=139 | protocol=6 | dir=in | app=system |
"{7D23C857-08B6-4F1E-9441-F44BEEAF0E3C}" = lport=445 | protocol=6 | dir=in | app=system |
"{813B7A27-17FA-41FC-9742-0985983ED1EE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8880ABBC-96F8-4A26-87AF-A2EDA788CC0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8A2D8CE8-118F-4976-9EFE-8F0167C8CB9D}" = rport=138 | protocol=17 | dir=out | app=system |
"{ACE6E496-C380-4114-A0AC-FCB7A9C2B7B3}" = rport=137 | protocol=17 | dir=out | app=system |
"{D9E50C10-AE38-488A-8696-EFD7D0E2B921}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC48EEDA-CEF6-4030-A723-BA3989C09CB8}" = rport=445 | protocol=6 | dir=out | app=system |
"{E0B41035-96C2-4FDF-BBF9-417D4473CBCB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E1A31072-529B-439A-8E6C-405930638614}" = rport=139 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0558FEEE-AD3C-4DCD-A36B-2358B9AEF989}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{30BDE348-DC04-44FB-A606-E631272325F2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{80A90723-2820-457E-B727-02E7C49F43BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8893C1D0-8F0B-4871-9FD1-21E7F531644C}" = dir=in | app=c:\users\jo\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9BBEFB97-9D1F-4B1A-B189-93F629C152DA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BEA66DA8-A589-4EE7-82A0-75279C31B6C4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CDEFC9CF-F690-421A-8544-D97B1B5DA5FD}" = dir=in | app=c:\users\jo\appdata\local\microsoft\skydrive\skydrive.exe |
"TCP Query User{5E2A2928-C0D5-4066-BBF6-7CF500EA3249}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{A97678C8-C078-41E1-92BE-EC3E66C22261}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{515BF98C-CC28-4BDA-99D3-132AAE6F32AD}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{854F5B9E-0F7B-4CA7-BDA5-91659AC67DAA}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{49F3D04B-B849-4C89-AB31-2366A004EA28}" = Broadcom Gigabit Integrated Controller
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F68310EC-B615-4044-B7D7-1A6349758D42}" = Microsoft SQL Server VSS Writer
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"{F90F5A11-53E6-4045-ACB1-BC03D71FB06C}" = Microsoft SQL Server Native Client
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"VLC media player" = VLC media player 2.0.5
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 4.1.14.73
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{063E409E-3D7C-4A4A-95AB-2F124B9224B3}" = ArcSoft PhotoImpression 6
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62E9CD05-3D0A-4609-AAD7-0D4FFB91B3C8}" = Brother HL-2140
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AE09704D-9051-4C25-B940-77F889F0C93F}" = OVTScanner_Vista64
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C40FDA46-40CD-46EE-A79D-EA4AE56EA008}" = ACDSee for PENTAX 3.0
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-PDF Website Converter_is1" = 7-PDF Website Converter Version 1.0.3 (Build 236)
"7-Zip" = 7-Zip 9.20
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Desktop Media Player by Wishlistradio.com_is1" = Desktop Media Player by Wishlistradio.com v2.0.9
"Digital Image Recovery_is1" = Digital Image Recovery 1.47
"DVDFab 6_is1" = DVDFab 6.2.1.8 (31/12/2009)
"File Writer output plugin" = File Writer output plugin for WinAMP 2 v1.17(c) (remove only)
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.5.15.712
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.3.1206
"Free Studio_is1" = Free Studio version 5.8.0.1130
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.20.1031
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20081113 code)
"GridVista" = Acer GridVista
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"HD Tune_is1" = HD Tune 2.55
"Identity Card" = Identity Card
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Streamripper.Plugin" = Streamripper Plugin 1.62.2 (Remove only)
"VideoPad" = VideoPad Video Editor
"Watermark Image_is1" = Watermark Image software version 1.8.3.1
"Winamp" = Winamp (nur entfernen)
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.01.2013 06:33:13 | Computer Name = jo-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 30.01.2013 06:33:14 | Computer Name = jo-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 30.01.2013 06:33:15 | Computer Name = jo-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 30.01.2013 06:33:15 | Computer Name = jo-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 30.01.2013 06:33:15 | Computer Name = jo-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 30.01.2013 06:33:15 | Computer Name = jo-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 30.01.2013 06:33:58 | Computer Name = jo-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 30.01.2013 12:11:09 | Computer Name = jo-PC | Source = Windows Search Service | ID = 1019
Description =
Error - 30.01.2013 12:20:27 | Computer Name = jo-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\jo\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 30.01.2013 12:20:30 | Computer Name = jo-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\jo\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 02.02.2013 12:43:13 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"\\?\Volume{12b24309-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
Error - 02.02.2013 12:43:13 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"\\?\Volume{12b2430a-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
Error - 03.02.2013 06:01:26 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"\\?\Volume{12b24309-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
Error - 03.02.2013 06:01:26 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"\\?\Volume{12b2430a-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
Error - 03.02.2013 06:53:54 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"\\?\Volume{12b24309-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
Error - 03.02.2013 06:53:54 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"\\?\Volume{12b2430a-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
Error - 03.02.2013 07:13:21 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"\\?\Volume{12b24309-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
Error - 03.02.2013 07:13:21 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"\\?\Volume{12b2430a-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
Error - 03.02.2013 08:58:38 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"\\?\Volume{12b24309-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
Error - 03.02.2013 08:58:38 | Computer Name = jo-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
"\\?\Volume{12b2430a-9c87-11de-9475-806e6f6e6963}" können nicht gelesen werden.
< End of report >
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:02 on 03/02/2013 (jo)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-03 15:53:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0 149.05GB
Running: 466rogrr.exe; Driver: C:\Users\jo\AppData\Local\Temp\pgtdypoc.sys
---- Kernel code sections - GMER 2.0 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960001a3c00 7 bytes [C0, A0, F3, FF, 01, AC, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 9 fffff960001a3c09 2 bytes [06, 02]
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076361401 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076361419 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076361431 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007636144a 2 bytes [36, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763614dd 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763614f5 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007636150d 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076361525 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007636153d 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076361555 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007636156d 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076361585 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007636159d 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763615b5 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763615cd 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763616b2 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[6004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763616bd 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076361401 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076361419 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076361431 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007636144a 2 bytes [36, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763614dd 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763614f5 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007636150d 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076361525 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007636153d 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076361555 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007636156d 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076361585 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007636159d 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763615b5 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763615cd 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763616b2 2 bytes [36, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[5740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763616bd 2 bytes [36, 76]
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
|
|
04.02.2013, 09:13
| #8 |
| /// TB-Ausbilder | Deutsche Post Mail Servus Joachim, Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
04.02.2013, 10:05
| #9 |
| | Deutsche Post MailCode:
ATTFilter 10:01:43.0499 3428 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:01:43.0582 3428 ============================================================
10:01:43.0582 3428 Current date / time: 2013/02/04 10:01:43.0582
10:01:43.0582 3428 SystemInfo:
10:01:43.0582 3428
10:01:43.0582 3428 OS Version: 6.1.7601 ServicePack: 1.0
10:01:43.0582 3428 Product type: Workstation
10:01:43.0583 3428 ComputerName: JO-PC
10:01:43.0583 3428 UserName: jo
10:01:43.0583 3428 Windows directory: C:\Windows
10:01:43.0583 3428 System windows directory: C:\Windows
10:01:43.0583 3428 Running under WOW64
10:01:43.0583 3428 Processor architecture: Intel x64
10:01:43.0583 3428 Number of processors: 1
10:01:43.0583 3428 Page size: 0x1000
10:01:43.0583 3428 Boot type: Normal boot
10:01:43.0583 3428 ============================================================
10:01:43.0935 3428 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:01:43.0939 3428 ============================================================
10:01:43.0939 3428 \Device\Harddisk0\DR0:
10:01:43.0940 3428 MBR partitions:
10:01:43.0940 3428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
10:01:43.0940 3428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x11276EB0
10:01:43.0940 3428 ============================================================
10:01:43.0994 3428 C: <-> \Device\Harddisk0\DR0\Partition2
10:01:43.0994 3428 ============================================================
10:01:43.0994 3428 Initialize success
10:01:43.0994 3428 ============================================================
10:01:50.0663 4128 ============================================================
10:01:50.0663 4128 Scan started
10:01:50.0663 4128 Mode: Manual;
10:01:50.0663 4128 ============================================================
10:01:52.0032 4128 ================ Scan system memory ========================
10:01:52.0032 4128 System memory - ok
10:01:52.0035 4128 ================ Scan services =============================
10:01:52.0269 4128 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:01:52.0291 4128 1394ohci - ok
10:01:52.0395 4128 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:01:52.0397 4128 ACDaemon - ok
10:01:52.0429 4128 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:01:52.0438 4128 ACPI - ok
10:01:52.0471 4128 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:01:52.0487 4128 AcpiPmi - ok
10:01:52.0601 4128 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:01:52.0603 4128 AdobeARMservice - ok
10:01:52.0748 4128 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:01:52.0751 4128 AdobeFlashPlayerUpdateSvc - ok
10:01:52.0794 4128 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:01:52.0820 4128 adp94xx - ok
10:01:52.0870 4128 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:01:52.0884 4128 adpahci - ok
10:01:52.0898 4128 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:01:52.0907 4128 adpu320 - ok
10:01:52.0946 4128 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:01:52.0958 4128 AeLookupSvc - ok
10:01:53.0033 4128 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
10:01:53.0066 4128 Afc - ok
10:01:53.0115 4128 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:01:53.0122 4128 AFD - ok
10:01:53.0152 4128 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:01:53.0159 4128 agp440 - ok
10:01:53.0172 4128 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:01:53.0174 4128 ALG - ok
10:01:53.0191 4128 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:01:53.0198 4128 aliide - ok
10:01:53.0207 4128 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:01:53.0218 4128 amdide - ok
10:01:53.0254 4128 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:01:53.0276 4128 AmdK8 - ok
10:01:53.0282 4128 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:01:53.0322 4128 AmdPPM - ok
10:01:53.0350 4128 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:01:53.0358 4128 amdsata - ok
10:01:53.0389 4128 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:01:53.0401 4128 amdsbs - ok
10:01:53.0421 4128 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:01:53.0496 4128 amdxata - ok
10:01:53.0736 4128 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:01:53.0738 4128 AntiVirSchedulerService - ok
10:01:53.0812 4128 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:01:53.0814 4128 AntiVirService - ok
10:01:53.0852 4128 [ 9815014F3E30357168DA272088C6F12F ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
10:01:53.0874 4128 ApfiltrService - ok
10:01:53.0903 4128 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:01:53.0926 4128 AppID - ok
10:01:53.0959 4128 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:01:53.0967 4128 AppIDSvc - ok
10:01:54.0023 4128 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:01:54.0032 4128 Appinfo - ok
10:01:54.0085 4128 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:01:54.0095 4128 arc - ok
10:01:54.0102 4128 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:01:54.0116 4128 arcsas - ok
10:01:54.0236 4128 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:01:54.0280 4128 aspnet_state - ok
10:01:54.0286 4128 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:01:54.0296 4128 AsyncMac - ok
10:01:54.0330 4128 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:01:54.0361 4128 atapi - ok
10:01:54.0438 4128 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
10:01:54.0568 4128 athr - ok
10:01:54.0618 4128 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:01:54.0724 4128 AudioEndpointBuilder - ok
10:01:54.0758 4128 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:01:54.0763 4128 AudioSrv - ok
10:01:54.0872 4128 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:01:54.0882 4128 avgntflt - ok
10:01:54.0959 4128 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:01:54.0971 4128 avipbb - ok
10:01:55.0049 4128 [ 837DC57745D3589E5E8BC6B6E5B008CA ] avisfltr C:\Windows\system32\DRIVERS\avisfltr.sys
10:01:55.0075 4128 avisfltr - ok
10:01:55.0122 4128 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:01:55.0130 4128 avkmgr - ok
10:01:55.0174 4128 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:01:55.0183 4128 AxInstSV - ok
10:01:55.0242 4128 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:01:55.0266 4128 b06bdrv - ok
10:01:55.0312 4128 [ 93AF5CCCE5145AA3C2F0A41E7F65149A ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:01:55.0334 4128 b57nd60a - ok
10:01:55.0398 4128 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
10:01:55.0443 4128 BCM43XX - ok
10:01:55.0482 4128 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:01:55.0490 4128 BDESVC - ok
10:01:55.0525 4128 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:01:55.0529 4128 Beep - ok
10:01:55.0588 4128 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:01:55.0636 4128 BFE - ok
10:01:55.0701 4128 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
10:01:55.0721 4128 BITS - ok
10:01:55.0744 4128 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:01:55.0752 4128 blbdrive - ok
10:01:55.0790 4128 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:01:55.0800 4128 bowser - ok
10:01:55.0818 4128 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:01:55.0822 4128 BrFiltLo - ok
10:01:55.0835 4128 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:01:55.0838 4128 BrFiltUp - ok
10:01:55.0892 4128 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:01:55.0901 4128 BridgeMP - ok
10:01:56.0050 4128 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:01:56.0093 4128 Browser - ok
10:01:56.0121 4128 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:01:56.0151 4128 Brserid - ok
10:01:56.0163 4128 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:01:56.0169 4128 BrSerWdm - ok
10:01:56.0182 4128 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:01:56.0186 4128 BrUsbMdm - ok
10:01:56.0197 4128 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:01:56.0201 4128 BrUsbSer - ok
10:01:56.0214 4128 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:01:56.0220 4128 BTHMODEM - ok
10:01:56.0264 4128 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:01:56.0272 4128 bthserv - ok
10:01:56.0305 4128 catchme - ok
10:01:56.0324 4128 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:01:56.0332 4128 cdfs - ok
10:01:56.0367 4128 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:01:56.0377 4128 cdrom - ok
10:01:56.0424 4128 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:01:56.0431 4128 CertPropSvc - ok
10:01:56.0472 4128 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:01:56.0479 4128 circlass - ok
10:01:56.0504 4128 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:01:56.0509 4128 CLFS - ok
10:01:56.0576 4128 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:01:56.0579 4128 clr_optimization_v2.0.50727_32 - ok
10:01:56.0634 4128 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:01:56.0637 4128 clr_optimization_v2.0.50727_64 - ok
10:01:56.0753 4128 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:01:56.0841 4128 clr_optimization_v4.0.30319_32 - ok
10:01:56.0891 4128 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:01:56.0916 4128 clr_optimization_v4.0.30319_64 - ok
10:01:56.0954 4128 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:01:56.0958 4128 CmBatt - ok
10:01:56.0982 4128 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:01:56.0987 4128 cmdide - ok
10:01:57.0026 4128 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
10:01:57.0059 4128 CNG - ok
10:01:57.0080 4128 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:01:57.0086 4128 Compbatt - ok
10:01:57.0127 4128 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:01:57.0133 4128 CompositeBus - ok
10:01:57.0144 4128 COMSysApp - ok
10:01:57.0252 4128 cpuz135 - ok
10:01:57.0273 4128 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:01:57.0278 4128 crcdisk - ok
10:01:57.0349 4128 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:01:57.0362 4128 CryptSvc - ok
10:01:57.0415 4128 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:01:57.0433 4128 DcomLaunch - ok
10:01:57.0499 4128 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:01:57.0520 4128 defragsvc - ok
10:01:57.0555 4128 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:01:57.0672 4128 DfsC - ok
10:01:57.0704 4128 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:01:57.0709 4128 Dhcp - ok
10:01:57.0738 4128 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:01:57.0740 4128 discache - ok
10:01:57.0782 4128 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:01:57.0791 4128 Disk - ok
10:01:57.0915 4128 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys
10:01:57.0959 4128 DKbFltr - ok
10:01:58.0013 4128 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:01:58.0026 4128 Dnscache - ok
10:01:58.0083 4128 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:01:58.0106 4128 dot3svc - ok
10:01:58.0134 4128 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:01:58.0138 4128 DPS - ok
10:01:58.0174 4128 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:01:58.0177 4128 drmkaud - ok
10:01:58.0235 4128 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:01:58.0260 4128 DXGKrnl - ok
10:01:58.0301 4128 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:01:58.0308 4128 EapHost - ok
10:01:58.0418 4128 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:01:58.0565 4128 ebdrv - ok
10:01:58.0598 4128 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:01:58.0600 4128 EFS - ok
10:01:58.0638 4128 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:01:58.0662 4128 elxstor - ok
10:01:58.0697 4128 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:01:58.0703 4128 ErrDev - ok
10:01:58.0865 4128 [ 2F6D55DC521C557880116B51925A792A ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
10:01:58.0867 4128 ETService - ok
10:01:58.0968 4128 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:01:59.0034 4128 EventSystem - ok
10:01:59.0058 4128 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:01:59.0080 4128 exfat - ok
10:01:59.0113 4128 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:01:59.0140 4128 fastfat - ok
10:01:59.0190 4128 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:01:59.0205 4128 Fax - ok
10:01:59.0219 4128 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:01:59.0224 4128 fdc - ok
10:01:59.0244 4128 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:01:59.0250 4128 fdPHost - ok
10:01:59.0266 4128 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:01:59.0273 4128 FDResPub - ok
10:01:59.0299 4128 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:01:59.0323 4128 FileInfo - ok
10:01:59.0352 4128 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:01:59.0357 4128 Filetrace - ok
10:01:59.0387 4128 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:01:59.0392 4128 flpydisk - ok
10:01:59.0421 4128 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:01:59.0475 4128 FltMgr - ok
10:01:59.0527 4128 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:01:59.0596 4128 FontCache - ok
10:01:59.0649 4128 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:01:59.0652 4128 FontCache3.0.0.0 - ok
10:01:59.0711 4128 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:01:59.0719 4128 FsDepends - ok
10:01:59.0787 4128 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:01:59.0794 4128 fssfltr - ok
10:01:59.0858 4128 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:01:59.0883 4128 Fs_Rec - ok
10:01:59.0927 4128 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:01:59.0931 4128 fvevol - ok
10:01:59.0963 4128 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:01:59.0971 4128 gagp30kx - ok
10:02:00.0019 4128 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:02:00.0048 4128 gpsvc - ok
10:02:00.0075 4128 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:02:00.0100 4128 hcw85cir - ok
10:02:00.0167 4128 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:02:00.0188 4128 HdAudAddService - ok
10:02:00.0217 4128 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:02:00.0220 4128 HDAudBus - ok
10:02:00.0247 4128 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:02:00.0253 4128 HidBatt - ok
10:02:00.0266 4128 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:02:00.0273 4128 HidBth - ok
10:02:00.0286 4128 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:02:00.0292 4128 HidIr - ok
10:02:00.0326 4128 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
10:02:00.0334 4128 hidserv - ok
10:02:00.0372 4128 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:02:00.0397 4128 HidUsb - ok
10:02:00.0436 4128 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:02:00.0443 4128 hkmsvc - ok
10:02:00.0489 4128 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:02:00.0510 4128 HomeGroupListener - ok
10:02:00.0555 4128 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:02:00.0567 4128 HomeGroupProvider - ok
10:02:00.0591 4128 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:02:00.0600 4128 HpSAMD - ok
10:02:00.0651 4128 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:02:00.0669 4128 HTTP - ok
10:02:00.0688 4128 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:02:00.0689 4128 hwpolicy - ok
10:02:00.0725 4128 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:02:00.0735 4128 i8042prt - ok
10:02:00.0841 4128 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:02:00.0847 4128 IAANTMON - ok
10:02:00.0878 4128 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:02:00.0881 4128 iaStor - ok
10:02:00.0996 4128 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:02:01.0018 4128 iaStorV - ok
10:02:01.0117 4128 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:02:01.0144 4128 idsvc - ok
10:02:01.0340 4128 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:02:01.0557 4128 igfx - ok
10:02:01.0588 4128 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:02:01.0596 4128 iirsp - ok
10:02:01.0647 4128 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:02:01.0666 4128 IKEEXT - ok
10:02:01.0702 4128 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys
10:02:01.0707 4128 int15 - ok
10:02:01.0783 4128 [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:02:01.0856 4128 IntcAzAudAddService - ok
10:02:01.0886 4128 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:02:01.0892 4128 intelide - ok
10:02:01.0920 4128 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:02:01.0936 4128 intelppm - ok
10:02:01.0975 4128 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:02:01.0983 4128 IPBusEnum - ok
10:02:02.0007 4128 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:02:02.0015 4128 IpFilterDriver - ok
10:02:02.0130 4128 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:02:02.0137 4128 iphlpsvc - ok
10:02:02.0169 4128 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:02:02.0178 4128 IPMIDRV - ok
10:02:02.0229 4128 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:02:02.0239 4128 IPNAT - ok
10:02:02.0265 4128 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:02:02.0271 4128 IRENUM - ok
10:02:02.0312 4128 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:02:02.0391 4128 isapnp - ok
10:02:02.0436 4128 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:02:02.0457 4128 iScsiPrt - ok
10:02:02.0477 4128 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:02:02.0487 4128 kbdclass - ok
10:02:02.0509 4128 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:02:02.0514 4128 kbdhid - ok
10:02:02.0533 4128 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:02:02.0536 4128 KeyIso - ok
10:02:02.0566 4128 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:02:02.0576 4128 KSecDD - ok
10:02:02.0624 4128 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:02:02.0635 4128 KSecPkg - ok
10:02:02.0671 4128 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:02:02.0676 4128 ksthunk - ok
10:02:02.0721 4128 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:02:02.0760 4128 KtmRm - ok
10:02:02.0790 4128 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
10:02:02.0797 4128 L1E - ok
10:02:02.0843 4128 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
10:02:02.0869 4128 LanmanServer - ok
10:02:02.0911 4128 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:02:02.0922 4128 LanmanWorkstation - ok
10:02:02.0946 4128 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:02:02.0954 4128 lltdio - ok
10:02:02.0995 4128 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:02:03.0017 4128 lltdsvc - ok
10:02:03.0037 4128 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:02:03.0043 4128 lmhosts - ok
10:02:03.0061 4128 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:02:03.0070 4128 LSI_FC - ok
10:02:03.0098 4128 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:02:03.0107 4128 LSI_SAS - ok
10:02:03.0120 4128 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:02:03.0137 4128 LSI_SAS2 - ok
10:02:03.0149 4128 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:02:03.0165 4128 LSI_SCSI - ok
10:02:03.0191 4128 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:02:03.0199 4128 luafv - ok
10:02:03.0220 4128 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:02:03.0227 4128 megasas - ok
10:02:03.0254 4128 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:02:03.0275 4128 MegaSR - ok
10:02:03.0309 4128 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:02:03.0318 4128 MMCSS - ok
10:02:03.0342 4128 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:02:03.0349 4128 Modem - ok
10:02:03.0362 4128 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:02:03.0364 4128 monitor - ok
10:02:03.0397 4128 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:02:03.0406 4128 mouclass - ok
10:02:03.0431 4128 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:02:03.0438 4128 mouhid - ok
10:02:03.0487 4128 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:02:03.0490 4128 mountmgr - ok
10:02:03.0649 4128 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:02:03.0650 4128 MozillaMaintenance - ok
10:02:03.0714 4128 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:02:03.0725 4128 mpio - ok
10:02:03.0778 4128 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:02:03.0784 4128 mpsdrv - ok
10:02:03.0858 4128 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:02:03.0896 4128 MpsSvc - ok
10:02:03.0931 4128 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:02:03.0942 4128 MRxDAV - ok
10:02:03.0989 4128 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:02:03.0999 4128 mrxsmb - ok
10:02:04.0037 4128 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:02:04.0058 4128 mrxsmb10 - ok
10:02:04.0079 4128 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:02:04.0088 4128 mrxsmb20 - ok
10:02:04.0112 4128 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:02:04.0133 4128 msahci - ok
10:02:04.0179 4128 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:02:04.0188 4128 msdsm - ok
10:02:04.0268 4128 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:02:04.0272 4128 MSDTC - ok
10:02:04.0317 4128 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:02:04.0324 4128 Msfs - ok
10:02:04.0346 4128 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:02:04.0349 4128 mshidkmdf - ok
10:02:04.0393 4128 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:02:04.0400 4128 msisadrv - ok
10:02:04.0438 4128 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:02:04.0447 4128 MSiSCSI - ok
10:02:04.0457 4128 msiserver - ok
10:02:04.0477 4128 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:02:04.0481 4128 MSKSSRV - ok
10:02:04.0498 4128 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:02:04.0502 4128 MSPCLOCK - ok
10:02:04.0522 4128 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:02:04.0526 4128 MSPQM - ok
10:02:04.0579 4128 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:02:04.0601 4128 MsRPC - ok
10:02:04.0622 4128 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:02:04.0623 4128 mssmbios - ok
10:02:04.0647 4128 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:02:04.0650 4128 MSTEE - ok
10:02:04.0663 4128 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:02:04.0667 4128 MTConfig - ok
10:02:04.0692 4128 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:02:04.0700 4128 Mup - ok
10:02:04.0756 4128 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:02:04.0771 4128 napagent - ok
10:02:04.0810 4128 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:02:04.0831 4128 NativeWifiP - ok
10:02:04.0891 4128 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:02:04.0911 4128 NDIS - ok
10:02:04.0938 4128 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:02:04.0944 4128 NdisCap - ok
10:02:04.0965 4128 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:02:04.0971 4128 NdisTapi - ok
10:02:05.0002 4128 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:02:05.0009 4128 Ndisuio - ok
10:02:05.0113 4128 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:02:05.0198 4128 NdisWan - ok
10:02:05.0260 4128 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:02:05.0266 4128 NDProxy - ok
10:02:05.0296 4128 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:02:05.0310 4128 NetBIOS - ok
10:02:05.0355 4128 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:02:05.0359 4128 NetBT - ok
10:02:05.0380 4128 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:02:05.0382 4128 Netlogon - ok
10:02:05.0423 4128 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:02:05.0444 4128 Netman - ok
10:02:05.0530 4128 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:02:05.0567 4128 NetMsmqActivator - ok
10:02:05.0596 4128 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:02:05.0597 4128 NetPipeActivator - ok
10:02:05.0624 4128 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:02:05.0632 4128 netprofm - ok
10:02:05.0646 4128 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:02:05.0647 4128 NetTcpActivator - ok
10:02:05.0659 4128 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:02:05.0661 4128 NetTcpPortSharing - ok
10:02:05.0819 4128 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
10:02:05.0988 4128 netw5v64 - ok
10:02:06.0034 4128 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:02:06.0057 4128 nfrd960 - ok
10:02:06.0097 4128 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:02:06.0119 4128 NlaSvc - ok
10:02:06.0135 4128 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:02:06.0142 4128 Npfs - ok
10:02:06.0175 4128 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:02:06.0180 4128 nsi - ok
10:02:06.0200 4128 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:02:06.0209 4128 nsiproxy - ok
10:02:06.0288 4128 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:02:06.0387 4128 Ntfs - ok
10:02:06.0422 4128 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:02:06.0426 4128 Null - ok
10:02:06.0458 4128 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:02:06.0466 4128 nvraid - ok
10:02:06.0496 4128 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:02:06.0507 4128 nvstor - ok
10:02:06.0548 4128 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:02:06.0557 4128 nv_agp - ok
10:02:06.0593 4128 [ D955D5DE998DB2476BF0892BE3A96C26 ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
10:02:06.0595 4128 O2FLASH - ok
10:02:06.0624 4128 [ 26DA4B40670AD436F7DAEC053A2A9ECA ] O2MDRDR C:\Windows\system32\DRIVERS\o2mdx64.sys
10:02:06.0631 4128 O2MDRDR - ok
10:02:06.0644 4128 [ 2E69A2ADC12DAA7AC7B4FFD8601E88B0 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sdx64.sys
10:02:06.0650 4128 O2SDRDR - ok
10:02:06.0686 4128 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:02:06.0720 4128 ohci1394 - ok
10:02:06.0826 4128 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:02:06.0830 4128 ose - ok
10:02:06.0873 4128 [ 5F79934084DF6DC0635578864376CE54 ] OV550I C:\Windows\system32\Drivers\ov550ivx.sys
10:02:06.0884 4128 OV550I - ok
10:02:06.0921 4128 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:02:06.0929 4128 p2pimsvc - ok
10:02:06.0958 4128 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:02:07.0012 4128 p2psvc - ok
10:02:07.0056 4128 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:02:07.0064 4128 Parport - ok
10:02:07.0090 4128 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:02:07.0191 4128 partmgr - ok
10:02:07.0225 4128 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:02:07.0236 4128 PcaSvc - ok
10:02:07.0257 4128 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:02:07.0277 4128 pci - ok
10:02:07.0324 4128 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:02:07.0329 4128 pciide - ok
10:02:07.0364 4128 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:02:07.0394 4128 pcmcia - ok
10:02:07.0429 4128 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
10:02:07.0436 4128 pcouffin - ok
10:02:07.0453 4128 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:02:07.0462 4128 pcw - ok
10:02:07.0481 4128 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:02:07.0510 4128 PEAUTH - ok
10:02:07.0550 4128 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:02:07.0553 4128 PerfHost - ok
10:02:07.0638 4128 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:02:07.0712 4128 pla - ok
10:02:07.0762 4128 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:02:07.0792 4128 PlugPlay - ok
10:02:07.0820 4128 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:02:07.0830 4128 PNRPAutoReg - ok
10:02:07.0863 4128 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:02:07.0867 4128 PNRPsvc - ok
10:02:07.0909 4128 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:02:07.0933 4128 PolicyAgent - ok
10:02:07.0979 4128 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:02:07.0982 4128 Power - ok
10:02:08.0011 4128 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:02:08.0019 4128 PptpMiniport - ok
10:02:08.0052 4128 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:02:08.0063 4128 Processor - ok
10:02:08.0110 4128 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:02:08.0154 4128 ProfSvc - ok
10:02:08.0177 4128 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:02:08.0179 4128 ProtectedStorage - ok
10:02:08.0235 4128 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:02:08.0237 4128 Psched - ok
10:02:08.0298 4128 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:02:08.0443 4128 ql2300 - ok
10:02:08.0451 4128 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:02:08.0469 4128 ql40xx - ok
10:02:08.0517 4128 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:02:08.0539 4128 QWAVE - ok
10:02:08.0551 4128 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:02:08.0558 4128 QWAVEdrv - ok
10:02:08.0565 4128 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:02:08.0583 4128 RasAcd - ok
10:02:08.0612 4128 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:02:08.0622 4128 RasAgileVpn - ok
10:02:08.0642 4128 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:02:08.0652 4128 RasAuto - ok
10:02:08.0693 4128 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:02:08.0702 4128 Rasl2tp - ok
10:02:08.0745 4128 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:02:08.0855 4128 RasMan - ok
10:02:08.0868 4128 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:02:08.0882 4128 RasPppoe - ok
10:02:08.0896 4128 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:02:08.0904 4128 RasSstp - ok
10:02:08.0928 4128 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:02:08.0950 4128 rdbss - ok
10:02:08.0963 4128 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:02:08.0968 4128 rdpbus - ok
10:02:08.0992 4128 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:02:08.0993 4128 RDPCDD - ok
10:02:09.0011 4128 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:02:09.0012 4128 RDPENCDD - ok
10:02:09.0034 4128 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:02:09.0036 4128 RDPREFMP - ok
10:02:09.0086 4128 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:02:09.0093 4128 RdpVideoMiniport - ok
10:02:09.0120 4128 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:02:09.0142 4128 RDPWD - ok
10:02:09.0233 4128 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:02:09.0245 4128 rdyboost - ok
10:02:09.0299 4128 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:02:09.0308 4128 RemoteAccess - ok
10:02:09.0421 4128 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:02:09.0434 4128 RemoteRegistry - ok
10:02:09.0470 4128 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:02:09.0480 4128 RpcEptMapper - ok
10:02:09.0513 4128 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:02:09.0515 4128 RpcLocator - ok
10:02:09.0555 4128 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:02:09.0562 4128 RpcSs - ok
10:02:09.0592 4128 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:02:09.0599 4128 rspndr - ok
10:02:09.0616 4128 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:02:09.0618 4128 SamSs - ok
10:02:09.0654 4128 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:02:09.0664 4128 sbp2port - ok
10:02:09.0705 4128 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:02:09.0717 4128 SCardSvr - ok
10:02:09.0742 4128 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:02:09.0749 4128 scfilter - ok
10:02:09.0786 4128 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:02:09.0846 4128 Schedule - ok
10:02:09.0899 4128 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:02:09.0900 4128 SCPolicySvc - ok
10:02:09.0953 4128 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
10:02:09.0960 4128 sdbus - ok
10:02:10.0014 4128 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:02:10.0037 4128 SDRSVC - ok
10:02:10.0137 4128 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
10:02:10.0144 4128 SDScannerService - ok
10:02:10.0225 4128 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:02:10.0259 4128 SDUpdateService - ok
10:02:10.0301 4128 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:02:10.0304 4128 SDWSCService - ok
10:02:10.0349 4128 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:02:10.0354 4128 secdrv - ok
10:02:10.0407 4128 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:02:10.0414 4128 seclogon - ok
10:02:10.0448 4128 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
10:02:10.0451 4128 SENS - ok
10:02:10.0477 4128 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:02:10.0484 4128 SensrSvc - ok
10:02:10.0513 4128 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:02:10.0517 4128 Serenum - ok
10:02:10.0530 4128 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:02:10.0538 4128 Serial - ok
10:02:10.0568 4128 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:02:10.0572 4128 sermouse - ok
10:02:10.0649 4128 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:02:10.0662 4128 SessionEnv - ok
10:02:10.0702 4128 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:02:10.0706 4128 sffdisk - ok
10:02:10.0727 4128 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:02:10.0732 4128 sffp_mmc - ok
10:02:10.0757 4128 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:02:10.0765 4128 sffp_sd - ok
10:02:10.0778 4128 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:02:10.0782 4128 sfloppy - ok
10:02:10.0863 4128 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:02:10.0877 4128 SharedAccess - ok
10:02:10.0944 4128 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:02:10.0959 4128 ShellHWDetection - ok
10:02:10.0970 4128 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:02:10.0980 4128 SiSRaid2 - ok
10:02:11.0003 4128 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:02:11.0012 4128 SiSRaid4 - ok
10:02:11.0067 4128 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:02:11.0094 4128 Smb - ok
10:02:11.0140 4128 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:02:11.0144 4128 SNMPTRAP - ok
10:02:11.0158 4128 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:02:11.0169 4128 spldr - ok
10:02:11.0213 4128 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:02:11.0230 4128 Spooler - ok
10:02:11.0342 4128 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:02:11.0423 4128 sppsvc - ok
10:02:11.0445 4128 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:02:11.0454 4128 sppuinotify - ok
10:02:11.0533 4128 [ D63FC56C7C3F9B576BC25F617E3F7963 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:02:11.0535 4128 SQLWriter - ok
10:02:11.0577 4128 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:02:11.0606 4128 srv - ok
10:02:11.0639 4128 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:02:11.0667 4128 srv2 - ok
10:02:11.0714 4128 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
10:02:11.0736 4128 SrvHsfHDA - ok
10:02:11.0789 4128 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
10:02:11.0899 4128 SrvHsfV92 - ok
10:02:11.0944 4128 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
10:02:12.0025 4128 SrvHsfWinac - ok
10:02:12.0082 4128 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:02:12.0144 4128 srvnet - ok
10:02:12.0196 4128 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:02:12.0248 4128 SSDPSRV - ok
10:02:12.0285 4128 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:02:12.0301 4128 SstpSvc - ok
10:02:12.0337 4128 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:02:12.0344 4128 stexstor - ok
10:02:12.0389 4128 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:02:12.0422 4128 stisvc - ok
10:02:12.0466 4128 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:02:12.0522 4128 swenum - ok
10:02:12.0567 4128 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:02:12.0596 4128 swprv - ok
10:02:12.0679 4128 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:02:12.0726 4128 SysMain - ok
10:02:12.0869 4128 [ 756AB3173A28DC66153214B59EBBC271 ] SystemExplorerHelpService C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
10:02:12.0887 4128 SystemExplorerHelpService - ok
10:02:12.0940 4128 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:02:12.0957 4128 TabletInputService - ok
10:02:13.0119 4128 [ 4EF44915E522F3ECD1A3FF540AA64126 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
10:02:13.0124 4128 tap0901 - ok
10:02:13.0185 4128 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:02:13.0253 4128 TapiSrv - ok
10:02:13.0318 4128 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:02:13.0321 4128 TBS - ok
10:02:13.0401 4128 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:02:13.0494 4128 Tcpip - ok
10:02:13.0530 4128 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:02:13.0541 4128 TCPIP6 - ok
10:02:13.0579 4128 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:02:13.0585 4128 tcpipreg - ok
10:02:13.0623 4128 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:02:13.0629 4128 TDPIPE - ok
10:02:13.0676 4128 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:02:13.0681 4128 TDTCP - ok
10:02:13.0709 4128 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:02:13.0717 4128 tdx - ok
10:02:13.0742 4128 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:02:13.0752 4128 TermDD - ok
10:02:13.0785 4128 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:02:13.0818 4128 TermService - ok
10:02:13.0845 4128 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:02:13.0853 4128 Themes - ok
10:02:13.0895 4128 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:02:13.0897 4128 THREADORDER - ok
10:02:13.0918 4128 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:02:13.0931 4128 TrkWks - ok
10:02:13.0999 4128 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:02:14.0001 4128 TrustedInstaller - ok
10:02:14.0084 4128 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:02:14.0090 4128 tssecsrv - ok
10:02:14.0199 4128 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:02:14.0206 4128 TsUsbFlt - ok
10:02:14.0287 4128 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:02:14.0296 4128 tunnel - ok
10:02:14.0336 4128 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:02:14.0344 4128 uagp35 - ok
10:02:14.0390 4128 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:02:14.0412 4128 udfs - ok
10:02:14.0462 4128 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:02:14.0465 4128 UI0Detect - ok
10:02:14.0518 4128 [ 34859D3801F4BD3DACFA131DD928455A ] UimBus C:\Windows\system32\DRIVERS\uimx64.sys
10:02:14.0525 4128 UimBus - ok
10:02:14.0557 4128 [ D3CE4776E7FFB25E6935B1C797F4650C ] Uim_IM C:\Windows\system32\Drivers\Uim_IMx64.sys
10:02:14.0611 4128 Uim_IM - ok
10:02:14.0638 4128 [ 532E4BED5C7803B2EE5681818B2528B7 ] Uim_VIM C:\Windows\system32\Drivers\uim_vimx64.sys
10:02:14.0681 4128 Uim_VIM - ok
10:02:14.0709 4128 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:02:14.0719 4128 uliagpkx - ok
10:02:14.0761 4128 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
10:02:14.0768 4128 umbus - ok
10:02:14.0805 4128 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:02:14.0810 4128 UmPass - ok
10:02:14.0893 4128 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
10:02:14.0897 4128 Updater Service - ok
10:02:14.0938 4128 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:02:14.0960 4128 upnphost - ok
10:02:15.0047 4128 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:02:15.0055 4128 usbaudio - ok
10:02:15.0122 4128 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:02:15.0166 4128 usbccgp - ok
10:02:15.0209 4128 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:02:15.0279 4128 usbcir - ok
10:02:15.0321 4128 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:02:15.0332 4128 usbehci - ok
10:02:15.0365 4128 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:02:15.0386 4128 usbhub - ok
10:02:15.0406 4128 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:02:15.0411 4128 usbohci - ok
10:02:15.0451 4128 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:02:15.0456 4128 usbprint - ok
10:02:15.0490 4128 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:02:15.0497 4128 usbscan - ok
10:02:15.0517 4128 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:02:15.0524 4128 USBSTOR - ok
10:02:15.0547 4128 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:02:15.0553 4128 usbuhci - ok
10:02:15.0617 4128 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:02:15.0637 4128 usbvideo - ok
10:02:15.0672 4128 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:02:15.0689 4128 UxSms - ok
10:02:15.0720 4128 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:02:15.0721 4128 VaultSvc - ok
10:02:15.0806 4128 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:02:15.0813 4128 vdrvroot - ok
10:02:15.0857 4128 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:02:15.0874 4128 vds - ok
10:02:15.0904 4128 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:02:15.0909 4128 vga - ok
10:02:15.0935 4128 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:02:15.0940 4128 VgaSave - ok
10:02:15.0973 4128 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:02:15.0987 4128 vhdmp - ok
10:02:16.0028 4128 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:02:16.0035 4128 viaide - ok
10:02:16.0062 4128 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:02:16.0071 4128 volmgr - ok
10:02:16.0120 4128 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:02:16.0126 4128 volmgrx - ok
10:02:16.0153 4128 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:02:16.0181 4128 volsnap - ok
10:02:16.0209 4128 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:02:16.0222 4128 vsmraid - ok
10:02:16.0300 4128 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:02:16.0350 4128 VSS - ok
10:02:16.0367 4128 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:02:16.0372 4128 vwifibus - ok
10:02:16.0415 4128 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:02:16.0422 4128 vwififlt - ok
10:02:16.0455 4128 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:02:16.0456 4128 vwifimp - ok
10:02:16.0507 4128 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:02:16.0512 4128 W32Time - ok
10:02:16.0535 4128 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:02:16.0540 4128 WacomPen - ok
10:02:16.0579 4128 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:02:16.0589 4128 WANARP - ok
10:02:16.0599 4128 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:02:16.0600 4128 Wanarpv6 - ok
10:02:16.0671 4128 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:02:16.0718 4128 wbengine - ok
10:02:16.0753 4128 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:02:16.0774 4128 WbioSrvc - ok
10:02:16.0818 4128 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:02:16.0840 4128 wcncsvc - ok
10:02:16.0862 4128 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:02:16.0894 4128 WcsPlugInService - ok
10:02:16.0928 4128 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:02:16.0935 4128 Wd - ok
10:02:16.0988 4128 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:02:17.0016 4128 Wdf01000 - ok
10:02:17.0033 4128 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:02:17.0050 4128 WdiServiceHost - ok
10:02:17.0060 4128 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:02:17.0065 4128 WdiSystemHost - ok
10:02:17.0106 4128 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:02:17.0127 4128 WebClient - ok
10:02:17.0154 4128 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:02:17.0177 4128 Wecsvc - ok
10:02:17.0195 4128 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:02:17.0205 4128 wercplsupport - ok
10:02:17.0226 4128 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:02:17.0237 4128 WerSvc - ok
10:02:17.0275 4128 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:02:17.0278 4128 WfpLwf - ok
10:02:17.0306 4128 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:02:17.0320 4128 WIMMount - ok
10:02:17.0353 4128 WinDefend - ok
10:02:17.0458 4128 [ 0E77040FCFCCBD7B12A16A11ECD3E66F ] Windows7FirewallService C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
10:02:17.0473 4128 Windows7FirewallService - ok
10:02:17.0484 4128 WinHttpAutoProxySvc - ok
10:02:17.0559 4128 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:02:17.0582 4128 Winmgmt - ok
10:02:17.0661 4128 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:02:17.0747 4128 WinRM - ok
10:02:17.0788 4128 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:02:17.0795 4128 WinUsb - ok
10:02:17.0850 4128 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:02:17.0874 4128 Wlansvc - ok
10:02:18.0056 4128 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:02:18.0114 4128 wlidsvc - ok
10:02:18.0147 4128 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:02:18.0150 4128 WmiAcpi - ok
10:02:18.0184 4128 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:02:18.0188 4128 wmiApSrv - ok
10:02:18.0216 4128 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:02:18.0222 4128 WPCSvc - ok
10:02:18.0258 4128 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:02:18.0269 4128 WPDBusEnum - ok
10:02:18.0306 4128 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:02:18.0308 4128 ws2ifsl - ok
10:02:18.0343 4128 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:02:18.0361 4128 wscsvc - ok
10:02:18.0372 4128 WSearch - ok
10:02:18.0473 4128 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:02:18.0539 4128 wuauserv - ok
10:02:18.0578 4128 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:02:18.0586 4128 WudfPf - ok
10:02:18.0638 4128 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:02:18.0658 4128 WUDFRd - ok
10:02:18.0690 4128 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:02:18.0700 4128 wudfsvc - ok
10:02:18.0733 4128 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:02:18.0783 4128 WwanSvc - ok
10:02:18.0819 4128 ================ Scan global ===============================
10:02:18.0867 4128 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:02:18.0905 4128 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
10:02:18.0938 4128 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
10:02:18.0977 4128 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:02:19.0017 4128 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:02:19.0023 4128 [Global] - ok
10:02:19.0027 4128 ================ Scan MBR ==================================
10:02:19.0058 4128 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
10:02:22.0034 4128 \Device\Harddisk0\DR0 - ok
10:02:22.0038 4128 ================ Scan VBR ==================================
10:02:22.0042 4128 [ F6DB4357816CB62E20C12650128FA49F ] \Device\Harddisk0\DR0\Partition1
10:02:22.0043 4128 \Device\Harddisk0\DR0\Partition1 - ok
10:02:22.0098 4128 [ 56107C40DBBB03E1EA7359A3E096130D ] \Device\Harddisk0\DR0\Partition2
10:02:22.0099 4128 \Device\Harddisk0\DR0\Partition2 - ok
10:02:22.0103 4128 ============================================================
10:02:22.0103 4128 Scan finished
10:02:22.0104 4128 ============================================================
10:02:22.0121 5092 Detected object count: 0
10:02:22.0121 5092 Actual detected object count: 0
10:02:42.0459 1128 Deinitialize success
|
|
04.02.2013, 11:28
| #10 |
| /// TB-Ausbilder | Deutsche Post Mail Servus, Schritt 1 Ich sehe, dass du sog. Registry Cleaner auf dem System hast. In deinem Fall CCleaner. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst. Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.  Bitte lade Junkware Removal Tool auf Deinen Desktop.
Schritt 4 Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. Bitte poste mit deiner nächsten Antwort
|
|
04.02.2013, 13:46
| #11 |
| | Deutsche Post MailCode:
ATTFilter # AdwCleaner v2.110 - Datei am 04/02/2013 um 11:55:08 erstellt
# Aktualisiert am 03/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : jo - JO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\jo\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Users\jo\AppData\Local\Temp\AskSearch
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\prefs.js
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S2].txt - [1256 octets] - [04/02/2013 11:55:08]
########## EOF - C:\AdwCleaner[S2].txt - [1316 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by jo on 04.02.2013 at 12:36:05.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Failed to delete: [Folder] "C:\Users\jo\AppData\Roaming\dvdvideosoftiehelpers"
~~~ FireFox
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\jo\AppData\Roaming\mozilla\firefox\profiles\ehcfpq4z.default\prefs.js
user_pref("browser.search.selectedEngine", "Ixquick.de (hxxps)");
user_pref("browser.startup.homepage", "hxxps://www.ixquick.de/");
Emptied folder: C:\Users\jo\AppData\Roaming\mozilla\firefox\profiles\ehcfpq4z.default\minidumps [47 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.02.2013 at 12:51:05.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter OTL logfile created on: 04.02.2013 13:24:49 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.93 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.96% Memory free 5.84 Gb Paging File | 4.47 Gb Available in Paging File | 76.66% Paging File free Paging file location(s): c:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 137.23 Gb Total Space | 100.37 Gb Free Space | 73.14% Space Free | Partition Type: NTFS Computer Name: JO-PC | User Name: jo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.02.04 13:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe PRC - [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.06.18 07:42:04 | 002,610,648 | ---- | M] (Mister Group) -- C:\Program Files (x86)\System Explorer\SystemExplorer.exe PRC - [2010.03.24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.03.18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.08.11 23:08:50 | 001,231,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2008.10.17 15:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe PRC - [2007.07.02 07:14:44 | 001,265,664 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe ========== Modules (No Company Name) ========== MOD - [2013.01.19 17:07:53 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2007.07.02 05:56:43 | 000,438,272 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll MOD - [2007.02.22 09:33:43 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_K_Win32.dll MOD - [2003.11.20 12:18:06 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.04.15 17:46:40 | 000,610,816 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV:64bit: - [2009.08.12 00:29:42 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2007.02.13 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV - [2013.01.19 17:07:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.09 17:40:07 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.21 18:09:48 | 000,807,896 | ---- | M] (Mister Group) [On_Demand | Running] -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe -- (SystemExplorerHelpService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.05.29 17:41:20 | 000,388,168 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avisfltr.sys -- (avisfltr) DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.17 15:37:16 | 000,572,336 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2011.11.17 15:37:16 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2011.11.17 15:37:14 | 000,352,816 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.04.07 15:55:16 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2010.02.25 15:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2009.10.05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.31 00:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.05.25 04:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.05.07 23:29:16 | 000,049,696 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR) DRV:64bit: - [2009.05.07 23:20:08 | 000,063,264 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR) DRV:64bit: - [2008.02.21 02:10:36 | 000,196,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ov550ivx.sys -- (OV550I) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.09.30 17:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5230&r=27361109a126l03e8z1j5i4711t285 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5230&r=27361109a126l03e8z1j5i4711t285 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{4CCF9AF7-541E-449C-AB6A-84D81FAEBB7D}: "URL" = hxxp://www.internetscout.biz/google/?q={searchTerms}&lang=Deutsch (Deutschland) IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms} IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{4CCF9AF7-541E-449C-AB6A-84D81FAEBB7D}: "URL" = https://www.pagessyndication.com/google/?q={searchTerms}&lang=Deutsch (Deutschland) IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{7E393A76-B290-4911-9C41-B78C9344EC21}: "URL" = hxxp://www.internetscout.biz/google/?q={searchTerms} IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{88CF48AE-4FA0-42F9-8DC9-AA6855C96701}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=FB5006C4-C306-4372-8407-9FA2A0CA9ACA&apn_sauid=2C0A8D87-BB76-4D35-83AE-3DDEF5175421 IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\jo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.12.20 11:45:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.02 10:27:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:07:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 17:07:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.26 11:49:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:07:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 17:07:49 | 000,000,000 | ---D | M] [2013.01.19 17:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 17:07:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.15 10:44:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll CHR - Extension: YouTube = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google-Suche = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Google Mail = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.01.31 16:08:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-776483207-145609781-3413881836-1003..\Run: [SystemExplorerAutoStart] C:\Program Files (x86)\System Explorer\SystemExplorer.exe (Mister Group) O4 - Startup: C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1740A04-164B-48FB-8F7B-8644309CAE82}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8B154C-3C44-4055-BCF5-FC9E2CFFADF5}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.04 13:22:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe [2013.02.04 12:36:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.04 12:35:42 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.04 12:35:42 | 000,000,000 | ---D | C] -- \JRT [2013.02.03 15:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemExplorer [2013.02.03 15:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer [2013.01.31 16:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.01.31 16:31:22 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.01.31 16:30:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.31 16:30:27 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN [2013.01.31 16:12:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.31 15:57:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.31 15:57:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.31 15:57:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.31 15:36:18 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.31 15:36:18 | 000,000,000 | ---D | C] -- \Qoobox [2013.01.31 15:35:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.30 10:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.01.25 08:42:59 | 000,000,000 | -H-D | C] -- C:\Users\jo\Documents\Freemake_do_not_remove_this_folder [2013.01.19 17:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.13 11:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.01.11 14:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\On-ScreenKeyboardPortable [2013.01.11 14:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.01.11 14:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.01.07 14:42:43 | 000,000,000 | ---D | C] -- C:\Users\jo\Desktop\gopro [2009.08.26 06:27:37 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.02.04 13:27:28 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 13:27:28 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 13:26:10 | 001,640,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.04 13:26:10 | 000,711,482 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.04 13:26:10 | 000,656,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.04 13:26:10 | 000,152,690 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.04 13:26:10 | 000,125,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.04 13:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe [2013.02.04 13:20:39 | 000,000,328 | ---- | M] () -- C:\Windows\Brownie.ini [2013.02.04 13:19:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.04 13:19:47 | 1554,743,296 | -HS- | M] () -- C:\hiberfil.sys [2013.02.04 12:39:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.04 10:04:30 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2013.02.03 15:02:55 | 000,000,000 | ---- | M] () -- C:\Users\jo\defogger_reenable [2013.01.31 16:08:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.01.26 17:27:29 | 014,822,190 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0.1 (de) - 2013-01-26.pcv [2013.01.23 12:05:56 | 000,088,267 | ---- | M] () -- C:\Users\jo\Documents\Hardcopy.pdf [2013.01.23 11:42:07 | 000,169,328 | ---- | M] () -- C:\Users\jo\Documents\DHL-Marke-MMKPT2WPXG.pdf [2013.01.22 17:19:23 | 005,056,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.21 18:07:17 | 001,618,638 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.13 12:06:49 | 014,338,402 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-13.pcv [2013.01.13 11:42:21 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.11 11:27:54 | 014,773,407 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-11.pcv ========== Files Created - No Company Name ========== [2013.02.03 15:02:55 | 000,000,000 | ---- | C] () -- C:\Users\jo\defogger_reenable [2013.01.31 16:31:34 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.01.31 15:57:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.31 15:57:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.31 15:57:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.31 15:57:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.31 15:57:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.26 17:27:15 | 014,822,190 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0.1 (de) - 2013-01-26.pcv [2013.01.23 11:42:04 | 000,169,328 | ---- | C] () -- C:\Users\jo\Documents\DHL-Marke-MMKPT2WPXG.pdf [2013.01.13 11:52:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.01.13 11:42:21 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.13 11:42:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.13 11:35:23 | 014,338,402 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-13.pcv [2013.01.11 11:27:41 | 014,773,407 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-11.pcv [2012.10.17 09:31:24 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2012.05.23 20:01:54 | 000,000,355 | ---- | C] () -- C:\Users\jo\Netzwerk - Verknüpfung.lnk [2012.04.02 13:18:00 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012.04.01 10:41:54 | 000,017,408 | ---- | C] () -- C:\Users\jo\AppData\Local\WebpageIcons.db [2012.02.23 19:03:22 | 000,000,218 | ---- | C] () -- C:\Users\jo\.recently-used.xbel [2011.12.19 13:59:04 | 000,000,132 | ---- | C] () -- C:\Windows\winamp.ini [2011.10.12 16:18:58 | 000,000,000 | ---- | C] () -- C:\Users\jo\AppData\Local\{45511484-10CE-4BDD-B175-20E8C66390BC} [2011.04.19 15:37:29 | 000,000,049 | ---- | C] () -- C:\Windows\VCDWizardDLL.INI [2011.02.15 10:55:04 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.09.08 13:55:34 | 000,002,793 | ---- | C] () -- C:\Users\jo\jo2.wmi [2010.08.14 12:42:59 | 000,005,120 | ---- | C] () -- C:\Users\jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.25 09:20:21 | 000,001,457 | ---- | C] () -- C:\Users\jo\AppData\Local\RecConfig.xml [2010.02.18 18:51:54 | 000,007,598 | ---- | C] () -- C:\Users\jo\AppData\Local\Resmon.ResmonCfg [2009.11.27 09:42:57 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.09.09 01:38:10 | 000,002,716 | RHS- | C] () -- \Patch.rev [2009.09.08 15:51:25 | 1554,743,296 | -HS- | C] () -- \hiberfil.sys [2009.08.22 11:16:37 | 000,000,174 | RHS- | C] () -- \Preload.rev [2009.07.27 21:40:53 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK [2009.07.27 21:40:51 | 000,383,562 | RHS- | C] () -- \bootmgr [2007.11.07 08:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI [2007.11.07 08:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab [2007.11.07 08:00:40 | 000,005,686 | ---- | C] () -- \vcredist.bmp [2007.11.07 08:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini [2007.11.07 08:00:40 | 000,000,843 | ---- | C] () -- \install.ini ========== ZeroAccess Check ========== [2012.11.09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.11.13 12:21:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\AAV [2009.11.23 17:26:02 | 000,000,000 | ---D | M] -- C:\Users\All Users\ACD Systems [2009.08.22 10:49:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Acer [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data [2010.11.13 11:44:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\ashampoo [2011.09.20 11:18:12 | 000,000,000 | ---D | M] -- C:\Users\All Users\backup [2010.10.24 13:37:03 | 000,000,000 | ---D | M] -- C:\Users\All Users\Buhl Data Service GmbH [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente [2009.08.26 08:16:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\eSobi [2011.09.20 11:17:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\explauncher [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites [2012.12.20 11:52:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Freemake [2013.01.30 10:50:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\HitmanPro [2010.04.02 12:36:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\InterVideo [2011.09.18 15:21:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\Kingsoft [2011.09.20 11:17:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\launcher [2012.02.21 12:46:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\LogCollector [2011.05.25 17:46:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\MicroWorld [2010.03.12 13:55:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\NtiDvdCopy [2009.08.22 10:39:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\OEM [2013.01.12 14:20:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\On-ScreenKeyboardPortable [2012.12.29 19:41:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\regid.1986-12.com.adobe [2009.11.23 16:35:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sandlot Games [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü [2013.02.03 15:27:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\SystemExplorer [2009.11.27 08:33:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates [2012.07.01 14:07:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\TinyWall [2010.12.24 10:11:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\TomTom [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen [2010.06.18 08:58:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\vsosdk [2011.11.06 18:30:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2013.01.31 16:12:12 | 000,000,000 | ---D | M] -- C:\Users\AppData\AppData [2012.12.30 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\AppData\LocalLow [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten [2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data [2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop [2009.11.23 16:23:45 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents [2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien [2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites [2012.09.06 12:33:45 | 000,000,000 | R--D | M] -- C:\Users\Default\Links [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen [2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung [2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent [2009.07.14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates [2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen [2010.03.25 12:12:28 | 000,000,000 | ---D | M] -- C:\Users\jo\.gnubg [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Anwendungsdaten [2010.05.25 16:52:33 | 000,000,000 | -H-D | M] -- C:\Users\jo\AppData [2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Contacts [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Cookies [2013.02.04 13:22:40 | 000,000,000 | R--D | M] -- C:\Users\jo\Desktop [2013.02.03 17:02:56 | 000,000,000 | R--D | M] -- C:\Users\jo\Documents [2013.02.04 13:22:40 | 000,000,000 | R--D | M] -- C:\Users\jo\Downloads [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Druckumgebung [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Eigene Dateien [2012.12.31 16:22:53 | 000,000,000 | R--D | M] -- C:\Users\jo\Favorites [2010.03.11 16:51:53 | 000,000,000 | ---D | M] -- C:\Users\jo\lang [2012.11.07 13:49:23 | 000,000,000 | R--D | M] -- C:\Users\jo\Links [2010.03.11 16:52:06 | 000,000,000 | ---D | M] -- C:\Users\jo\LocalCDDB [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Lokale Einstellungen [2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Music [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Netzwerkumgebung [2009.12.21 10:40:59 | 000,000,000 | ---D | M] -- C:\Users\jo\NTI-Shadow [2011.01.17 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\jo\Option [2013.02.03 12:18:03 | 000,000,000 | R--D | M] -- C:\Users\jo\Pictures [2010.03.11 16:51:53 | 000,000,000 | ---D | M] -- C:\Users\jo\Plugins [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Recent [2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Saved Games [2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Searches [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\SendTo [2012.09.06 12:33:41 | 000,000,000 | R--D | M] -- C:\Users\jo\SkyDrive [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Startmenü [2012.12.31 11:17:37 | 000,000,000 | ---D | M] -- C:\Users\jo\Tracing [2013.01.30 17:46:27 | 000,000,000 | R--D | M] -- C:\Users\jo\Videos [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Vorlagen [2013.01.31 16:12:12 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData [2013.02.03 16:59:27 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop [2012.12.30 16:55:07 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents [2011.07.14 15:54:02 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads [2009.07.14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites [2010.03.04 14:43:19 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries [2011.05.09 03:17:05 | 000,000,000 | R--D | M] -- C:\Users\Public\Music [2010.03.13 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\Public\OEM [2011.05.09 03:17:05 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures [2010.08.17 19:43:43 | 000,000,000 | ---D | M] -- C:\Users\Public\Recorded TV [2011.05.09 03:17:05 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\Users\All Users\TEMP:AB689DEA @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 133 bytes -> C:\Users\All Users\TEMP:93DE1838 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:93DE1838 @Alternate Data Stream - 125 bytes -> C:\Users\All Users\TEMP:E3C56885 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E3C56885 < End of report > Code:
ATTFilter # AdwCleaner v2.110 - Datei am 04/02/2013 um 11:55:08 erstellt
# Aktualisiert am 03/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : jo - JO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\jo\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\Users\jo\AppData\Local\Temp\AskSearch
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\prefs.js
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S2].txt - [1256 octets] - [04/02/2013 11:55:08]
########## EOF - C:\AdwCleaner[S2].txt - [1316 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by jo on 04.02.2013 at 12:36:05.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Failed to delete: [Folder] "C:\Users\jo\AppData\Roaming\dvdvideosoftiehelpers"
~~~ FireFox
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted the following from C:\Users\jo\AppData\Roaming\mozilla\firefox\profiles\ehcfpq4z.default\prefs.js
user_pref("browser.search.selectedEngine", "Ixquick.de (hxxps)");
user_pref("browser.startup.homepage", "hxxps://www.ixquick.de/");
Emptied folder: C:\Users\jo\AppData\Roaming\mozilla\firefox\profiles\ehcfpq4z.default\minidumps [47 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.02.2013 at 12:51:05.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter OTL logfile created on: 04.02.2013 13:24:49 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.93 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.96% Memory free 5.84 Gb Paging File | 4.47 Gb Available in Paging File | 76.66% Paging File free Paging file location(s): c:\pagefile.sys 4000 4000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 137.23 Gb Total Space | 100.37 Gb Free Space | 73.14% Space Free | Partition Type: NTFS Computer Name: JO-PC | User Name: jo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.02.04 13:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe PRC - [2013.01.19 17:07:53 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.06.18 07:42:04 | 002,610,648 | ---- | M] (Mister Group) -- C:\Program Files (x86)\System Explorer\SystemExplorer.exe PRC - [2010.03.24 13:58:22 | 000,309,760 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010.03.18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009.08.11 23:08:50 | 001,231,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2009.06.05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe PRC - [2008.10.17 15:52:16 | 000,099,632 | ---- | M] (brother) -- C:\Program Files (x86)\Brownie\brpjp04a.exe PRC - [2007.07.02 07:14:44 | 001,265,664 | ---- | M] (sw4you, Siegfried Weckmann) -- C:\Program Files (x86)\Hardcopy\hardcopy.exe ========== Modules (No Company Name) ========== MOD - [2013.01.19 17:07:53 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2007.07.02 05:56:43 | 000,438,272 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDllS.dll MOD - [2007.02.22 09:33:43 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\HcDLL2_K_Win32.dll MOD - [2003.11.20 12:18:06 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Hardcopy\hardcopy.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.04.15 17:46:40 | 000,610,816 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV:64bit: - [2009.08.12 00:29:42 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009.07.04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2007.02.13 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV - [2013.01.19 17:07:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.09 17:40:07 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.21 18:09:48 | 000,807,896 | ---- | M] (Mister Group) [On_Demand | Running] -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe -- (SystemExplorerHelpService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.05.29 17:41:20 | 000,388,168 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avisfltr.sys -- (avisfltr) DRV:64bit: - [2012.03.08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.11.17 15:37:16 | 000,572,336 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM) DRV:64bit: - [2011.11.17 15:37:16 | 000,059,184 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2011.11.17 15:37:14 | 000,352,816 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.04.07 15:55:16 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2010.02.25 15:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2009.10.05 15:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.09.02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.31 00:43:44 | 000,305,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.05.25 04:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.05.07 23:29:16 | 000,049,696 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR) DRV:64bit: - [2009.05.07 23:20:08 | 000,063,264 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR) DRV:64bit: - [2008.02.21 02:10:36 | 000,196,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ov550ivx.sys -- (OV550I) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.09.30 17:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5230&r=27361109a126l03e8z1j5i4711t285 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=extensa_5230&r=27361109a126l03e8z1j5i4711t285 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{4CCF9AF7-541E-449C-AB6A-84D81FAEBB7D}: "URL" = hxxp://www.internetscout.biz/google/?q={searchTerms}&lang=Deutsch (Deutschland) IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.internetscout.biz/google/?q={searchTerms} IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{4CCF9AF7-541E-449C-AB6A-84D81FAEBB7D}: "URL" = https://www.pagessyndication.com/google/?q={searchTerms}&lang=Deutsch (Deutschland) IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_de IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{7E393A76-B290-4911-9C41-B78C9344EC21}: "URL" = hxxp://www.internetscout.biz/google/?q={searchTerms} IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{88CF48AE-4FA0-42F9-8DC9-AA6855C96701}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=FB5006C4-C306-4372-8407-9FA2A0CA9ACA&apn_sauid=2C0A8D87-BB76-4D35-83AE-3DDEF5175421 IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\jo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.12.20 11:45:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.02 10:27:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:07:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 17:07:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.12.26 11:49:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 17:07:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 17:07:49 | 000,000,000 | ---D | M] [2013.01.19 17:07:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 17:07:53 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.15 10:44:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jo\AppData\Local\Google\Chrome\Application\18.0.1025.151\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll CHR - Extension: YouTube = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: YouTube = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google-Suche = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ CHR - Extension: Google Mail = C:\Users\jo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.01.31 16:08:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-776483207-145609781-3413881836-1003..\Run: [SystemExplorerAutoStart] C:\Program Files (x86)\System Explorer\SystemExplorer.exe (Mister Group) O4 - Startup: C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1740A04-164B-48FB-8F7B-8644309CAE82}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA8B154C-3C44-4055-BCF5-FC9E2CFFADF5}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.04 13:22:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe [2013.02.04 12:36:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.04 12:35:42 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.04 12:35:42 | 000,000,000 | ---D | C] -- \JRT [2013.02.03 15:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemExplorer [2013.02.03 15:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer [2013.01.31 16:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.01.31 16:31:22 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.01.31 16:30:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.31 16:30:27 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN [2013.01.31 16:12:12 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.31 15:57:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.31 15:57:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.31 15:57:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.31 15:36:18 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.31 15:36:18 | 000,000,000 | ---D | C] -- \Qoobox [2013.01.31 15:35:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.30 10:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.01.25 08:42:59 | 000,000,000 | -H-D | C] -- C:\Users\jo\Documents\Freemake_do_not_remove_this_folder [2013.01.19 17:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.13 11:42:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.01.11 14:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\On-ScreenKeyboardPortable [2013.01.11 14:30:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.01.11 14:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.01.07 14:42:43 | 000,000,000 | ---D | C] -- C:\Users\jo\Desktop\gopro [2009.08.26 06:27:37 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe ========== Files - Modified Within 30 Days ========== [2013.02.04 13:27:28 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 13:27:28 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 13:26:10 | 001,640,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.04 13:26:10 | 000,711,482 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.04 13:26:10 | 000,656,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.04 13:26:10 | 000,152,690 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.04 13:26:10 | 000,125,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.04 13:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.exe [2013.02.04 13:20:39 | 000,000,328 | ---- | M] () -- C:\Windows\Brownie.ini [2013.02.04 13:19:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.04 13:19:47 | 1554,743,296 | -HS- | M] () -- C:\hiberfil.sys [2013.02.04 12:39:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.04 10:04:30 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI [2013.02.03 15:02:55 | 000,000,000 | ---- | M] () -- C:\Users\jo\defogger_reenable [2013.01.31 16:08:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.01.26 17:27:29 | 014,822,190 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0.1 (de) - 2013-01-26.pcv [2013.01.23 12:05:56 | 000,088,267 | ---- | M] () -- C:\Users\jo\Documents\Hardcopy.pdf [2013.01.23 11:42:07 | 000,169,328 | ---- | M] () -- C:\Users\jo\Documents\DHL-Marke-MMKPT2WPXG.pdf [2013.01.22 17:19:23 | 005,056,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.21 18:07:17 | 001,618,638 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.13 12:06:49 | 014,338,402 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-13.pcv [2013.01.13 11:42:21 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.11 11:27:54 | 014,773,407 | ---- | M] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-11.pcv ========== Files Created - No Company Name ========== [2013.02.03 15:02:55 | 000,000,000 | ---- | C] () -- C:\Users\jo\defogger_reenable [2013.01.31 16:31:34 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.01.31 15:57:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.31 15:57:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.31 15:57:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.31 15:57:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.31 15:57:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.26 17:27:15 | 014,822,190 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0.1 (de) - 2013-01-26.pcv [2013.01.23 11:42:04 | 000,169,328 | ---- | C] () -- C:\Users\jo\Documents\DHL-Marke-MMKPT2WPXG.pdf [2013.01.13 11:52:16 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.01.13 11:42:21 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.13 11:42:21 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.01.13 11:35:23 | 014,338,402 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-13.pcv [2013.01.11 11:27:41 | 014,773,407 | ---- | C] () -- C:\Users\jo\Documents\Firefox 18.0 (de) - 2013-01-11.pcv [2012.10.17 09:31:24 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2012.05.23 20:01:54 | 000,000,355 | ---- | C] () -- C:\Users\jo\Netzwerk - Verknüpfung.lnk [2012.04.02 13:18:00 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012.04.01 10:41:54 | 000,017,408 | ---- | C] () -- C:\Users\jo\AppData\Local\WebpageIcons.db [2012.02.23 19:03:22 | 000,000,218 | ---- | C] () -- C:\Users\jo\.recently-used.xbel [2011.12.19 13:59:04 | 000,000,132 | ---- | C] () -- C:\Windows\winamp.ini [2011.10.12 16:18:58 | 000,000,000 | ---- | C] () -- C:\Users\jo\AppData\Local\{45511484-10CE-4BDD-B175-20E8C66390BC} [2011.04.19 15:37:29 | 000,000,049 | ---- | C] () -- C:\Windows\VCDWizardDLL.INI [2011.02.15 10:55:04 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.09.08 13:55:34 | 000,002,793 | ---- | C] () -- C:\Users\jo\jo2.wmi [2010.08.14 12:42:59 | 000,005,120 | ---- | C] () -- C:\Users\jo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.03.25 09:20:21 | 000,001,457 | ---- | C] () -- C:\Users\jo\AppData\Local\RecConfig.xml [2010.02.18 18:51:54 | 000,007,598 | ---- | C] () -- C:\Users\jo\AppData\Local\Resmon.ResmonCfg [2009.11.27 09:42:57 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.09.09 01:38:10 | 000,002,716 | RHS- | C] () -- \Patch.rev [2009.09.08 15:51:25 | 1554,743,296 | -HS- | C] () -- \hiberfil.sys [2009.08.22 11:16:37 | 000,000,174 | RHS- | C] () -- \Preload.rev [2009.07.27 21:40:53 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK [2009.07.27 21:40:51 | 000,383,562 | RHS- | C] () -- \bootmgr [2007.11.07 08:12:28 | 000,232,960 | ---- | C] () -- \VC_RED.MSI [2007.11.07 08:09:22 | 001,442,522 | ---- | C] () -- \VC_RED.cab [2007.11.07 08:00:40 | 000,005,686 | ---- | C] () -- \vcredist.bmp [2007.11.07 08:00:40 | 000,001,110 | ---- | C] () -- \globdata.ini [2007.11.07 08:00:40 | 000,000,843 | ---- | C] () -- \install.ini ========== ZeroAccess Check ========== [2012.11.09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\jo\AppData\Roaming\Mozilla\Firefox\Profiles\ehcfpq4z.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011.11.13 12:21:30 | 000,000,000 | ---D | M] -- C:\Users\All Users\AAV [2009.11.23 17:26:02 | 000,000,000 | ---D | M] -- C:\Users\All Users\ACD Systems [2009.08.22 10:49:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\Acer [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data [2010.11.13 11:44:07 | 000,000,000 | ---D | M] -- C:\Users\All Users\ashampoo [2011.09.20 11:18:12 | 000,000,000 | ---D | M] -- C:\Users\All Users\backup [2010.10.24 13:37:03 | 000,000,000 | ---D | M] -- C:\Users\All Users\Buhl Data Service GmbH [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente [2009.08.26 08:16:49 | 000,000,000 | ---D | M] -- C:\Users\All Users\eSobi [2011.09.20 11:17:55 | 000,000,000 | ---D | M] -- C:\Users\All Users\explauncher [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites [2012.12.20 11:52:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Freemake [2013.01.30 10:50:05 | 000,000,000 | ---D | M] -- C:\Users\All Users\HitmanPro [2010.04.02 12:36:22 | 000,000,000 | ---D | M] -- C:\Users\All Users\InterVideo [2011.09.18 15:21:46 | 000,000,000 | ---D | M] -- C:\Users\All Users\Kingsoft [2011.09.20 11:17:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\launcher [2012.02.21 12:46:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\LogCollector [2011.05.25 17:46:20 | 000,000,000 | ---D | M] -- C:\Users\All Users\MicroWorld [2010.03.12 13:55:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\NtiDvdCopy [2009.08.22 10:39:28 | 000,000,000 | ---D | M] -- C:\Users\All Users\OEM [2013.01.12 14:20:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\On-ScreenKeyboardPortable [2012.12.29 19:41:39 | 000,000,000 | ---D | M] -- C:\Users\All Users\regid.1986-12.com.adobe [2009.11.23 16:35:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sandlot Games [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü [2013.02.03 15:27:17 | 000,000,000 | ---D | M] -- C:\Users\All Users\SystemExplorer [2009.11.27 08:33:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\TEMP [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates [2012.07.01 14:07:40 | 000,000,000 | ---D | M] -- C:\Users\All Users\TinyWall [2010.12.24 10:11:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\TomTom [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen [2010.06.18 08:58:44 | 000,000,000 | ---D | M] -- C:\Users\All Users\vsosdk [2011.11.06 18:30:16 | 000,000,000 | ---D | M] -- C:\Users\All Users\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1} [2013.01.31 16:12:12 | 000,000,000 | ---D | M] -- C:\Users\AppData\AppData [2012.12.30 19:24:12 | 000,000,000 | ---D | M] -- C:\Users\AppData\LocalLow [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten [2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data [2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop [2009.11.23 16:23:45 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents [2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien [2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites [2012.09.06 12:33:45 | 000,000,000 | R--D | M] -- C:\Users\Default\Links [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen [2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung [2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent [2009.07.14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates [2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos [2009.11.23 16:23:45 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen [2010.03.25 12:12:28 | 000,000,000 | ---D | M] -- C:\Users\jo\.gnubg [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Anwendungsdaten [2010.05.25 16:52:33 | 000,000,000 | -H-D | M] -- C:\Users\jo\AppData [2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Contacts [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Cookies [2013.02.04 13:22:40 | 000,000,000 | R--D | M] -- C:\Users\jo\Desktop [2013.02.03 17:02:56 | 000,000,000 | R--D | M] -- C:\Users\jo\Documents [2013.02.04 13:22:40 | 000,000,000 | R--D | M] -- C:\Users\jo\Downloads [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Druckumgebung [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Eigene Dateien [2012.12.31 16:22:53 | 000,000,000 | R--D | M] -- C:\Users\jo\Favorites [2010.03.11 16:51:53 | 000,000,000 | ---D | M] -- C:\Users\jo\lang [2012.11.07 13:49:23 | 000,000,000 | R--D | M] -- C:\Users\jo\Links [2010.03.11 16:52:06 | 000,000,000 | ---D | M] -- C:\Users\jo\LocalCDDB [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Lokale Einstellungen [2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Music [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Netzwerkumgebung [2009.12.21 10:40:59 | 000,000,000 | ---D | M] -- C:\Users\jo\NTI-Shadow [2011.01.17 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\jo\Option [2013.02.03 12:18:03 | 000,000,000 | R--D | M] -- C:\Users\jo\Pictures [2010.03.11 16:51:53 | 000,000,000 | ---D | M] -- C:\Users\jo\Plugins [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Recent [2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Saved Games [2012.07.14 16:34:26 | 000,000,000 | R--D | M] -- C:\Users\jo\Searches [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\SendTo [2012.09.06 12:33:41 | 000,000,000 | R--D | M] -- C:\Users\jo\SkyDrive [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Startmenü [2012.12.31 11:17:37 | 000,000,000 | ---D | M] -- C:\Users\jo\Tracing [2013.01.30 17:46:27 | 000,000,000 | R--D | M] -- C:\Users\jo\Videos [2009.11.23 16:23:54 | 000,000,000 | -HSD | M] -- C:\Users\jo\Vorlagen [2013.01.31 16:12:12 | 000,000,000 | ---D | M] -- C:\Users\Public\AppData [2013.02.03 16:59:27 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop [2012.12.30 16:55:07 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents [2011.07.14 15:54:02 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads [2009.07.14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites [2010.03.04 14:43:19 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries [2011.05.09 03:17:05 | 000,000,000 | R--D | M] -- C:\Users\Public\Music [2010.03.13 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\Public\OEM [2011.05.09 03:17:05 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures [2010.08.17 19:43:43 | 000,000,000 | ---D | M] -- C:\Users\Public\Recorded TV [2011.05.09 03:17:05 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\Users\All Users\TEMP:AB689DEA @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:AB689DEA @Alternate Data Stream - 133 bytes -> C:\Users\All Users\TEMP:93DE1838 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:93DE1838 @Alternate Data Stream - 125 bytes -> C:\Users\All Users\TEMP:E3C56885 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E3C56885 < End of report > |
|
04.02.2013, 14:48
| #12 |
| /// TB-Ausbilder | Deutsche Post Mail Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\SearchScopes\{88CF48AE-4FA0-42F9-8DC9-AA6855C96701}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=FB5006C4-C306-4372-8407-9FA2A0CA9ACA&apn_sauid=2C0A8D87-BB76-4D35-83AE-3DDEF5175421
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-776483207-145609781-3413881836-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\jo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
:Commands
[emptytemp]
Schritt 2 Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
04.02.2013, 15:29
| #13 |
| | Deutsche Post MailCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Internet Explorer\SearchScopes\{88CF48AE-4FA0-42F9-8DC9-AA6855C96701}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88CF48AE-4FA0-42F9-8DC9-AA6855C96701}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-776483207-145609781-3413881836-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to Mp3 Converter\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to Mp3 Converter\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
->Temp folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: jo
->Temp folder emptied: 2345201 bytes
->Temporary Internet Files folder emptied: 17618567 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7232703 bytes
->Google Chrome cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1589121 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
RecycleBin emptied: 468758424 bytes
Total Files Cleaned = 475.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02042013_153559
Files\Folders moved on Reboot...
C:\Users\jo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter 15:41:30.0438 4424 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:41:31.0130 4424 ============================================================
15:41:31.0130 4424 Current date / time: 2013/02/04 15:41:31.0130
15:41:31.0130 4424 SystemInfo:
15:41:31.0130 4424
15:41:31.0130 4424 OS Version: 6.1.7601 ServicePack: 1.0
15:41:31.0130 4424 Product type: Workstation
15:41:31.0130 4424 ComputerName: JO-PC
15:41:31.0130 4424 UserName: jo
15:41:31.0130 4424 Windows directory: C:\Windows
15:41:31.0130 4424 System windows directory: C:\Windows
15:41:31.0130 4424 Running under WOW64
15:41:31.0130 4424 Processor architecture: Intel x64
15:41:31.0130 4424 Number of processors: 1
15:41:31.0130 4424 Page size: 0x1000
15:41:31.0130 4424 Boot type: Normal boot
15:41:31.0130 4424 ============================================================
15:41:36.0872 4424 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:41:36.0877 4424 ============================================================
15:41:36.0877 4424 \Device\Harddisk0\DR0:
15:41:36.0877 4424 MBR partitions:
15:41:36.0877 4424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
15:41:36.0877 4424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x11276EB0
15:41:36.0877 4424 ============================================================
15:41:36.0986 4424 C: <-> \Device\Harddisk0\DR0\Partition2
15:41:36.0986 4424 ============================================================
15:41:36.0986 4424 Initialize success
15:41:36.0986 4424 ============================================================
15:41:47.0044 3268 ============================================================
15:41:47.0044 3268 Scan started
15:41:47.0044 3268 Mode: Manual;
15:41:47.0044 3268 ============================================================
15:41:47.0880 3268 ================ Scan system memory ========================
15:41:47.0881 3268 System memory - ok
15:41:47.0884 3268 ================ Scan services =============================
15:41:48.0717 3268 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:41:48.0892 3268 1394ohci - ok
15:41:48.0998 3268 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:41:49.0000 3268 ACDaemon - ok
15:41:49.0144 3268 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:41:49.0149 3268 ACPI - ok
15:41:49.0253 3268 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:41:49.0296 3268 AcpiPmi - ok
15:41:49.0538 3268 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:41:49.0539 3268 AdobeARMservice - ok
15:41:49.0834 3268 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:41:49.0836 3268 AdobeFlashPlayerUpdateSvc - ok
15:41:49.0975 3268 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:41:50.0129 3268 adp94xx - ok
15:41:50.0307 3268 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:41:50.0354 3268 adpahci - ok
15:41:50.0501 3268 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:41:50.0541 3268 adpu320 - ok
15:41:50.0598 3268 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:41:50.0628 3268 AeLookupSvc - ok
15:41:50.0871 3268 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
15:41:50.0985 3268 Afc - ok
15:41:51.0086 3268 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:41:51.0170 3268 AFD - ok
15:41:51.0234 3268 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:41:51.0417 3268 agp440 - ok
15:41:51.0488 3268 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:41:51.0490 3268 ALG - ok
15:41:51.0540 3268 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:41:51.0545 3268 aliide - ok
15:41:51.0615 3268 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:41:51.0657 3268 amdide - ok
15:41:51.0716 3268 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:41:51.0745 3268 AmdK8 - ok
15:41:51.0756 3268 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:41:51.0764 3268 AmdPPM - ok
15:41:51.0889 3268 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:41:51.0912 3268 amdsata - ok
15:41:52.0040 3268 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:41:52.0049 3268 amdsbs - ok
15:41:52.0105 3268 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:41:52.0111 3268 amdxata - ok
15:41:52.0498 3268 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:41:52.0499 3268 AntiVirSchedulerService - ok
15:41:52.0630 3268 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:41:52.0631 3268 AntiVirService - ok
15:41:52.0781 3268 [ 9815014F3E30357168DA272088C6F12F ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
15:41:52.0825 3268 ApfiltrService - ok
15:41:52.0876 3268 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:41:52.0887 3268 AppID - ok
15:41:52.0954 3268 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:41:52.0960 3268 AppIDSvc - ok
15:41:53.0018 3268 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:41:53.0029 3268 Appinfo - ok
15:41:53.0091 3268 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:41:53.0155 3268 arc - ok
15:41:53.0168 3268 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:41:53.0179 3268 arcsas - ok
15:41:53.0397 3268 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:41:53.0509 3268 aspnet_state - ok
15:41:53.0550 3268 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:41:53.0555 3268 AsyncMac - ok
15:41:53.0581 3268 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:41:53.0588 3268 atapi - ok
15:41:53.0800 3268 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys
15:41:54.0045 3268 athr - ok
15:41:54.0147 3268 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:41:54.0231 3268 AudioEndpointBuilder - ok
15:41:54.0302 3268 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:41:54.0307 3268 AudioSrv - ok
15:41:54.0555 3268 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:41:54.0566 3268 avgntflt - ok
15:41:54.0888 3268 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:41:54.0921 3268 avipbb - ok
15:41:55.0122 3268 [ 837DC57745D3589E5E8BC6B6E5B008CA ] avisfltr C:\Windows\system32\DRIVERS\avisfltr.sys
15:41:55.0265 3268 avisfltr - ok
15:41:55.0442 3268 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:41:55.0448 3268 avkmgr - ok
15:41:55.0637 3268 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:41:55.0653 3268 AxInstSV - ok
15:41:55.0694 3268 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:41:55.0890 3268 b06bdrv - ok
15:41:55.0942 3268 [ 93AF5CCCE5145AA3C2F0A41E7F65149A ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:41:55.0955 3268 b57nd60a - ok
15:41:56.0028 3268 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
15:41:56.0073 3268 BCM43XX - ok
15:41:56.0111 3268 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:41:56.0118 3268 BDESVC - ok
15:41:56.0143 3268 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:41:56.0146 3268 Beep - ok
15:41:56.0240 3268 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:41:56.0273 3268 BFE - ok
15:41:56.0331 3268 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
15:41:56.0349 3268 BITS - ok
15:41:56.0406 3268 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:41:56.0434 3268 blbdrive - ok
15:41:56.0564 3268 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:41:56.0614 3268 bowser - ok
15:41:56.0636 3268 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:41:56.0698 3268 BrFiltLo - ok
15:41:56.0870 3268 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:41:56.0884 3268 BrFiltUp - ok
15:41:56.0954 3268 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:41:56.0962 3268 BridgeMP - ok
15:41:57.0024 3268 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:41:57.0033 3268 Browser - ok
15:41:57.0106 3268 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:41:57.0161 3268 Brserid - ok
15:41:57.0173 3268 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:41:57.0179 3268 BrSerWdm - ok
15:41:57.0190 3268 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:41:57.0195 3268 BrUsbMdm - ok
15:41:57.0206 3268 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:41:57.0211 3268 BrUsbSer - ok
15:41:57.0232 3268 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:41:57.0239 3268 BTHMODEM - ok
15:41:57.0282 3268 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:41:57.0291 3268 bthserv - ok
15:41:57.0402 3268 catchme - ok
15:41:57.0431 3268 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:41:57.0438 3268 cdfs - ok
15:41:57.0475 3268 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
15:41:57.0488 3268 cdrom - ok
15:41:57.0531 3268 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:41:57.0538 3268 CertPropSvc - ok
15:41:57.0646 3268 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:41:57.0684 3268 circlass - ok
15:41:57.0733 3268 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:41:57.0762 3268 CLFS - ok
15:41:57.0839 3268 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:41:57.0842 3268 clr_optimization_v2.0.50727_32 - ok
15:41:57.0931 3268 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:41:57.0933 3268 clr_optimization_v2.0.50727_64 - ok
15:41:58.0028 3268 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:41:58.0104 3268 clr_optimization_v4.0.30319_32 - ok
15:41:58.0165 3268 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:41:58.0247 3268 clr_optimization_v4.0.30319_64 - ok
15:41:58.0384 3268 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:41:58.0442 3268 CmBatt - ok
15:41:58.0534 3268 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:41:58.0621 3268 cmdide - ok
15:41:58.0678 3268 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
15:41:58.0711 3268 CNG - ok
15:41:58.0787 3268 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:41:58.0793 3268 Compbatt - ok
15:41:58.0857 3268 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:41:58.0863 3268 CompositeBus - ok
15:41:58.0875 3268 COMSysApp - ok
15:41:58.0977 3268 cpuz135 - ok
15:41:59.0025 3268 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:41:59.0031 3268 crcdisk - ok
15:41:59.0120 3268 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:41:59.0137 3268 CryptSvc - ok
15:41:59.0221 3268 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:41:59.0230 3268 DcomLaunch - ok
15:41:59.0295 3268 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:41:59.0348 3268 defragsvc - ok
15:41:59.0407 3268 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:41:59.0415 3268 DfsC - ok
15:41:59.0523 3268 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:41:59.0556 3268 Dhcp - ok
15:41:59.0602 3268 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:41:59.0608 3268 discache - ok
15:41:59.0645 3268 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:41:59.0653 3268 Disk - ok
15:41:59.0869 3268 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys
15:41:59.0874 3268 DKbFltr - ok
15:41:59.0954 3268 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:41:59.0997 3268 Dnscache - ok
15:42:00.0080 3268 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:42:00.0100 3268 dot3svc - ok
15:42:00.0175 3268 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:42:00.0177 3268 DPS - ok
15:42:00.0293 3268 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:42:00.0346 3268 drmkaud - ok
15:42:00.0466 3268 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:42:00.0488 3268 DXGKrnl - ok
15:42:00.0643 3268 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:42:00.0653 3268 EapHost - ok
15:42:00.0793 3268 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:42:01.0023 3268 ebdrv - ok
15:42:01.0061 3268 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:42:01.0063 3268 EFS - ok
15:42:01.0135 3268 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:42:01.0160 3268 elxstor - ok
15:42:01.0238 3268 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:42:01.0246 3268 ErrDev - ok
15:42:01.0506 3268 [ 2F6D55DC521C557880116B51925A792A ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
15:42:01.0507 3268 ETService - ok
15:42:01.0677 3268 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:42:01.0710 3268 EventSystem - ok
15:42:01.0911 3268 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:42:01.0920 3268 exfat - ok
15:42:01.0955 3268 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:42:01.0965 3268 fastfat - ok
15:42:02.0021 3268 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:42:02.0037 3268 Fax - ok
15:42:02.0150 3268 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:42:02.0156 3268 fdc - ok
15:42:02.0219 3268 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:42:02.0224 3268 fdPHost - ok
15:42:02.0241 3268 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:42:02.0248 3268 FDResPub - ok
15:42:02.0284 3268 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:42:02.0292 3268 FileInfo - ok
15:42:02.0316 3268 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:42:02.0321 3268 Filetrace - ok
15:42:02.0355 3268 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:42:02.0362 3268 flpydisk - ok
15:42:02.0441 3268 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:42:02.0572 3268 FltMgr - ok
15:42:02.0702 3268 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:42:02.0736 3268 FontCache - ok
15:42:02.0847 3268 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:42:02.0849 3268 FontCache3.0.0.0 - ok
15:42:02.0987 3268 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:42:02.0994 3268 FsDepends - ok
15:42:03.0185 3268 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:42:03.0193 3268 fssfltr - ok
15:42:03.0283 3268 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:42:03.0294 3268 Fs_Rec - ok
15:42:03.0391 3268 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:42:03.0646 3268 fvevol - ok
15:42:03.0694 3268 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:42:03.0704 3268 gagp30kx - ok
15:42:03.0818 3268 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:42:03.0894 3268 gpsvc - ok
15:42:04.0007 3268 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:42:04.0451 3268 hcw85cir - ok
15:42:04.0732 3268 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:42:04.0864 3268 HdAudAddService - ok
15:42:04.0927 3268 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:42:04.0928 3268 HDAudBus - ok
15:42:05.0012 3268 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:42:05.0017 3268 HidBatt - ok
15:42:05.0029 3268 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:42:05.0036 3268 HidBth - ok
15:42:05.0049 3268 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:42:05.0055 3268 HidIr - ok
15:42:05.0158 3268 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:42:05.0166 3268 hidserv - ok
15:42:05.0206 3268 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:42:05.0214 3268 HidUsb - ok
15:42:05.0279 3268 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:42:05.0288 3268 hkmsvc - ok
15:42:05.0352 3268 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:42:05.0444 3268 HomeGroupListener - ok
15:42:05.0476 3268 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:42:05.0489 3268 HomeGroupProvider - ok
15:42:05.0522 3268 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:42:05.0532 3268 HpSAMD - ok
15:42:05.0581 3268 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:42:05.0627 3268 HTTP - ok
15:42:05.0709 3268 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:42:05.0715 3268 hwpolicy - ok
15:42:05.0824 3268 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:42:05.0832 3268 i8042prt - ok
15:42:05.0984 3268 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:42:05.0989 3268 IAANTMON - ok
15:42:06.0066 3268 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:42:06.0069 3268 iaStor - ok
15:42:06.0139 3268 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:42:06.0161 3268 iaStorV - ok
15:42:06.0240 3268 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:42:06.0261 3268 idsvc - ok
15:42:06.0547 3268 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
15:42:06.0839 3268 igfx - ok
15:42:06.0954 3268 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:42:06.0971 3268 iirsp - ok
15:42:07.0046 3268 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:42:07.0170 3268 IKEEXT - ok
15:42:07.0301 3268 [ 8C7FA71CB1EBCD3EDE8958D27B1BF0B4 ] int15 C:\Windows\SysWOW64\drivers\int15_64.sys
15:42:07.0306 3268 int15 - ok
15:42:07.0497 3268 [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:42:07.0770 3268 IntcAzAudAddService - ok
15:42:07.0819 3268 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:42:07.0904 3268 intelide - ok
15:42:08.0073 3268 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:42:08.0074 3268 intelppm - ok
15:42:08.0118 3268 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:42:08.0369 3268 IPBusEnum - ok
15:42:08.0473 3268 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:42:08.0481 3268 IpFilterDriver - ok
15:42:08.0529 3268 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:42:08.0537 3268 iphlpsvc - ok
15:42:08.0624 3268 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:42:08.0633 3268 IPMIDRV - ok
15:42:08.0724 3268 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:42:08.0733 3268 IPNAT - ok
15:42:08.0754 3268 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:42:08.0759 3268 IRENUM - ok
15:42:08.0800 3268 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:42:08.0805 3268 isapnp - ok
15:42:08.0858 3268 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:42:08.0900 3268 iScsiPrt - ok
15:42:08.0988 3268 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:42:09.0005 3268 kbdclass - ok
15:42:09.0131 3268 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:42:09.0138 3268 kbdhid - ok
15:42:09.0200 3268 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:42:09.0202 3268 KeyIso - ok
15:42:09.0267 3268 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:42:09.0278 3268 KSecDD - ok
15:42:09.0369 3268 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:42:09.0480 3268 KSecPkg - ok
15:42:09.0550 3268 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:42:09.0554 3268 ksthunk - ok
15:42:09.0655 3268 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:42:09.0711 3268 KtmRm - ok
15:42:09.0746 3268 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys
15:42:09.0752 3268 L1E - ok
15:42:09.0821 3268 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:42:09.0867 3268 LanmanServer - ok
15:42:09.0912 3268 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:42:09.0923 3268 LanmanWorkstation - ok
15:42:09.0980 3268 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:42:09.0987 3268 lltdio - ok
15:42:10.0053 3268 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:42:10.0096 3268 lltdsvc - ok
15:42:10.0115 3268 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:42:10.0122 3268 lmhosts - ok
15:42:10.0362 3268 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:42:10.0370 3268 LSI_FC - ok
15:42:10.0415 3268 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:42:10.0422 3268 LSI_SAS - ok
15:42:10.0434 3268 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:42:10.0441 3268 LSI_SAS2 - ok
15:42:10.0483 3268 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:42:10.0492 3268 LSI_SCSI - ok
15:42:10.0514 3268 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:42:10.0523 3268 luafv - ok
15:42:10.0533 3268 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:42:10.0540 3268 megasas - ok
15:42:10.0565 3268 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:42:10.0587 3268 MegaSR - ok
15:42:10.0632 3268 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:42:10.0639 3268 MMCSS - ok
15:42:10.0698 3268 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:42:10.0704 3268 Modem - ok
15:42:10.0772 3268 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:42:10.0773 3268 monitor - ok
15:42:10.0932 3268 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:42:10.0940 3268 mouclass - ok
15:42:10.0999 3268 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:42:11.0046 3268 mouhid - ok
15:42:11.0132 3268 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:42:11.0141 3268 mountmgr - ok
15:42:11.0328 3268 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:42:11.0330 3268 MozillaMaintenance - ok
15:42:11.0448 3268 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:42:11.0500 3268 mpio - ok
15:42:11.0578 3268 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:42:11.0584 3268 mpsdrv - ok
15:42:11.0657 3268 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:42:11.0688 3268 MpsSvc - ok
15:42:11.0989 3268 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:42:12.0025 3268 MRxDAV - ok
15:42:12.0111 3268 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:42:12.0121 3268 mrxsmb - ok
15:42:12.0380 3268 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:42:12.0392 3268 mrxsmb10 - ok
15:42:12.0424 3268 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:42:12.0440 3268 mrxsmb20 - ok
15:42:12.0468 3268 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:42:12.0474 3268 msahci - ok
15:42:12.0523 3268 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:42:12.0533 3268 msdsm - ok
15:42:12.0656 3268 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:42:12.0659 3268 MSDTC - ok
15:42:12.0773 3268 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:42:12.0778 3268 Msfs - ok
15:42:12.0801 3268 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:42:12.0805 3268 mshidkmdf - ok
15:42:12.0893 3268 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:42:12.0901 3268 msisadrv - ok
15:42:12.0948 3268 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:42:12.0959 3268 MSiSCSI - ok
15:42:12.0973 3268 msiserver - ok
15:42:13.0011 3268 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:42:13.0015 3268 MSKSSRV - ok
15:42:13.0043 3268 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:42:13.0047 3268 MSPCLOCK - ok
15:42:13.0089 3268 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:42:13.0093 3268 MSPQM - ok
15:42:13.0191 3268 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:42:13.0247 3268 MsRPC - ok
15:42:13.0333 3268 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:42:13.0334 3268 mssmbios - ok
15:42:13.0392 3268 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:42:13.0395 3268 MSTEE - ok
15:42:13.0408 3268 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:42:13.0412 3268 MTConfig - ok
15:42:13.0449 3268 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:42:13.0456 3268 Mup - ok
15:42:13.0497 3268 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:42:13.0504 3268 napagent - ok
15:42:13.0566 3268 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:42:13.0609 3268 NativeWifiP - ok
15:42:13.0670 3268 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:42:13.0703 3268 NDIS - ok
15:42:13.0750 3268 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:42:13.0756 3268 NdisCap - ok
15:42:13.0777 3268 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:42:13.0782 3268 NdisTapi - ok
15:42:13.0925 3268 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:42:13.0941 3268 Ndisuio - ok
15:42:14.0009 3268 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:42:14.0042 3268 NdisWan - ok
15:42:14.0094 3268 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:42:14.0100 3268 NDProxy - ok
15:42:14.0151 3268 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:42:14.0157 3268 NetBIOS - ok
15:42:14.0256 3268 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:42:14.0334 3268 NetBT - ok
15:42:14.0381 3268 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:42:14.0383 3268 Netlogon - ok
15:42:14.0434 3268 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:42:14.0500 3268 Netman - ok
15:42:14.0620 3268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:42:14.0679 3268 NetMsmqActivator - ok
15:42:14.0831 3268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:42:14.0832 3268 NetPipeActivator - ok
15:42:14.0924 3268 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:42:15.0357 3268 netprofm - ok
15:42:15.0589 3268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:42:15.0591 3268 NetTcpActivator - ok
15:42:15.0604 3268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:42:15.0607 3268 NetTcpPortSharing - ok
15:42:15.0841 3268 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
15:42:16.0114 3268 netw5v64 - ok
15:42:16.0227 3268 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:42:16.0279 3268 nfrd960 - ok
15:42:16.0346 3268 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:42:16.0443 3268 NlaSvc - ok
15:42:16.0481 3268 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:42:16.0486 3268 Npfs - ok
15:42:16.0554 3268 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:42:16.0561 3268 nsi - ok
15:42:16.0591 3268 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:42:16.0597 3268 nsiproxy - ok
15:42:16.0701 3268 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:42:16.0915 3268 Ntfs - ok
15:42:16.0967 3268 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:42:16.0971 3268 Null - ok
15:42:17.0026 3268 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:42:17.0035 3268 nvraid - ok
15:42:17.0097 3268 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:42:17.0107 3268 nvstor - ok
15:42:17.0161 3268 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:42:17.0170 3268 nv_agp - ok
15:42:17.0195 3268 [ D955D5DE998DB2476BF0892BE3A96C26 ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
15:42:17.0197 3268 O2FLASH - ok
15:42:17.0304 3268 [ 26DA4B40670AD436F7DAEC053A2A9ECA ] O2MDRDR C:\Windows\system32\DRIVERS\o2mdx64.sys
15:42:17.0311 3268 O2MDRDR - ok
15:42:17.0419 3268 [ 2E69A2ADC12DAA7AC7B4FFD8601E88B0 ] O2SDRDR C:\Windows\system32\DRIVERS\o2sdx64.sys
15:42:17.0459 3268 O2SDRDR - ok
15:42:17.0532 3268 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:42:17.0540 3268 ohci1394 - ok
15:42:17.0673 3268 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:42:17.0676 3268 ose - ok
15:42:17.0731 3268 [ 5F79934084DF6DC0635578864376CE54 ] OV550I C:\Windows\system32\Drivers\ov550ivx.sys
15:42:17.0741 3268 OV550I - ok
15:42:17.0790 3268 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:42:17.0797 3268 p2pimsvc - ok
15:42:17.0826 3268 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:42:17.0859 3268 p2psvc - ok
15:42:17.0892 3268 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:42:17.0901 3268 Parport - ok
15:42:17.0958 3268 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:42:17.0966 3268 partmgr - ok
15:42:18.0015 3268 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:42:18.0028 3268 PcaSvc - ok
15:42:18.0058 3268 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:42:18.0069 3268 pci - ok
15:42:18.0115 3268 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:42:18.0120 3268 pciide - ok
15:42:18.0310 3268 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:42:18.0322 3268 pcmcia - ok
15:42:18.0431 3268 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
15:42:18.0437 3268 pcouffin - ok
15:42:18.0533 3268 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:42:18.0561 3268 pcw - ok
15:42:18.0602 3268 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:42:18.0637 3268 PEAUTH - ok
15:42:18.0708 3268 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:42:18.0710 3268 PerfHost - ok
15:42:18.0818 3268 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:42:19.0026 3268 pla - ok
15:42:19.0076 3268 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:42:19.0128 3268 PlugPlay - ok
15:42:19.0156 3268 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:42:19.0166 3268 PNRPAutoReg - ok
15:42:19.0202 3268 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:42:19.0205 3268 PNRPsvc - ok
15:42:19.0383 3268 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:42:19.0449 3268 PolicyAgent - ok
15:42:19.0536 3268 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:42:19.0539 3268 Power - ok
15:42:19.0614 3268 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:42:19.0623 3268 PptpMiniport - ok
15:42:19.0687 3268 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:42:19.0702 3268 Processor - ok
15:42:19.0779 3268 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:42:19.0834 3268 ProfSvc - ok
15:42:19.0851 3268 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:42:19.0853 3268 ProtectedStorage - ok
15:42:19.0904 3268 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:42:19.0907 3268 Psched - ok
15:42:20.0000 3268 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:42:20.0113 3268 ql2300 - ok
15:42:20.0121 3268 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:42:20.0136 3268 ql40xx - ok
15:42:20.0176 3268 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:42:20.0241 3268 QWAVE - ok
15:42:20.0276 3268 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:42:20.0282 3268 QWAVEdrv - ok
15:42:20.0332 3268 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:42:20.0337 3268 RasAcd - ok
15:42:20.0381 3268 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:42:20.0428 3268 RasAgileVpn - ok
15:42:20.0489 3268 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:42:20.0498 3268 RasAuto - ok
15:42:20.0540 3268 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:42:20.0548 3268 Rasl2tp - ok
15:42:20.0635 3268 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:42:20.0669 3268 RasMan - ok
15:42:20.0749 3268 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:42:20.0758 3268 RasPppoe - ok
15:42:20.0854 3268 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:42:20.0862 3268 RasSstp - ok
15:42:20.0909 3268 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:42:20.0953 3268 rdbss - ok
15:42:21.0010 3268 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:42:21.0112 3268 rdpbus - ok
15:42:21.0139 3268 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:42:21.0143 3268 RDPCDD - ok
15:42:21.0169 3268 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:42:21.0173 3268 RDPENCDD - ok
15:42:21.0226 3268 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:42:21.0230 3268 RDPREFMP - ok
15:42:21.0300 3268 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:42:21.0304 3268 RdpVideoMiniport - ok
15:42:21.0368 3268 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:42:21.0378 3268 RDPWD - ok
15:42:21.0458 3268 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:42:21.0470 3268 rdyboost - ok
15:42:21.0635 3268 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:42:21.0644 3268 RemoteAccess - ok
15:42:21.0768 3268 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:42:21.0821 3268 RemoteRegistry - ok
15:42:21.0929 3268 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:42:21.0937 3268 RpcEptMapper - ok
15:42:21.0961 3268 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:42:21.0962 3268 RpcLocator - ok
15:42:22.0002 3268 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:42:22.0007 3268 RpcSs - ok
15:42:22.0062 3268 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:42:22.0069 3268 rspndr - ok
15:42:22.0108 3268 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:42:22.0109 3268 SamSs - ok
15:42:22.0312 3268 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:42:22.0331 3268 sbp2port - ok
15:42:22.0408 3268 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:42:22.0419 3268 SCardSvr - ok
15:42:22.0445 3268 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:42:22.0451 3268 scfilter - ok
15:42:22.0589 3268 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:42:22.0698 3268 Schedule - ok
15:42:22.0735 3268 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:42:22.0737 3268 SCPolicySvc - ok
15:42:22.0778 3268 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
15:42:22.0786 3268 sdbus - ok
15:42:22.0840 3268 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:42:22.0906 3268 SDRSVC - ok
15:42:23.0040 3268 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
15:42:23.0074 3268 SDScannerService - ok
15:42:23.0239 3268 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
15:42:23.0273 3268 SDUpdateService - ok
15:42:23.0342 3268 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
15:42:23.0345 3268 SDWSCService - ok
15:42:23.0375 3268 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:42:23.0381 3268 secdrv - ok
15:42:23.0531 3268 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:42:23.0538 3268 seclogon - ok
15:42:23.0596 3268 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:42:23.0605 3268 SENS - ok
15:42:23.0624 3268 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:42:23.0632 3268 SensrSvc - ok
15:42:23.0683 3268 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:42:23.0687 3268 Serenum - ok
15:42:23.0695 3268 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:42:23.0705 3268 Serial - ok
15:42:23.0727 3268 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:42:23.0733 3268 sermouse - ok
15:42:23.0775 3268 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:42:23.0825 3268 SessionEnv - ok
15:42:23.0871 3268 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:42:23.0876 3268 sffdisk - ok
15:42:23.0919 3268 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:42:23.0924 3268 sffp_mmc - ok
15:42:23.0994 3268 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:42:23.0998 3268 sffp_sd - ok
15:42:24.0036 3268 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:42:24.0042 3268 sfloppy - ok
15:42:24.0133 3268 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:42:24.0188 3268 SharedAccess - ok
15:42:24.0313 3268 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:42:24.0341 3268 ShellHWDetection - ok
15:42:24.0371 3268 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:42:24.0420 3268 SiSRaid2 - ok
15:42:24.0458 3268 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:42:24.0492 3268 SiSRaid4 - ok
15:42:24.0615 3268 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:42:24.0622 3268 Smb - ok
15:42:24.0654 3268 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:42:24.0657 3268 SNMPTRAP - ok
15:42:24.0706 3268 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:42:24.0711 3268 spldr - ok
15:42:24.0770 3268 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:42:24.0789 3268 Spooler - ok
15:42:24.0918 3268 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:42:25.0017 3268 sppsvc - ok
15:42:25.0093 3268 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:42:25.0102 3268 sppuinotify - ok
15:42:25.0258 3268 [ D63FC56C7C3F9B576BC25F617E3F7963 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:42:25.0261 3268 SQLWriter - ok
15:42:25.0324 3268 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:42:25.0367 3268 srv - ok
15:42:25.0421 3268 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:42:25.0648 3268 srv2 - ok
15:42:25.0685 3268 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:42:25.0696 3268 SrvHsfHDA - ok
15:42:25.0793 3268 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:42:26.0002 3268 SrvHsfV92 - ok
15:42:26.0059 3268 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:42:26.0171 3268 SrvHsfWinac - ok
15:42:26.0264 3268 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:42:26.0326 3268 srvnet - ok
15:42:26.0389 3268 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:42:26.0519 3268 SSDPSRV - ok
15:42:26.0668 3268 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:42:26.0676 3268 SstpSvc - ok
15:42:26.0742 3268 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:42:26.0748 3268 stexstor - ok
15:42:26.0827 3268 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:42:26.0883 3268 stisvc - ok
15:42:26.0949 3268 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:42:26.0954 3268 swenum - ok
15:42:27.0014 3268 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:42:27.0092 3268 swprv - ok
15:42:27.0173 3268 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:42:27.0220 3268 SysMain - ok
15:42:27.0464 3268 [ 756AB3173A28DC66153214B59EBBC271 ] SystemExplorerHelpService C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
15:42:27.0481 3268 SystemExplorerHelpService - ok
15:42:27.0523 3268 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:42:27.0578 3268 TabletInputService - ok
15:42:27.0735 3268 [ 4EF44915E522F3ECD1A3FF540AA64126 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
15:42:27.0740 3268 tap0901 - ok
15:42:27.0857 3268 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:42:27.0902 3268 TapiSrv - ok
15:42:28.0035 3268 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:42:28.0037 3268 TBS - ok
15:42:28.0162 3268 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:42:28.0465 3268 Tcpip - ok
15:42:28.0561 3268 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:42:28.0574 3268 TCPIP6 - ok
15:42:28.0651 3268 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:42:28.0755 3268 tcpipreg - ok
15:42:28.0829 3268 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:42:28.0858 3268 TDPIPE - ok
15:42:28.0926 3268 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:42:28.0930 3268 TDTCP - ok
15:42:28.0992 3268 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:42:29.0045 3268 tdx - ok
15:42:29.0114 3268 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:42:29.0121 3268 TermDD - ok
15:42:29.0191 3268 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:42:29.0244 3268 TermService - ok
15:42:29.0385 3268 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:42:29.0458 3268 Themes - ok
15:42:29.0544 3268 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:42:29.0546 3268 THREADORDER - ok
15:42:29.0658 3268 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:42:29.0693 3268 TrkWks - ok
15:42:29.0771 3268 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:42:29.0773 3268 TrustedInstaller - ok
15:42:29.0879 3268 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:42:29.0885 3268 tssecsrv - ok
15:42:30.0016 3268 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:42:30.0023 3268 TsUsbFlt - ok
15:42:30.0071 3268 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:42:30.0074 3268 tunnel - ok
15:42:30.0142 3268 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:42:30.0149 3268 uagp35 - ok
15:42:30.0285 3268 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:42:30.0340 3268 udfs - ok
15:42:30.0479 3268 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:42:30.0481 3268 UI0Detect - ok
15:42:30.0546 3268 [ 34859D3801F4BD3DACFA131DD928455A ] UimBus C:\Windows\system32\DRIVERS\uimx64.sys
15:42:30.0553 3268 UimBus - ok
15:42:30.0586 3268 [ D3CE4776E7FFB25E6935B1C797F4650C ] Uim_IM C:\Windows\system32\Drivers\Uim_IMx64.sys
15:42:30.0620 3268 Uim_IM - ok
15:42:30.0666 3268 [ 532E4BED5C7803B2EE5681818B2528B7 ] Uim_VIM C:\Windows\system32\Drivers\uim_vimx64.sys
15:42:30.0709 3268 Uim_VIM - ok
15:42:30.0804 3268 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:42:30.0811 3268 uliagpkx - ok
15:42:30.0901 3268 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:42:30.0908 3268 umbus - ok
15:42:30.0978 3268 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:42:30.0982 3268 UmPass - ok
15:42:31.0110 3268 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
15:42:31.0114 3268 Updater Service - ok
15:42:31.0178 3268 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:42:31.0211 3268 upnphost - ok
15:42:31.0386 3268 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:42:31.0399 3268 usbaudio - ok
15:42:31.0428 3268 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:42:31.0437 3268 usbccgp - ok
15:42:31.0516 3268 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:42:31.0537 3268 usbcir - ok
15:42:31.0583 3268 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:42:31.0590 3268 usbehci - ok
15:42:31.0737 3268 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:42:31.0859 3268 usbhub - ok
15:42:31.0890 3268 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:42:31.0937 3268 usbohci - ok
15:42:32.0046 3268 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:42:32.0081 3268 usbprint - ok
15:42:32.0108 3268 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:42:32.0179 3268 usbscan - ok
15:42:32.0245 3268 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:42:32.0278 3268 USBSTOR - ok
15:42:32.0387 3268 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:42:32.0429 3268 usbuhci - ok
15:42:32.0527 3268 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:42:32.0537 3268 usbvideo - ok
15:42:32.0611 3268 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:42:32.0619 3268 UxSms - ok
15:42:32.0648 3268 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:42:32.0650 3268 VaultSvc - ok
15:42:32.0803 3268 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:42:32.0835 3268 vdrvroot - ok
15:42:32.0952 3268 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:42:32.0969 3268 vds - ok
15:42:33.0022 3268 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:42:33.0026 3268 vga - ok
15:42:33.0108 3268 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:42:33.0113 3268 VgaSave - ok
15:42:33.0168 3268 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:42:33.0195 3268 vhdmp - ok
15:42:33.0257 3268 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:42:33.0319 3268 viaide - ok
15:42:33.0357 3268 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:42:33.0365 3268 volmgr - ok
15:42:33.0460 3268 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:42:33.0488 3268 volmgrx - ok
15:42:33.0510 3268 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:42:33.0565 3268 volsnap - ok
15:42:33.0616 3268 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:42:33.0626 3268 vsmraid - ok
15:42:33.0784 3268 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:42:33.0830 3268 VSS - ok
15:42:33.0885 3268 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:42:33.0891 3268 vwifibus - ok
15:42:33.0911 3268 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:42:33.0917 3268 vwififlt - ok
15:42:33.0973 3268 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:42:33.0977 3268 vwifimp - ok
15:42:34.0069 3268 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:42:34.0124 3268 W32Time - ok
15:42:34.0162 3268 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:42:34.0201 3268 WacomPen - ok
15:42:34.0252 3268 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:42:34.0260 3268 WANARP - ok
15:42:34.0301 3268 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:42:34.0302 3268 Wanarpv6 - ok
15:42:34.0400 3268 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:42:34.0448 3268 wbengine - ok
15:42:34.0526 3268 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:42:34.0537 3268 WbioSrvc - ok
15:42:34.0614 3268 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:42:34.0769 3268 wcncsvc - ok
15:42:34.0846 3268 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:42:34.0854 3268 WcsPlugInService - ok
15:42:34.0979 3268 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:42:34.0985 3268 Wd - ok
15:42:35.0040 3268 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:42:35.0068 3268 Wdf01000 - ok
15:42:35.0096 3268 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:42:35.0108 3268 WdiServiceHost - ok
15:42:35.0158 3268 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:42:35.0160 3268 WdiSystemHost - ok
15:42:35.0258 3268 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:42:35.0335 3268 WebClient - ok
15:42:35.0517 3268 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:42:35.0539 3268 Wecsvc - ok
15:42:35.0603 3268 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:42:35.0626 3268 wercplsupport - ok
15:42:35.0667 3268 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:42:35.0703 3268 WerSvc - ok
15:42:35.0738 3268 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:42:35.0759 3268 WfpLwf - ok
15:42:35.0791 3268 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:42:35.0823 3268 WIMMount - ok
15:42:35.0882 3268 WinDefend - ok
15:42:36.0132 3268 [ 0E77040FCFCCBD7B12A16A11ECD3E66F ] Windows7FirewallService C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
15:42:36.0148 3268 Windows7FirewallService - ok
15:42:36.0158 3268 WinHttpAutoProxySvc - ok
15:42:36.0278 3268 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:42:36.0334 3268 Winmgmt - ok
15:42:36.0435 3268 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:42:36.0544 3268 WinRM - ok
15:42:36.0585 3268 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:42:36.0592 3268 WinUsb - ok
15:42:36.0658 3268 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:42:36.0756 3268 Wlansvc - ok
15:42:36.0975 3268 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:42:37.0077 3268 wlidsvc - ok
15:42:37.0166 3268 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:42:37.0166 3268 WmiAcpi - ok
15:42:37.0292 3268 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:42:37.0297 3268 wmiApSrv - ok
15:42:37.0335 3268 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:42:37.0341 3268 WPCSvc - ok
15:42:37.0410 3268 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:42:37.0421 3268 WPDBusEnum - ok
15:42:37.0514 3268 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:42:37.0536 3268 ws2ifsl - ok
15:42:37.0575 3268 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:42:37.0585 3268 wscsvc - ok
15:42:37.0596 3268 WSearch - ok
15:42:37.0701 3268 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:42:37.0780 3268 wuauserv - ok
15:42:37.0827 3268 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:42:37.0834 3268 WudfPf - ok
15:42:37.0949 3268 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:42:37.0999 3268 WUDFRd - ok
15:42:38.0060 3268 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:42:38.0089 3268 wudfsvc - ok
15:42:38.0209 3268 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:42:38.0318 3268 WwanSvc - ok
15:42:38.0360 3268 ================ Scan global ===============================
15:42:38.0408 3268 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:42:38.0591 3268 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:42:38.0635 3268 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
15:42:38.0674 3268 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:42:38.0769 3268 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:42:38.0777 3268 [Global] - ok
15:42:38.0781 3268 ================ Scan MBR ==================================
15:42:38.0811 3268 [ 6FC6F9186C07BCA94E140F63BFE6E9B4 ] \Device\Harddisk0\DR0
15:42:42.0459 3268 \Device\Harddisk0\DR0 - ok
15:42:42.0463 3268 ================ Scan VBR ==================================
15:42:42.0502 3268 [ F6DB4357816CB62E20C12650128FA49F ] \Device\Harddisk0\DR0\Partition1
15:42:42.0504 3268 \Device\Harddisk0\DR0\Partition1 - ok
15:42:42.0516 3268 [ 56107C40DBBB03E1EA7359A3E096130D ] \Device\Harddisk0\DR0\Partition2
15:42:42.0518 3268 \Device\Harddisk0\DR0\Partition2 - ok
15:42:42.0522 3268 ============================================================
15:42:42.0522 3268 Scan finished
15:42:42.0522 3268 ============================================================
15:42:42.0540 4876 Detected object count: 0
15:42:42.0540 4876 Actual detected object count: 0
15:42:52.0819 4312 Deinitialize success
Geändert von Roadmaster (04.02.2013 um 15:44 Uhr) |
|
04.02.2013, 17:22
| #14 |
| /// TB-Ausbilder | Deutsche Post Mail Servus, Wie läuft dein Rechner momentan? Schritt 1
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
05.02.2013, 10:11
| #15 |
| | Deutsche Post MailCode:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.04.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 jo :: JO-PC [Administrator] 04.02.2013 18:20:59 mbam-log-2013-02-04 (18-20-59).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 222693 Laufzeit: 6 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=47de8d525c1aeb4ebd81d4d141d2da6a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-04 07:10:04
# local_time=2013-02-04 08:10:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 277025 111634854 0 0
# scanned=135134
# found=0
# cleaned=0
# scan_time=4413
Code:
ATTFilter Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.70.0.1100 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader XI Mozilla Firefox (18.0.1) Mozilla Thunderbird (3.1.20) Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! Windows7FirewallControl Windows7FirewallService.exe Windows7FirewallControl Windows7FirewallControl.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
| Themen zu Deutsche Post Mail |
| ads -, deutsche, deutsche post, fehler, klicke, launch, link, mail, online, problem, schrift, thread |
Textbox.
Linear-Darstellung
