| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: vlc trojaner?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.02.2013, 17:56
| #1 |
 |  vlc trojaner? hallo, bräuchte schnelle hilfe... hab gestern blöderweise den vlc player vlc.de runtergeladen....hatte dann dieses "startfenster" problem....habe dann ein bischen hier rumgesucht und einiege sachen ausgetestet und dachte frei zu sein.-.---aufgefallen war mir das überhaupt als sich plötzlich mein win 7 design von custom auf blau von ALLEINE umstellte.... gerade mach ich den rechner an...alle symbole sind riessig, auflösung steht zwar auf voll. trotzdem sieht es so aus als wäre es runtergeschraubt... kann mir bitte noch jmnd schnell helfen was ich tun muss???? |
|
17.02.2013, 17:59
| #2 |
| /// Malware-holic   | vlc trojaner? hi,
__________________was heißt "einiges" was genau? programme läd man bitte beim Hersteller, vlc zb hier: VideoLAN - Official page for VLC media player, the Open Source video framework! Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
17.02.2013, 18:49
| #3 |
| | vlc trojaner? OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 17.02.2013 18:13:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sicky Popp\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 80,44% Memory free
16,00 Gb Paging File | 14,38 Gb Available in Paging File | 89,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 135,22 Gb Total Space | 30,88 Gb Free Space | 22,84% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 12,07 Gb Free Space | 20,59% Space Free | Partition Type: NTFS
Drive E: | 19,53 Gb Total Space | 12,30 Gb Free Space | 62,97% Space Free | Partition Type: NTFS
Drive F: | 97,65 Gb Total Space | 36,76 Gb Free Space | 37,65% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 4,90 Gb Free Space | 10,04% Space Free | Partition Type: NTFS
Drive H: | 41,62 Gb Total Space | 6,04 Gb Free Space | 14,51% Space Free | Partition Type: NTFS
Drive I: | 29,29 Gb Total Space | 5,66 Gb Free Space | 19,33% Space Free | Partition Type: NTFS
Drive J: | 27,85 Gb Total Space | 8,88 Gb Free Space | 31,89% Space Free | Partition Type: NTFS
Drive K: | 7,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: TOWEROFPOWER | User Name: Sicky Popp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EA3A6A-E234-4291-AAF5-63EDFF5513F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0CEE62B0-BF59-4BCF-BE9E-48A6BF8199BC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34F380B2-07A9-4459-A22D-5544675349A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{49E1376F-7F4B-4E06-88B6-46DFE4AE5103}" = rport=137 | protocol=17 | dir=out | app=system |
"{5932A9E7-DCC7-45F1-BC1B-D790E38E7BB0}" = rport=445 | protocol=6 | dir=out | app=system |
"{5C21BBCA-3042-487F-9DB5-ADB71A4049F3}" = lport=137 | protocol=17 | dir=in | app=system |
"{6F3DE774-5C3E-46CE-8425-E4329846E249}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7506E467-4BC7-4829-A163-106CE7F06EF9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8AEE728C-F54C-45A4-9559-FF18FA7832C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{944A0027-DE2B-4A04-ABBA-67451BC9CDB0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9956A58D-CBAA-440E-BDC9-C12D696F2A06}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A499545B-A49F-4E4D-9A91-FD084F5A11AB}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF81A79A-3050-44D5-9E90-9678A8F3C330}" = lport=445 | protocol=6 | dir=in | app=system |
"{B13D1DAF-A942-4841-B422-080AC53C1739}" = rport=139 | protocol=6 | dir=out | app=system |
"{B91AF419-F454-4776-A373-7E28448A5CE4}" = rport=138 | protocol=17 | dir=out | app=system |
"{CA9B9C12-CD90-4E45-93CE-2A486138193F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB297534-E9F5-40AF-AEF1-D52399A130F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDFFAC4F-31CF-499D-993C-C1CE16EE4956}" = lport=139 | protocol=6 | dir=in | app=system |
"{E4D50F5B-D842-4461-8C6D-C2134B6CF9DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E8715FA3-AD3D-4E01-909D-46EC71DAB715}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F0E5BE06-EC0A-4653-86DB-E5587287F61F}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01CEED01-409D-42F1-9F6A-BF4E581DF567}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{03634B3F-9AE6-4529-9508-CD1AB3BDD3DB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0FCAEC1D-41E3-41BC-B6BD-5E0C0269411D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{13EE8BB4-A239-4E38-9213-44D12D21AE4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1922071E-0F7B-4F2F-A73E-A213D43E4437}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CEAF3AF-9388-4444-B32C-870A851CEF89}" = protocol=17 | dir=in | app=k:\network\epsonnetsetup\eneasyapp.exe |
"{2C2318AF-66AD-45C8-B2D3-E23F8E7A9886}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{2FB126CA-DB71-4666-8948-90557291BBB6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{34D347C9-D54D-460A-B6A0-2EEEC74FBF30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34F6BB5E-038B-460E-9015-837AF6473838}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3F94E84E-E754-41BE-82EF-2562044DB613}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4C594306-FC39-4EC6-B478-4F97D3FB8F7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{4C8FD954-BD50-4D68-9A49-BF52D2994907}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{509AB1BC-108D-4DE8-84A8-0B9DC524CDC0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5C17D26E-5729-4051-9EE3-3FDB5AB7C90E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{652475E9-B87D-49AF-B589-51D0088DDBC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6A06B701-0E49-4271-BCDB-DE45A88FCD90}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{6E4ED824-FF68-46B4-8CDF-B87817FD5D29}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{73392619-B4C0-415B-976B-6BA1C1694C21}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{76A371F1-DC2E-4CEF-B3EE-D6CE85F055E0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7C4D04F2-22FB-4778-8B44-49EA4F57A6D0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{7EB8D114-7B3D-4CF4-BA0E-A2E7656A0EB2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{819B8551-3718-4E66-8C04-DA6C47367A31}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{84318402-7866-4ADC-B9F8-E5FAF3EB41FF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{85CCB67B-1F2C-4DB9-9AF7-AAC54ED658AB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8909612A-61A6-40E7-8858-D755A0A91DA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AAD73856-223E-47D6-9B83-C330C712D576}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADD4BCD4-46B6-4CE2-BA41-63353677A3D1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{C0D03BB7-5742-430F-8F5E-C1CD940827D8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{C1C28F4C-C4FF-4267-A4D1-17FC2AF37E02}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CAEEDA73-8BD4-4F92-BA81-09B578DD5538}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E33178DE-46C1-475E-8672-4123E651BF24}" = protocol=6 | dir=out | app=system |
"{E8580A3C-01A0-44AF-9F24-07AFBE56F70F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EE7A5947-9185-4BC4-88FE-30D1C38440D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2B388CB-CC35-4B77-9B6E-DE3BE939815B}" = protocol=6 | dir=in | app=k:\network\epsonnetsetup\eneasyapp.exe |
"{F69DF0BB-6A01-493F-81CD-E902699D0115}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{F8B228B8-DCFC-471F-A9FB-FF796219A235}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{F9846AE2-98EE-4746-AC5F-AFC4D5E9D954}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA3298CD-F41D-45CF-9CC7-F7A1D7486EF0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{32241780-EE97-4095-BF0A-FA44FB03B4ED}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{5E026113-C059-4CD3-B271-6F83A7A8CC38}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{6B11E6B2-5AFC-47A3-B991-82F43D4B7B3A}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{71DE2C74-8E0D-4552-943A-ED5429B07D4C}K:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=6 | dir=in | app=k:\easysetupassistant\wr741n\easysetupassistant.exe |
"TCP Query User{EB0C2119-9765-47B5-8002-A23BF160623F}K:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=6 | dir=in | app=k:\easysetupassistant\wr741n\easysetupassistant.exe |
"UDP Query User{46C491FB-F911-4993-9C93-D1786463C48B}K:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=17 | dir=in | app=k:\easysetupassistant\wr741n\easysetupassistant.exe |
"UDP Query User{4F996F79-D48F-430A-A4E3-54775F1A6067}K:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=17 | dir=in | app=k:\easysetupassistant\wr741n\easysetupassistant.exe |
"UDP Query User{B49F58E2-DE5A-479B-8F7B-C669C6F7B6FF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{C7CC8B53-F0E3-4038-953E-69E0EB4B935F}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{EA2B74AF-D7E0-40D1-BFE7-641C92D9408C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E086923-AAA3-4F98-A6E2-48B64CE27553}" = Native Instruments Reaktor Factory Selection
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{16B2C43D-6C49-4A56-957D-E40CEAA2AC06}" = M-Audio Delta 6.0.8 (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{27225900-26A4-11E1-9C98-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Guitar Rig Mobile I/O
"{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists
"{2BBE23DB-F92C-4319-9179-7E79717EE9AC}" = Native Instruments Komplete 8 Players
"{2CA9F96F-AFFC-4D41-B781-47EBD2378DB8}" = M-Audio Legacy Keyboard Driver 5.0.0 (x64)
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{550331CC-C34B-494F-BCDA-37CE4EF6E924}" = Garmin Communicator Plugin x64
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Guitar Rig Session I/O
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8812511F-8D8C-49D3-A711-C9650B2F5566}" = Native Instruments Guitar Rig Factory Selection for Maschine
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A61B820-598D-05B2-5F8D-7388E15AE2DB}" = AMD Drag and Drop Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0FC9E28-1CE6-4A40-BEF1-C6E6EDFCA070}" = Native Instruments Kontakt Factory Selection
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C9608300-11F5-11E0-A64B-0013D3D69929}" = MSVCRT Redists
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E3F22B4A-1296-4EEC-85D4-AC211AEF63EB}" = M-Audio Conectiv Driver 6.0.3 (x64)
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{EF728EC1-799C-4570-9AE0-8A9A54E4670A}" = Native Instruments Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Cakewalk Studio Instruments_is1" = Studio Instruments 1.0
"EPSON SX235 Series" = EPSON SX235 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"Novation USB Audio Driver_is1" = Novation USB Audio Driver 2.1
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
"z3ta+_x64_is1" = rgc:audio z3ta+ 1.5 (x64)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{0194F916-7E00-4EBE-A024-65A63B4C7D92}" = Torq 2
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{041D03C9-E009-4ECF-937E-DBD134F184C8}" = Torq 2.0.2
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}" = Creative Pack Volume 1
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FD5FD0B-4BA6-47A1-99C3-F8A964C3CCA5}" = Magellan Communicator
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1E5C7043-09C5-4974-A69F-A5271FD82BBC}" = PlayMemories Home
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{5310C7A5-A385-6E26-66E9-C0F0CA5A7E45}" = BeatportDownloader
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AB01508-C2B2-43C8-8B44-514801E7CCC9}" = Jing
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A36908E4-B69B-413A-9A2B-4B2E063D1720}_is1" = SynthMasterBE x64 VSTi Software Synthesizer Plug-In version 1.0.4.7
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AE1EC58E-B2AC-4959-A4C2-C38202A25239}" = Garmin WebUpdater
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BE6F412F-C276-4FD8-B3E1-F996CC172776}" = WD Spindown or Stop Utility for External Drive, v1.00
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{CA32BB95-CB00-46EC-A2E8-53632C887AC9}" = Garmin BaseCamp
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Addictive Drums Inno Setup_is1" = Addictive Drums 1.5
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AMP WinOFF" = AMP WinOFF
"ASIO4ALL" = ASIO4ALL
"avast" = avast! Free Antivirus
"BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1" = BeatportDownloader
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Setup" = DivX-Setup
"EPSON Scanner" = EPSON Scan
"FL Studio 10" = FL Studio 10
"FL Studio 10.6" = FL Studio 10.6
"FL Studio 10.8" = FL Studio 10.8
"FL Studio 10.9" = FL Studio 10.9
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.7.4.918
"Free YouTube Download_is1" = Free YouTube Download version 2.10.35.426
"Groove Machine" = Groove Machine
"HandBrake" = HandBrake 0.9.8
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"IL Gross Beat" = IL Gross Beat
"IL Harmor" = IL Harmor
"IL Shared Libraries" = IL Shared Libraries
"ImgBurn" = ImgBurn
"InstallShield_{0FD5FD0B-4BA6-47A1-99C3-F8A964C3CCA5}" = Magellan Communicator
"InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"InstallShield_{C2AF7B2D-7018-414B-9B8B-D3C9F3BED04F}" = Visual C++ Redistributables
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.7.5
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Driver" = Native Instruments Driver
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Guitar Rig Factory Selection for Maschine" = Native Instruments Guitar Rig Factory Selection for Maschine
"Native Instruments Guitar Rig Mobile I/O" = Native Instruments Guitar Rig Mobile I/O
"Native Instruments Guitar Rig Session I/O" = Native Instruments Guitar Rig Session I/O
"Native Instruments Komplete 8 Players" = Native Instruments Komplete 8 Players
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Kontakt Factory Selection" = Native Instruments Kontakt Factory Selection
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Factory Selection" = Native Instruments Reaktor Factory Selection
"Native Instruments Rig Kontrol 3" = Native Instruments Rig Kontrol 3
"Native Instruments Service Center" = Native Instruments Service Center
"PoiZone" = PoiZone
"Ravensburger tiptoi" = Ravensburger tiptoi
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"Sakura" = Sakura
"Sawer" = Sawer
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Tone2 FireBird_is1" = FireBird plus v1.11
"Toxic Biohazard" = Toxic Biohazard
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"WOW" = WOW
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"MyFreeCodec" = MyFreeCodec
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.01.2013 17:05:14 | Computer Name = TowerofPower | Source = VSS | ID = 12289
Description =
Error - 28.01.2013 17:12:52 | Computer Name = TowerofPower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FL (extended memory).exe, Version:
0.0.0.0, Zeitstempel: 0x4d357373 Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x743ec9f1
ID
des fehlerhaften Prozesses: 0x1008 Startzeit der fehlerhaften Anwendung: 0x01cdfd9aa471d25b
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Image-Line\FL Studio 10.0.9\FL
(extended memory).exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: 79ad2b60-698f-11e2-9489-00190e01fd3d
Error - 01.02.2013 20:11:55 | Computer Name = TowerofPower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ExSpinDn.exe, Version: 2.0.0.0, Zeitstempel:
0x4117f78e Name des fehlerhaften Moduls: ExSpinDn.exe, Version: 2.0.0.0, Zeitstempel:
0x4117f78e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000078ee ID des fehlerhaften Prozesses:
0x13b4 Startzeit der fehlerhaften Anwendung: 0x01ce00d9da289a38 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe
Berichtskennung:
26c58820-6ccd-11e2-a999-00190e01fd3d
Error - 03.02.2013 15:57:33 | Computer Name = TowerofPower | Source = Application Hang | ID = 1002
Description = Programm vegas110.exe, Version 11.0.0.511 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: d94 Startzeit:
01ce023c8d0e3cab Endzeit: 83 Anwendungspfad: C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe
Berichts-ID:
ee08f620-6e3b-11e2-8ac0-00190e01fd3d
Error - 03.02.2013 17:11:29 | Computer Name = TowerofPower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vegas110.exe, Version: 11.0.0.511,
Zeitstempel: 0x4ee92310 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000003c0ad6c9
ID
des fehlerhaften Prozesses: 0x143c Startzeit der fehlerhaften Anwendung: 0x01ce0248b74508b0
Pfad
der fehlerhaften Anwendung: C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 466cbedc-6e46-11e2-8ac0-00190e01fd3d
Error - 06.02.2013 20:25:49 | Computer Name = TowerofPower | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: vegas110.exe, Version: 11.0.0.511,
Zeitstempel: 0x4ee92310 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000c40f2
ID
des fehlerhaften Prozesses: 0x2d0 Startzeit der fehlerhaften Anwendung: 0x01ce04c4a29f3efb
Pfad
der fehlerhaften Anwendung: C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: ebb271d6-70bc-11e2-9dd0-00190e01fd3d
Error - 09.02.2013 03:24:23 | Computer Name = TowerofPower | Source = Application Hang | ID = 1002
Description = Programm FL (extended memory).exe, Version 0.0.0.0 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: ab0 Startzeit: 01ce0696097eb2f5 Endzeit: 60000 Anwendungspfad:
C:\Program Files (x86)\Image-Line\FL Studio 10.0.9\FL (extended memory).exe Berichts-ID:
80f0a5da-7289-11e2-9a89-00190e01fd3d
Error - 11.02.2013 13:12:17 | Computer Name = TowerofPower | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 24.0.1312.57 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1258 Startzeit:
01ce086a3f85b35c Endzeit: 31 Anwendungspfad: C:\Users\Sicky Popp\AppData\Local\Google\Chrome\Application\chrome.exe
Berichts-ID:
Error - 15.02.2013 16:52:30 | Computer Name = TowerofPower | Source = LegacyUninstaller | ID = 0
Description =
Error - 15.02.2013 17:51:55 | Computer Name = TowerofPower | Source = Application Hang | ID = 1002
Description = Programm vegas110.exe, Version 11.0.0.511 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 280 Startzeit:
01ce0bbfde256451 Endzeit: 69 Anwendungspfad: C:\Program Files\Sony\Vegas Pro 11.0\vegas110.exe
Berichts-ID:
e6f3215e-77b9-11e2-a48a-00190e01fd3d
[ System Events ]
Error - 17.02.2013 13:17:41 | Computer Name = TowerofPower | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk4\DR4.
Error - 17.02.2013 13:17:41 | Computer Name = TowerofPower | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk4\DR4.
Error - 17.02.2013 13:17:41 | Computer Name = TowerofPower | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk4\DR4.
Error - 17.02.2013 13:17:41 | Computer Name = TowerofPower | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk4\DR4.
Error - 17.02.2013 13:17:41 | Computer Name = TowerofPower | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk4\DR4.
Error - 17.02.2013 13:17:41 | Computer Name = TowerofPower | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk4\DR4.
Error - 17.02.2013 13:17:41 | Computer Name = TowerofPower | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk4\DR4.
Error - 17.02.2013 13:17:41 | Computer Name = TowerofPower | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk4\DR4.
Error - 17.02.2013 13:17:41 | Computer Name = TowerofPower | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk4\DR4.
Error - 17.02.2013 13:17:41 | Computer Name = TowerofPower | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk4\DR4.
< End of report >
|
|
17.02.2013, 18:53
| #4 |
| | vlc trojaner? OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.02.2013 18:13:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sicky Popp\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 80,44% Memory free 16,00 Gb Paging File | 14,38 Gb Available in Paging File | 89,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 135,22 Gb Total Space | 30,88 Gb Free Space | 22,84% Space Free | Partition Type: NTFS Drive D: | 58,59 Gb Total Space | 12,07 Gb Free Space | 20,59% Space Free | Partition Type: NTFS Drive E: | 19,53 Gb Total Space | 12,30 Gb Free Space | 62,97% Space Free | Partition Type: NTFS Drive F: | 97,65 Gb Total Space | 36,76 Gb Free Space | 37,65% Space Free | Partition Type: NTFS Drive G: | 48,83 Gb Total Space | 4,90 Gb Free Space | 10,04% Space Free | Partition Type: NTFS Drive H: | 41,62 Gb Total Space | 6,04 Gb Free Space | 14,51% Space Free | Partition Type: NTFS Drive I: | 29,29 Gb Total Space | 5,66 Gb Free Space | 19,33% Space Free | Partition Type: NTFS Drive J: | 27,85 Gb Total Space | 8,88 Gb Free Space | 31,89% Space Free | Partition Type: NTFS Drive K: | 7,92 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: TOWEROFPOWER | User Name: Sicky Popp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.17 18:02:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sicky Popp\Desktop\OTL.exe PRC - [2013.02.16 22:44:47 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Users\Sicky Popp\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2013.01.31 16:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2012.11.27 21:12:44 | 000,479,840 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.01.25 18:33:06 | 000,237,872 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.11.08 00:09:20 | 002,647,552 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe PRC - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe ========== Modules (No Company Name) ========== MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.01.25 18:33:06 | 000,237,872 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 20:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.11.19 15:49:08 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.15 13:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.08 07:53:17 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.12 00:13:25 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.27 21:12:44 | 000,479,840 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2012.11.09 22:09:14 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.12.05 13:02:44 | 005,739,008 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.01.12 08:00:00 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) SRV - [2010.11.19 15:53:16 | 001,974,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.11.19 15:49:04 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2010.11.08 00:09:20 | 002,647,552 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.05.14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2006.12.19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.17 01:51:21 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto) DRV:64bit: - [2012.12.19 21:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 20:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 12:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.04.23 12:35:22 | 000,111,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NIWinCDEmu.sys -- (NIWinCDEmu) DRV:64bit: - [2012.04.18 10:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2012.04.05 19:47:57 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.01.25 17:32:58 | 000,339,760 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioDelta.sys -- (DELTAII) DRV:64bit: - [2011.10.27 02:25:42 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.10.27 02:25:42 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2011.10.27 02:25:42 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2011.10.27 02:25:42 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011.10.27 02:25:42 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.07.06 16:12:16 | 000,019,800 | ---- | M] (Focusrite Audio Engineering Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\automap.sys -- (automap) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.16 14:36:10 | 000,050,232 | ---- | M] (Novation DMS Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvnusbaudio.sys -- (NvnUsbAudio) DRV:64bit: - [2010.11.20 04:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.03 17:39:48 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd) DRV:64bit: - [2010.08.24 18:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2010.03.16 19:50:18 | 000,046,088 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioConectiv_DFU.sys -- (MADFUCONECTIV) DRV:64bit: - [2010.03.16 19:50:14 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioConectiv.sys -- (MAUSBCONECTIV) DRV:64bit: - [2010.02.09 08:53:30 | 000,028,680 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioLegacyKeyboard_DFU.sys -- (MADFULEGACYKEYBOARD) DRV:64bit: - [2010.02.09 08:53:26 | 000,196,616 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioLegacyKeyboard.sys -- (MAUSBLEGACYKEYBOARD) DRV:64bit: - [2009.10.30 13:39:54 | 000,460,864 | ---- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BUSB2902.sys -- (BEHRINGER_2902) DRV:64bit: - [2009.10.30 13:39:54 | 000,049,728 | ---- | M] (BEHRINGER) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\busbwdm.sys -- (BUSB_AUDIO_WDM) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2008.03.13 08:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV:64bit: - [2005.09.23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus) DRV - [2010.10.07 11:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Lavasoft SecureSearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 6C C7 94 57 FA CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = hxxp://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=A9DF01CB43AC7EC4704536512029F075&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@MagellanGPS.com/CommunicationPlugin: C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll (Magellan Navigation, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sicky Popp\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sicky Popp\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.12.04 22:20:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.06 00:34:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.16 22:24:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.16 22:24:53 | 000,000,000 | ---D | M] [2011.04.13 14:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sicky Popp\AppData\Roaming\mozilla\Extensions [2011.04.13 14:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sicky Popp\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.12.01 23:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.02 09:08:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.11.19 21:54:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms} CHR - homepage: Google CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sicky Popp\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Sicky Popp\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sicky Popp\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll CHR - plugin: Free Studio (Enabled) = C:\Users\Sicky Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U39 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Magellan Plug-In (Enabled) = C:\Program Files (x86)\Magellan\Magellan Communicator\npMgnPlg.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll CHR - plugin: Java Deployment Toolkit 6.0.390.4 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - Extension: Adblock Plus = C:\Users\Sicky Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\ CHR - Extension: AdBlock = C:\Users\Sicky Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\ CHR - Extension: avast! WebRep = C:\Users\Sicky Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: Sicky Popp: FL Studio Tutorials and more... - YouTube = C:\Users\Sicky Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lelhhkikoabdjonaenoohdaghailpkif\2013.2.17.2780_0\ CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Sicky Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Sicky Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\DeltaIITray.exe () O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Sicky Popp\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sicky Popp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Sicky Popp\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sicky Popp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FC24DBA-1AEC-4D3F-952F-F116C52A5443}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\bonus.screenshotreader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\sprint.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\bonus.screenshotreader.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\sprint.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E1FC9742-6CB2-A481-4CD1-2A1E5B29B35C} - Themes Setup ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Facebook Update - hkey= - key= - File not found MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - File not found MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - File not found MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - File not found MsConfig:64bit - StartUpReg: M-Audio Taskbar Icon - hkey= - key= - C:\Windows\SysWOW64\DeltaIITray.exe () MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.17 18:12:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sicky Popp\Desktop\OTL.exe [2013.02.17 01:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection [2013.02.17 01:53:24 | 000,000,000 | ---D | C] -- C:\Users\Sicky Popp\AppData\Local\adawarebp [2013.02.17 01:53:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2013.02.17 01:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.02.17 01:51:23 | 000,000,000 | ---D | C] -- C:\Users\Sicky Popp\AppData\Roaming\LavasoftStatistics [2013.02.17 01:51:21 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.02.16 22:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.02.16 22:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2013.02.16 22:21:18 | 004,102,656 | ---- | C] (x264vfw project) -- C:\Windows\SysWow64\x264vfw.dll [2013.02.16 22:21:17 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm [2013.02.16 22:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2013.02.13 22:51:59 | 000,000,000 | ---D | C] -- C:\Users\Sicky Popp\Desktop\100CASIO [2013.02.13 10:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Magellan [2013.02.13 00:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.02.13 00:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.02.13 00:21:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.02.13 00:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.02.13 00:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.02.13 00:14:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.02.13 00:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.02.12 23:26:19 | 000,000,000 | ---D | C] -- C:\Users\Sicky Popp\AppData\Local\Logishrd [2013.02.12 23:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2013.02.10 19:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Eisenberg [2013.02.09 08:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Addictive Drums [2013.02.09 06:44:18 | 000,000,000 | ---D | C] -- C:\Users\Sicky Popp\AppData\Roaming\ImgBurn [2013.02.09 06:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2013.02.09 06:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2013.02.09 06:21:20 | 000,000,000 | ---D | C] -- C:\Users\Sicky Popp\Documents\Addictive Keys Logs [2013.02.09 06:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\XLN Audio [2013.02.09 06:20:36 | 000,000,000 | ---D | C] -- C:\Users\Sicky Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XLN Audio [2013.02.09 06:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XLN Audio [2013.02.07 02:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin [2013.01.27 11:38:33 | 000,000,000 | ---D | C] -- C:\Users\Sicky Popp\Desktop\Bilder Stix Bilderahmen Mutter ========== Files - Modified Within 30 Days ========== [2013.02.17 18:17:47 | 000,018,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.17 18:17:47 | 000,018,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.17 18:02:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sicky Popp\Desktop\OTL.exe [2013.02.17 17:59:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.17 17:57:39 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.17 17:53:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.17 17:49:01 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303213111-1996448718-967368058-1001UA.job [2013.02.17 17:46:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.17 01:58:55 | 000,000,105 | ---- | M] () -- C:\prefs.js [2013.02.17 01:51:21 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.02.17 00:36:41 | 000,133,600 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\Starwars Mix.mp4.sfk [2013.02.16 23:34:11 | 000,916,573 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\IMAG0182.jpg [2013.02.16 23:32:28 | 000,016,147 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\598546_515510028471325_1965973135_n.jpg [2013.02.16 23:20:42 | 003,747,956 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\20130108_162815.jpg [2013.02.16 22:49:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1303213111-1996448718-967368058-1001Core.job [2013.02.16 02:11:28 | 000,005,862 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\fb-button.jpg [2013.02.15 23:00:54 | 003,775,581 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\Starwars Mix.mp4 [2013.02.15 22:54:42 | 000,014,893 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\Swtheme.mid [2013.02.15 11:33:46 | 001,621,400 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\Kreativrunde.sfk [2013.02.15 11:25:51 | 207,530,600 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\Kreativrunde.wav [2013.02.14 13:47:41 | 000,000,132 | ---- | M] () -- C:\Users\Sicky Popp\AppData\Roaming\Adobe PNG Format CS5 Prefs [2013.02.14 13:01:32 | 000,171,800 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\männel stempel.jpg [2013.02.14 11:37:40 | 009,137,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.14 02:06:49 | 001,634,468 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.14 02:06:49 | 000,696,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.14 02:06:49 | 000,652,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.14 02:06:49 | 000,148,144 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.14 02:06:49 | 000,121,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.13 09:22:56 | 000,000,550 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.02.13 00:19:47 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.13 00:19:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.11 22:37:10 | 004,156,135 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\CIMG4121.JPG [2013.02.06 19:00:00 | 000,112,640 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll [2013.02.05 02:30:33 | 000,002,107 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.9 (beta).lnk [2013.02.02 15:43:31 | 002,628,767 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\Auge Arm.jpg [2013.01.28 22:38:47 | 010,412,478 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\Elli Gypsy 2013.mp3 [2013.01.27 15:06:32 | 002,986,302 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\maZe liegend.jpg [2013.01.26 16:31:48 | 000,007,708 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\shams114.jpg [2013.01.21 14:49:18 | 000,000,615 | ---- | M] () -- C:\Users\Sicky Popp\Desktop\untitled.fsc ========== Files Created - No Company Name ========== [2013.02.17 01:58:55 | 000,000,105 | ---- | C] () -- C:\prefs.js [2013.02.17 00:36:17 | 000,133,600 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\Starwars Mix.mp4.sfk [2013.02.16 23:34:11 | 000,916,573 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\IMAG0182.jpg [2013.02.16 23:32:27 | 000,016,147 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\598546_515510028471325_1965973135_n.jpg [2013.02.16 22:21:18 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2013.02.16 22:21:18 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2013.02.16 22:21:17 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.02.16 22:21:15 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2013.02.16 02:11:28 | 000,005,862 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\fb-button.jpg [2013.02.15 23:00:50 | 003,775,581 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\Starwars Mix.mp4 [2013.02.15 22:54:42 | 000,014,893 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\Swtheme.mid [2013.02.15 11:30:00 | 001,621,400 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\Kreativrunde.sfk [2013.02.15 11:07:50 | 207,530,600 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\Kreativrunde.wav [2013.02.14 13:01:30 | 000,171,800 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\männel stempel.jpg [2013.02.13 22:51:59 | 004,156,135 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\CIMG4121.JPG [2013.02.13 00:19:47 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.02.13 00:19:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.02.09 06:39:00 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2013.02.05 02:30:33 | 000,002,107 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.9 (beta).lnk [2013.02.05 02:29:42 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 10.9.lnk [2013.02.02 15:43:28 | 002,628,767 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\Auge Arm.jpg [2013.01.28 22:38:11 | 010,412,478 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\Elli Gypsy 2013.mp3 [2013.01.27 15:06:29 | 002,986,302 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\maZe liegend.jpg [2013.01.27 11:38:33 | 005,508,383 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\DSC_0076.JPG [2013.01.26 16:31:48 | 000,007,708 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\shams114.jpg [2013.01.21 14:49:18 | 000,000,615 | ---- | C] () -- C:\Users\Sicky Popp\Desktop\untitled.fsc [2012.12.04 19:52:40 | 000,000,550 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.11.22 15:27:13 | 000,000,132 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\Adobe IllExport Filter CS5 Prefs [2012.06.13 02:35:07 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.06.13 02:33:51 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.05.24 20:06:41 | 000,001,456 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Local\Adobe Save for Web 12.0 Prefs [2012.05.03 11:08:43 | 001,590,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.03.04 17:20:38 | 000,000,081 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MPluginConfiguration.xml [2012.03.04 17:05:09 | 000,086,536 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MRhythmizerSequencepresets.xml [2012.03.04 17:05:09 | 000,085,968 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MRhythmizerpresets.xml [2012.03.04 17:05:09 | 000,051,825 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MRhythmizerSequenceVolumepresets.xml [2012.03.04 17:05:09 | 000,012,248 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MRhythmizerSequenceSetpresets.xml [2012.03.04 17:05:09 | 000,005,022 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MRhythmizerSequenceVolumeSetpresets.xml [2012.01.25 18:33:06 | 000,237,872 | ---- | C] () -- C:\Windows\SysWow64\DeltaIITray.exe [2011.10.31 11:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.10.31 11:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.10.31 11:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.10.31 11:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.10.19 12:28:17 | 000,013,847 | ---- | C] () -- C:\Users\Sicky Popp\maZe EFX.efx [2011.10.19 10:46:29 | 008,491,008 | ---- | C] () -- C:\Windows\SysWow64\QtGui_Torq_2.0.0.3_4.dll [2011.10.19 10:46:29 | 003,166,208 | ---- | C] () -- C:\Windows\SysWow64\QtXmlPatterns_Torq_2.0.0.3_4.dll [2011.10.19 10:46:29 | 002,666,496 | ---- | C] () -- C:\Windows\SysWow64\QtDeclarative_Torq_2.0.0.3_4.dll [2011.10.19 10:46:29 | 002,363,392 | ---- | C] () -- C:\Windows\SysWow64\QtCore_Torq_2.0.0.3_4.dll [2011.10.19 10:46:29 | 001,339,392 | ---- | C] () -- C:\Windows\SysWow64\QtScript_Torq_2.0.0.3_4.dll [2011.10.19 10:46:29 | 000,864,256 | ---- | C] () -- C:\Windows\SysWow64\QtNetwork_Torq_2.0.0.3_4.dll [2011.10.19 10:46:29 | 000,720,896 | ---- | C] () -- C:\Windows\SysWow64\QtOpenGL_Torq_2.0.0.3_4.dll [2011.10.19 10:46:29 | 000,614,400 | ---- | C] () -- C:\Windows\SysWow64\QtSql_Torq_2.0.0.3_4.dll [2011.10.19 10:46:29 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\QtXml_Torq_2.0.0.3_4.dll [2011.10.13 23:26:46 | 000,000,132 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.10.13 20:58:53 | 000,017,408 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Local\WebpageIcons.db [2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.09.08 16:28:33 | 000,000,132 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.07.04 21:33:19 | 000,191,692 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MAnalyzerpresets.xml [2011.07.04 21:33:19 | 000,013,964 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MFlangerpresets.xml [2011.07.04 21:33:19 | 000,009,119 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MFreqShifterpresets.xml [2011.07.04 21:33:19 | 000,007,130 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MEqualizerpresets.xml [2011.07.04 21:33:19 | 000,006,687 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\menvelopepresets.xml [2011.07.04 21:33:19 | 000,006,444 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MCompressorpresets.xml [2011.07.04 21:33:19 | 000,005,138 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MWaveShaperpresets.xml [2011.07.04 21:33:19 | 000,004,362 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MPhaserpresets.xml [2011.07.04 21:33:19 | 000,003,771 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MRingModulatorpresets.xml [2011.07.04 21:33:19 | 000,002,820 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MEqualizerAreasEditorpresets.xml [2011.07.04 21:33:19 | 000,002,775 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MStereoExpanderpresets.xml [2011.07.04 21:33:19 | 000,002,666 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MVibratopresets.xml [2011.07.04 21:33:19 | 000,002,492 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MSpectralAnalyzerPrefilterpresets.xml [2011.07.04 21:33:19 | 000,002,366 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MTremolopresets.xml [2011.07.04 21:33:19 | 000,001,907 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MAutopanpresets.xml [2011.07.04 21:33:19 | 000,001,381 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MLimiterpresets.xml [2011.07.04 21:33:19 | 000,001,235 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\mbasestyleconfigurationpresets.xml [2011.07.04 21:33:19 | 000,001,011 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\MValueToColor5presets.xml [2011.04.22 10:19:22 | 000,009,216 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.19 19:23:38 | 000,000,000 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Roaming\chrtmp [2011.04.14 17:05:13 | 000,007,605 | ---- | C] () -- C:\Users\Sicky Popp\AppData\Local\Resmon.ResmonCfg [2011.04.13 13:10:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.07 15:53:41 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\Ableton [2011.12.09 22:42:04 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1 [2012.05.25 00:16:27 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.02.11 19:58:47 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\DVDVideoSoft [2012.09.15 19:56:45 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.09 07:37:45 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\EPSON [2011.06.28 18:02:07 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\FireShot [2012.10.11 22:59:03 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\Garmin [2013.01.15 20:36:37 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\Groove Machine [2012.12.29 00:24:59 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\HandBrake [2011.11.20 10:10:25 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\HD Tune Pro [2011.05.17 03:59:55 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\Image-Line [2013.02.09 06:48:42 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\ImgBurn [2011.11.06 21:52:37 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\Korg [2011.04.13 14:41:32 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\Leadertech [2011.10.05 17:08:17 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\MAGIX [2011.10.07 15:50:16 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\ManyCam [2012.03.04 17:20:28 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\MeldaProduction [2012.09.19 17:47:42 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\MeldaProduction MAnalyzer [2012.03.03 22:29:36 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\MixVibes [2011.04.14 16:02:44 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\MSPS [2011.07.04 21:33:19 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\MTexturedStyles [2012.06.03 19:10:08 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\MW3 FoV Changer [2011.06.03 00:05:18 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\OpenOffice.org [2012.09.16 21:42:47 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\PACE Anti-Piracy [2012.05.25 00:54:32 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\PDAppFlex [2011.04.19 19:35:55 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\Publish Providers [2011.12.28 18:58:17 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\RavensburgerTipToi [2011.11.29 18:28:31 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\Samsung [2012.05.29 12:14:37 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\Sawer [2012.12.04 23:29:40 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\Sony [2012.12.15 22:20:05 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\Sony Creative Software Inc [2011.04.13 21:59:54 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.06.16 11:23:51 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\SynthMaker [2012.03.04 17:20:38 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\System [2011.12.01 22:08:42 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\Temp [2011.04.13 14:24:14 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\Thunderbird [2011.04.13 21:03:34 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\TuneUp Software [2011.10.05 18:07:40 | 000,000,000 | ---D | M] -- C:\Users\Sicky Popp\AppData\Roaming\Yellow Tools ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.10.09 18:58:36 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.10.29 17:55:14 | 000,000,000 | ---D | M] -- C:\AMD [2011.04.13 13:07:48 | 000,000,000 | ---D | M] -- C:\ATI [2011.04.13 13:49:46 | 000,000,000 | -HSD | M] -- C:\Boot [2011.04.13 12:57:33 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.08.14 09:13:44 | 000,000,000 | ---D | M] -- C:\Fraps [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.02.17 01:06:53 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.17 02:00:07 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.02.17 02:00:04 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.04.13 12:57:33 | 000,000,000 | -HSD | M] -- C:\Programme [2011.04.13 12:57:34 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.02.17 18:15:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.08.17 23:09:26 | 000,000,000 | ---D | M] -- C:\Temp [2011.04.13 12:57:43 | 000,000,000 | R--D | M] -- C:\Users [2013.02.17 17:46:31 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 03:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.11.19 13:16:15 | 000,001,088 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1303213111-1996448718-967368058-1001Core.job [2011.11.19 13:16:16 | 000,001,140 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1303213111-1996448718-967368058-1001UA.job [2011.12.14 13:29:50 | 000,001,114 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.12.14 13:29:51 | 000,001,118 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.04.02 20:21:37 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 03:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.20 04:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2012.11.13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 04:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 04:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 03:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 04:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 03:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 04:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 03:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 04:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 03:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 04:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 04:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011.10.19 12:57:23 | 000,013,847 | ---- | M] () -- C:\Users\Sicky Popp\maZe EFX.efx [2013.02.17 18:22:05 | 004,718,592 | -HS- | M] () -- C:\Users\Sicky Popp\ntuser.dat [2013.02.17 18:22:05 | 000,262,144 | -HS- | M] () -- C:\Users\Sicky Popp\ntuser.dat.LOG1 [2011.04.13 12:57:45 | 000,000,000 | -HS- | M] () -- C:\Users\Sicky Popp\ntuser.dat.LOG2 [2011.04.13 13:09:22 | 000,065,536 | -HS- | M] () -- C:\Users\Sicky Popp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.04.13 13:09:22 | 000,524,288 | -HS- | M] () -- C:\Users\Sicky Popp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.04.13 13:09:22 | 000,524,288 | -HS- | M] () -- C:\Users\Sicky Popp\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.10.03 01:47:16 | 000,065,536 | -HS- | M] () -- C:\Users\Sicky Popp\ntuser.dat{4ae386b5-0ca8-11e2-af2c-0019668803f8}.TM.blf [2012.10.03 01:47:16 | 000,524,288 | -HS- | M] () -- C:\Users\Sicky Popp\ntuser.dat{4ae386b5-0ca8-11e2-af2c-0019668803f8}.TMContainer00000000000000000001.regtrans-ms [2012.10.03 01:47:16 | 000,524,288 | -HS- | M] () -- C:\Users\Sicky Popp\ntuser.dat{4ae386b5-0ca8-11e2-af2c-0019668803f8}.TMContainer00000000000000000002.regtrans-ms [2011.04.13 12:57:45 | 000,000,020 | -HS- | M] () -- C:\Users\Sicky Popp\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 1343 bytes -> C:\Users\Sicky Popp\AppData\Local\Temp:BWdi8VCf4lo5LUuhdKgzZ < End of report > |
|
17.02.2013, 18:56
| #5 |
| /// Malware-holic | vlc trojaner? bekomm ich noch ne Antwort auf meine Frage?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2013, 19:11
| #6 |
| | vlc trojaner? ups sry, total übersehen... ich hab: adwcleaner und security check drübber laufen lassen...dann viel mir noch add aware ein von lavasoft...was aber iwie mittlerweile n ganz andere programm ist wie ich es in erinnerung habe...habs dann gestoppt und gelöscht |
|
17.02.2013, 19:12
| #7 |
| /// Malware-holic | vlc trojaner? ok, das adwcleaner log hätt ich gern. das alte meine ich. danach: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2013, 19:13
| #8 |
| | vlc trojaner? AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.112 - Datei am 17/02/2013 um 01:21:51 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Sicky Popp - TOWEROFPOWER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Sicky Popp\Desktop\adwcleaner0.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Sicky Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\Sicky Popp\AppData\Local\APN
Ordner Gelöscht : C:\Users\Sicky Popp\AppData\LocalLow\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.startfenster.com --> hxxp://www.google.com
-\\ Google Chrome v24.0.1312.57
Datei : C:\Users\Sicky Popp\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.20] : urls_to_restore_on_startup = [ "hxxp://www.startfenster.com" ]
Gelöscht [l.2929] : urls_to_restore_on_startup = [ "hxxp://www.startfenster.com" ]
*************************
AdwCleaner[S1].txt - [1508 octets] - [17/02/2013 01:21:51]
########## EOF - C:\AdwCleaner[S1].txt - [1568 octets] ##########
 das bekomme ich beim dem tdss killer, klicke ich auf sontinue, komme ich in den startscreen |
|
17.02.2013, 20:30
| #9 |
| /// Malware-holic | vlc trojaner? ja aber das log benötige ich, wo das zu finden ist, steht oben in der Anleitung
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2013, 20:48
| #10 |
| | vlc trojaner? 19:20:02.0078 4504 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 19:20:02.0703 4504 ============================================================ 19:20:02.0703 4504 Current date / time: 2013/02/17 19:20:02.0703 19:20:02.0703 4504 SystemInfo: 19:20:02.0703 4504 19:20:02.0703 4504 OS Version: 6.1.7601 ServicePack: 1.0 19:20:02.0703 4504 Product type: Workstation 19:20:02.0703 4504 ComputerName: TOWEROFPOWER 19:20:02.0703 4504 UserName: Sicky Popp 19:20:02.0703 4504 Windows directory: C:\Windows 19:20:02.0703 4504 System windows directory: C:\Windows 19:20:02.0703 4504 Running under WOW64 19:20:02.0703 4504 Processor architecture: Intel x64 19:20:02.0703 4504 Number of processors: 2 19:20:02.0703 4504 Page size: 0x1000 19:20:02.0703 4504 Boot type: Normal boot 19:20:02.0703 4504 ============================================================ 19:20:08.0421 4504 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:20:08.0437 4504 Drive \Device\Harddisk1\DR1 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:20:08.0453 4504 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:20:08.0515 4504 ============================================================ 19:20:08.0515 4504 \Device\Harddisk0\DR0: 19:20:08.0515 4504 MBR partitions: 19:20:08.0515 4504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462 19:20:08.0531 4504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x61A7927 19:20:08.0546 4504 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xD6D7E46, BlocksNum 0x533CDBA 19:20:08.0546 4504 \Device\Harddisk1\DR1: 19:20:08.0546 4504 MBR partitions: 19:20:08.0546 4504 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637 19:20:08.0562 4504 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x3A962B1 19:20:08.0578 4504 \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x61A79A5, BlocksNum 0x37B4CF5 19:20:08.0578 4504 \Device\Harddisk2\DR2: 19:20:08.0609 4504 MBR partitions: 19:20:08.0609 4504 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x10E713B5 19:20:08.0625 4504 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x10E71433, BlocksNum 0xC34F28D 19:20:08.0625 4504 ============================================================ 19:20:08.0687 4504 C: <-> \Device\Harddisk2\DR2\Partition1 19:20:08.0703 4504 D: <-> \Device\Harddisk0\DR0\Partition1 19:20:08.0750 4504 E: <-> \Device\Harddisk1\DR1\Partition1 19:20:08.0843 4504 F: <-> \Device\Harddisk2\DR2\Partition2 19:20:08.0875 4504 G: <-> \Device\Harddisk0\DR0\Partition2 19:20:08.0890 4504 H: <-> \Device\Harddisk0\DR0\Partition3 19:20:08.0921 4504 I: <-> \Device\Harddisk1\DR1\Partition2 19:20:08.0953 4504 J: <-> \Device\Harddisk1\DR1\Partition3 19:20:08.0953 4504 ============================================================ 19:20:08.0953 4504 Initialize success 19:20:08.0953 4504 ============================================================ 19:20:18.0656 4640 ============================================================ 19:20:18.0656 4640 Scan started 19:20:18.0656 4640 Mode: Manual; SigCheck; TDLFS; 19:20:18.0656 4640 ============================================================ 19:20:22.0406 4640 ================ Scan system memory ======================== 19:20:22.0406 4640 System memory - ok 19:20:22.0406 4640 ================ Scan services ============================= 19:20:22.0781 4640 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 19:20:23.0390 4640 1394ohci - ok 19:20:23.0578 4640 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe 19:20:23.0625 4640 ABBYY.Licensing.FineReader.Sprint.9.0 - ok 19:20:23.0671 4640 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:20:23.0687 4640 ACPI - ok 19:20:23.0781 4640 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 19:20:23.0859 4640 AcpiPmi - ok 19:20:23.0906 4640 [ 4AE327C9C375D985FF2A2AAB92765218 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 19:20:23.0937 4640 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning 19:20:23.0937 4640 Adobe LM Service - detected UnsignedFile.Multi.Generic (1) 19:20:24.0031 4640 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:20:24.0031 4640 AdobeARMservice - ok 19:20:24.0156 4640 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:20:24.0187 4640 AdobeFlashPlayerUpdateSvc - ok 19:20:24.0281 4640 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 19:20:24.0343 4640 adp94xx - ok 19:20:24.0406 4640 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 19:20:24.0453 4640 adpahci - ok 19:20:24.0500 4640 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 19:20:24.0515 4640 adpu320 - ok 19:20:24.0546 4640 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:20:24.0796 4640 AeLookupSvc - ok 19:20:24.0828 4640 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 19:20:24.0906 4640 AFD - ok 19:20:24.0953 4640 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:20:24.0968 4640 agp440 - ok 19:20:25.0000 4640 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 19:20:25.0078 4640 ALG - ok 19:20:25.0093 4640 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 19:20:25.0125 4640 aliide - ok 19:20:25.0156 4640 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 19:20:25.0234 4640 AMD External Events Utility - ok 19:20:25.0265 4640 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 19:20:25.0281 4640 amdide - ok 19:20:25.0312 4640 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 19:20:25.0359 4640 AmdK8 - ok 19:20:25.0968 4640 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 19:20:26.0265 4640 amdkmdag - ok 19:20:26.0312 4640 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 19:20:26.0359 4640 amdkmdap - ok 19:20:26.0390 4640 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 19:20:26.0453 4640 AmdPPM - ok 19:20:26.0484 4640 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 19:20:26.0500 4640 amdsata - ok 19:20:26.0515 4640 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 19:20:26.0531 4640 amdsbs - ok 19:20:26.0546 4640 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 19:20:26.0562 4640 amdxata - ok 19:20:26.0578 4640 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys 19:20:26.0875 4640 androidusb - ok 19:20:26.0921 4640 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 19:20:27.0109 4640 AppID - ok 19:20:27.0125 4640 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:20:27.0171 4640 AppIDSvc - ok 19:20:27.0218 4640 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 19:20:27.0265 4640 Appinfo - ok 19:20:27.0343 4640 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 19:20:27.0359 4640 Apple Mobile Device - ok 19:20:27.0406 4640 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 19:20:27.0468 4640 AppMgmt - ok 19:20:27.0500 4640 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 19:20:27.0515 4640 arc - ok 19:20:27.0531 4640 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 19:20:27.0546 4640 arcsas - ok 19:20:27.0968 4640 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 19:20:28.0000 4640 aspnet_state - ok 19:20:28.0031 4640 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 19:20:28.0046 4640 aswFsBlk - ok 19:20:28.0078 4640 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 19:20:28.0078 4640 aswMonFlt - ok 19:20:28.0109 4640 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys 19:20:28.0125 4640 aswRdr - ok 19:20:28.0328 4640 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 19:20:28.0390 4640 aswSnx - ok 19:20:28.0484 4640 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys 19:20:28.0500 4640 aswSP - ok 19:20:28.0531 4640 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 19:20:28.0593 4640 aswTdi - ok 19:20:28.0625 4640 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:20:28.0703 4640 AsyncMac - ok 19:20:28.0750 4640 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 19:20:28.0765 4640 atapi - ok 19:20:28.0828 4640 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 19:20:28.0875 4640 AtiHDAudioService - ok 19:20:28.0937 4640 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:20:29.0015 4640 AudioEndpointBuilder - ok 19:20:29.0140 4640 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 19:20:29.0171 4640 AudioSrv - ok 19:20:29.0234 4640 [ 332BBC97F90440E46DD621ADC2DC512A ] automap C:\Windows\system32\DRIVERS\automap.sys 19:20:29.0250 4640 automap - ok 19:20:29.0312 4640 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 19:20:29.0328 4640 avast! Antivirus - ok 19:20:29.0359 4640 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:20:29.0437 4640 AxInstSV - ok 19:20:29.0468 4640 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 19:20:29.0531 4640 b06bdrv - ok 19:20:29.0562 4640 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 19:20:29.0593 4640 b57nd60a - ok 19:20:29.0656 4640 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 19:20:29.0703 4640 BDESVC - ok 19:20:29.0718 4640 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 19:20:29.0765 4640 Beep - ok 19:20:29.0859 4640 [ B62ABDC39B36184B6B8B9E71A8685F52 ] BEHRINGER_2902 C:\Windows\system32\Drivers\BUSB2902.sys 19:20:29.0890 4640 BEHRINGER_2902 - ok 19:20:29.0937 4640 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 19:20:30.0000 4640 BFE - ok 19:20:30.0140 4640 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 19:20:30.0203 4640 BITS - ok 19:20:30.0234 4640 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 19:20:30.0281 4640 blbdrive - ok 19:20:30.0390 4640 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 19:20:30.0421 4640 Bonjour Service - ok 19:20:30.0453 4640 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:20:30.0468 4640 bowser - ok 19:20:30.0500 4640 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:20:30.0562 4640 BrFiltLo - ok 19:20:30.0578 4640 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:20:30.0593 4640 BrFiltUp - ok 19:20:30.0609 4640 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 19:20:30.0656 4640 Browser - ok 19:20:30.0687 4640 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 19:20:30.0750 4640 Brserid - ok 19:20:30.0765 4640 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 19:20:30.0812 4640 BrSerWdm - ok 19:20:30.0843 4640 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 19:20:30.0875 4640 BrUsbMdm - ok 19:20:30.0890 4640 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 19:20:30.0921 4640 BrUsbSer - ok 19:20:30.0953 4640 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 19:20:31.0015 4640 BthEnum - ok 19:20:31.0046 4640 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 19:20:31.0078 4640 BTHMODEM - ok 19:20:31.0125 4640 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 19:20:31.0156 4640 BthPan - ok 19:20:31.0187 4640 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 19:20:31.0234 4640 BTHPORT - ok 19:20:31.0265 4640 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 19:20:31.0312 4640 bthserv - ok 19:20:31.0359 4640 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 19:20:31.0406 4640 BTHUSB - ok 19:20:31.0453 4640 [ AEC85FF9A00DD9EE7605AFC66949F228 ] BUSB_AUDIO_WDM C:\Windows\system32\drivers\busbwdm.sys 19:20:31.0453 4640 BUSB_AUDIO_WDM - ok 19:20:31.0500 4640 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:20:31.0562 4640 cdfs - ok 19:20:31.0609 4640 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:20:31.0640 4640 cdrom - ok 19:20:31.0671 4640 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 19:20:31.0718 4640 CertPropSvc - ok 19:20:31.0765 4640 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 19:20:31.0812 4640 circlass - ok 19:20:31.0875 4640 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 19:20:31.0906 4640 CLFS - ok 19:20:31.0968 4640 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:20:31.0984 4640 clr_optimization_v2.0.50727_32 - ok 19:20:32.0015 4640 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:20:32.0031 4640 clr_optimization_v2.0.50727_64 - ok 19:20:32.0078 4640 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:20:32.0171 4640 clr_optimization_v4.0.30319_32 - ok 19:20:32.0203 4640 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:20:32.0218 4640 clr_optimization_v4.0.30319_64 - ok 19:20:32.0250 4640 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:20:32.0281 4640 CmBatt - ok 19:20:32.0296 4640 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:20:32.0312 4640 cmdide - ok 19:20:32.0406 4640 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 19:20:32.0484 4640 CNG - ok 19:20:32.0515 4640 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:20:32.0531 4640 Compbatt - ok 19:20:32.0546 4640 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 19:20:32.0578 4640 CompositeBus - ok 19:20:32.0593 4640 COMSysApp - ok 19:20:32.0609 4640 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 19:20:32.0625 4640 crcdisk - ok 19:20:32.0656 4640 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:20:32.0703 4640 CryptSvc - ok 19:20:32.0734 4640 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 19:20:32.0796 4640 CSC - ok 19:20:32.0828 4640 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 19:20:32.0890 4640 CscService - ok 19:20:32.0937 4640 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:20:33.0000 4640 DcomLaunch - ok 19:20:33.0046 4640 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 19:20:33.0109 4640 defragsvc - ok 19:20:33.0156 4640 [ 71D9CCEE8A3A70BBCE3E76B7B06A4784 ] DELTAII C:\Windows\system32\DRIVERS\MAudioDelta.sys 19:20:33.0171 4640 DELTAII - ok 19:20:33.0218 4640 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:20:33.0265 4640 DfsC - ok 19:20:33.0296 4640 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 19:20:33.0343 4640 Dhcp - ok 19:20:33.0359 4640 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 19:20:33.0406 4640 discache - ok 19:20:33.0437 4640 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 19:20:33.0453 4640 Disk - ok 19:20:33.0468 4640 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:20:33.0531 4640 Dnscache - ok 19:20:33.0562 4640 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 19:20:33.0625 4640 dot3svc - ok 19:20:33.0671 4640 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 19:20:33.0718 4640 DPS - ok 19:20:33.0750 4640 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:20:33.0781 4640 drmkaud - ok 19:20:33.0828 4640 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:20:33.0859 4640 DXGKrnl - ok 19:20:33.0875 4640 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 19:20:33.0921 4640 EapHost - ok 19:20:34.0109 4640 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 19:20:34.0250 4640 ebdrv - ok 19:20:34.0265 4640 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 19:20:34.0328 4640 EFS - ok 19:20:34.0484 4640 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:20:34.0562 4640 ehRecvr - ok 19:20:34.0578 4640 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 19:20:34.0625 4640 ehSched - ok 19:20:34.0671 4640 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 19:20:34.0687 4640 elxstor - ok 19:20:34.0750 4640 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe 19:20:34.0765 4640 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning 19:20:34.0765 4640 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1) 19:20:34.0828 4640 [ 7C5BFAAC8DCE7292B0C04EBF892E71F9 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE 19:20:34.0859 4640 EPSON_EB_RPCV4_04 ( UnsignedFile.Multi.Generic ) - warning 19:20:34.0859 4640 EPSON_EB_RPCV4_04 - detected UnsignedFile.Multi.Generic (1) 19:20:34.0890 4640 [ 194E8100D57FC13BEF88129BAAD07E46 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE 19:20:34.0906 4640 EPSON_PM_RPCV4_04 - ok 19:20:34.0937 4640 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:20:34.0953 4640 ErrDev - ok 19:20:35.0000 4640 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 19:20:35.0046 4640 EventSystem - ok 19:20:35.0078 4640 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 19:20:35.0156 4640 exfat - ok 19:20:35.0187 4640 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:20:35.0234 4640 fastfat - ok 19:20:35.0281 4640 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 19:20:35.0312 4640 Fax - ok 19:20:35.0328 4640 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:20:35.0359 4640 fdc - ok 19:20:35.0390 4640 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 19:20:35.0421 4640 fdPHost - ok 19:20:35.0437 4640 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 19:20:35.0500 4640 FDResPub - ok 19:20:35.0531 4640 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:20:35.0546 4640 FileInfo - ok 19:20:35.0562 4640 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:20:35.0609 4640 Filetrace - ok 19:20:35.0609 4640 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:20:35.0625 4640 flpydisk - ok 19:20:35.0671 4640 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:20:35.0687 4640 FltMgr - ok 19:20:35.0812 4640 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 19:20:35.0906 4640 FontCache - ok 19:20:35.0968 4640 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:20:35.0968 4640 FontCache3.0.0.0 - ok 19:20:36.0031 4640 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:20:36.0046 4640 FsDepends - ok 19:20:36.0062 4640 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:20:36.0078 4640 Fs_Rec - ok 19:20:36.0109 4640 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:20:36.0125 4640 fvevol - ok 19:20:36.0156 4640 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 19:20:36.0171 4640 gagp30kx - ok 19:20:36.0187 4640 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 19:20:36.0203 4640 GEARAspiWDM - ok 19:20:36.0250 4640 [ 14908F4F9005C29DE8F5587E271390EE ] gfibto C:\Windows\system32\drivers\gfibto.sys 19:20:36.0265 4640 gfibto - ok 19:20:36.0296 4640 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 19:20:36.0359 4640 gpsvc - ok 19:20:36.0406 4640 [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys 19:20:36.0421 4640 grmnusb - ok 19:20:36.0484 4640 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:20:36.0500 4640 gupdate - ok 19:20:36.0515 4640 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:20:36.0515 4640 gupdatem - ok 19:20:36.0562 4640 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 19:20:36.0640 4640 hcw85cir - ok 19:20:36.0703 4640 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:20:36.0750 4640 HdAudAddService - ok 19:20:36.0781 4640 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 19:20:36.0796 4640 HDAudBus - ok 19:20:36.0812 4640 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 19:20:36.0828 4640 HidBatt - ok 19:20:36.0843 4640 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 19:20:36.0875 4640 HidBth - ok 19:20:36.0890 4640 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 19:20:36.0921 4640 HidIr - ok 19:20:36.0953 4640 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 19:20:37.0015 4640 hidserv - ok 19:20:37.0078 4640 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:20:37.0109 4640 HidUsb - ok 19:20:37.0140 4640 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:20:37.0187 4640 hkmsvc - ok 19:20:37.0234 4640 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:20:37.0312 4640 HomeGroupListener - ok 19:20:37.0343 4640 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:20:37.0359 4640 HomeGroupProvider - ok 19:20:37.0390 4640 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:20:37.0406 4640 HpSAMD - ok 19:20:37.0453 4640 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:20:37.0515 4640 HTTP - ok 19:20:37.0546 4640 HWiNFO32 - ok 19:20:37.0562 4640 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:20:37.0578 4640 hwpolicy - ok 19:20:37.0609 4640 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 19:20:37.0625 4640 i8042prt - ok 19:20:37.0656 4640 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:20:37.0671 4640 iaStorV - ok 19:20:37.0906 4640 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:20:37.0968 4640 idsvc - ok 19:20:38.0000 4640 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 19:20:38.0015 4640 iirsp - ok 19:20:38.0078 4640 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 19:20:38.0140 4640 IKEEXT - ok 19:20:38.0187 4640 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 19:20:38.0203 4640 intelide - ok 19:20:38.0234 4640 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:20:38.0265 4640 intelppm - ok 19:20:38.0296 4640 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:20:38.0328 4640 IPBusEnum - ok 19:20:38.0359 4640 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:20:38.0406 4640 IpFilterDriver - ok 19:20:38.0437 4640 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:20:38.0484 4640 iphlpsvc - ok 19:20:38.0500 4640 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 19:20:38.0515 4640 IPMIDRV - ok 19:20:38.0546 4640 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:20:38.0609 4640 IPNAT - ok 19:20:38.0671 4640 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 19:20:38.0703 4640 iPod Service - ok 19:20:38.0718 4640 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:20:38.0765 4640 IRENUM - ok 19:20:38.0781 4640 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:20:38.0796 4640 isapnp - ok 19:20:38.0875 4640 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 19:20:38.0921 4640 iScsiPrt - ok 19:20:38.0953 4640 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:20:38.0968 4640 kbdclass - ok 19:20:38.0984 4640 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 19:20:39.0015 4640 kbdhid - ok 19:20:39.0031 4640 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 19:20:39.0046 4640 KeyIso - ok 19:20:39.0078 4640 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:20:39.0093 4640 KSecDD - ok 19:20:39.0125 4640 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:20:39.0140 4640 KSecPkg - ok 19:20:39.0171 4640 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 19:20:39.0234 4640 ksthunk - ok 19:20:39.0281 4640 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 19:20:39.0312 4640 KtmRm - ok 19:20:39.0343 4640 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 19:20:39.0406 4640 LanmanServer - ok 19:20:39.0437 4640 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:20:39.0484 4640 LanmanWorkstation - ok 19:20:39.0546 4640 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 19:20:39.0562 4640 LBTServ - ok 19:20:39.0578 4640 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 19:20:39.0593 4640 LHidFilt - ok 19:20:39.0609 4640 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:20:39.0671 4640 lltdio - ok 19:20:39.0750 4640 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:20:39.0812 4640 lltdsvc - ok 19:20:39.0828 4640 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:20:39.0890 4640 lmhosts - ok 19:20:39.0921 4640 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 19:20:39.0937 4640 LMouFilt - ok 19:20:39.0953 4640 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 19:20:39.0968 4640 LSI_FC - ok 19:20:39.0984 4640 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 19:20:40.0000 4640 LSI_SAS - ok 19:20:40.0015 4640 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:20:40.0031 4640 LSI_SAS2 - ok 19:20:40.0046 4640 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:20:40.0062 4640 LSI_SCSI - ok 19:20:40.0078 4640 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 19:20:40.0125 4640 luafv - ok 19:20:40.0171 4640 [ B8BE35421B9E8DC1AB4B0CB7B9B0328B ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 19:20:40.0187 4640 LUsbFilt - ok 19:20:40.0203 4640 [ 02468F76924066505465352E2849EF97 ] MADFUCONECTIV C:\Windows\system32\DRIVERS\MAudioConectiv_DFU.sys 19:20:40.0218 4640 MADFUCONECTIV - ok 19:20:40.0234 4640 [ F0DCD0FD9D79668E34A660F49C8C00BC ] MADFULEGACYKEYBOARD C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys 19:20:40.0250 4640 MADFULEGACYKEYBOARD - ok 19:20:40.0281 4640 [ D33E2B74CF8B3A652BF0A9FBD068E87A ] ManyCam C:\Windows\system32\DRIVERS\ManyCam_x64.sys 19:20:40.0328 4640 ManyCam - ok 19:20:40.0390 4640 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys 19:20:40.0421 4640 MarvinBus ( UnsignedFile.Multi.Generic ) - warning 19:20:40.0421 4640 MarvinBus - detected UnsignedFile.Multi.Generic (1) 19:20:40.0468 4640 [ 4B2DCA111EA26EE2248E212F52562A14 ] MAUSBCONECTIV C:\Windows\system32\DRIVERS\MAudioConectiv.sys 19:20:40.0484 4640 MAUSBCONECTIV - ok 19:20:40.0515 4640 [ FAEDBEE189A877E302B023BD24FAEBF8 ] MAUSBLEGACYKEYBOARD C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys 19:20:40.0515 4640 MAUSBLEGACYKEYBOARD - ok 19:20:40.0546 4640 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:20:40.0578 4640 Mcx2Svc - ok 19:20:40.0609 4640 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 19:20:40.0625 4640 megasas - ok 19:20:40.0640 4640 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 19:20:40.0656 4640 MegaSR - ok 19:20:40.0671 4640 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 19:20:40.0703 4640 MMCSS - ok 19:20:40.0718 4640 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 19:20:40.0781 4640 Modem - ok 19:20:40.0812 4640 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:20:40.0843 4640 monitor - ok 19:20:40.0875 4640 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:20:40.0890 4640 mouclass - ok 19:20:40.0921 4640 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:20:40.0953 4640 mouhid - ok 19:20:40.0984 4640 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:20:41.0000 4640 mountmgr - ok 19:20:41.0046 4640 [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 19:20:41.0062 4640 MozillaMaintenance - ok 19:20:41.0093 4640 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 19:20:41.0125 4640 mpio - ok 19:20:41.0140 4640 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:20:41.0187 4640 mpsdrv - ok 19:20:41.0265 4640 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:20:41.0328 4640 MpsSvc - ok 19:20:41.0359 4640 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:20:41.0421 4640 MRxDAV - ok 19:20:41.0437 4640 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:20:41.0484 4640 mrxsmb - ok 19:20:41.0515 4640 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:20:41.0546 4640 mrxsmb10 - ok 19:20:41.0562 4640 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:20:41.0562 4640 mrxsmb20 - ok 19:20:41.0609 4640 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 19:20:41.0640 4640 msahci - ok 19:20:41.0656 4640 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:20:41.0671 4640 msdsm - ok 19:20:41.0718 4640 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 19:20:41.0765 4640 MSDTC - ok 19:20:41.0828 4640 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:20:41.0843 4640 Msfs - ok 19:20:41.0875 4640 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:20:41.0921 4640 mshidkmdf - ok 19:20:41.0953 4640 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:20:41.0984 4640 msisadrv - ok 19:20:42.0015 4640 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:20:42.0062 4640 MSiSCSI - ok 19:20:42.0078 4640 msiserver - ok 19:20:42.0109 4640 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:20:42.0156 4640 MSKSSRV - ok 19:20:42.0171 4640 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:20:42.0218 4640 MSPCLOCK - ok 19:20:42.0250 4640 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:20:42.0296 4640 MSPQM - ok 19:20:42.0375 4640 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:20:42.0406 4640 MsRPC - ok 19:20:42.0437 4640 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 19:20:42.0437 4640 mssmbios - ok 19:20:42.0468 4640 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:20:42.0515 4640 MSTEE - ok 19:20:42.0531 4640 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 19:20:42.0562 4640 MTConfig - ok 19:20:42.0593 4640 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 19:20:42.0609 4640 Mup - ok 19:20:42.0687 4640 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 19:20:42.0765 4640 napagent - ok 19:20:42.0796 4640 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:20:42.0828 4640 NativeWifiP - ok 19:20:42.0921 4640 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:20:42.0953 4640 NDIS - ok 19:20:42.0968 4640 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:20:43.0015 4640 NdisCap - ok 19:20:43.0046 4640 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:20:43.0078 4640 NdisTapi - ok 19:20:43.0125 4640 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:20:43.0156 4640 Ndisuio - ok 19:20:43.0187 4640 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:20:43.0250 4640 NdisWan - ok 19:20:43.0281 4640 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:20:43.0328 4640 NDProxy - ok 19:20:43.0375 4640 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:20:43.0421 4640 NetBIOS - ok 19:20:43.0468 4640 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:20:43.0500 4640 NetBT - ok 19:20:43.0515 4640 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 19:20:43.0531 4640 Netlogon - ok 19:20:43.0562 4640 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 19:20:43.0609 4640 Netman - ok 19:20:43.0640 4640 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:20:43.0671 4640 NetMsmqActivator - ok 19:20:43.0687 4640 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:20:43.0687 4640 NetPipeActivator - ok 19:20:43.0734 4640 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 19:20:43.0796 4640 netprofm - ok 19:20:43.0812 4640 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:20:43.0828 4640 NetTcpActivator - ok 19:20:43.0828 4640 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 19:20:43.0843 4640 NetTcpPortSharing - ok 19:20:43.0875 4640 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 19:20:43.0890 4640 nfrd960 - ok 19:20:44.0765 4640 [ FDCFE6C98FCD64AA6D8411F44FAA2C29 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe 19:20:44.0937 4640 NIHardwareService ( UnsignedFile.Multi.Generic ) - warning 19:20:44.0937 4640 NIHardwareService - detected UnsignedFile.Multi.Generic (1) 19:20:44.0968 4640 [ 0ECAAFE210CD89D14992A53300FEBF45 ] NIWinCDEmu C:\Windows\system32\DRIVERS\NIWinCDEmu.sys 19:20:44.0968 4640 NIWinCDEmu - ok 19:20:45.0000 4640 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 19:20:45.0031 4640 NlaSvc - ok 19:20:45.0062 4640 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:20:45.0093 4640 Npfs - ok 19:20:45.0125 4640 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 19:20:45.0171 4640 nsi - ok 19:20:45.0187 4640 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:20:45.0234 4640 nsiproxy - ok 19:20:45.0296 4640 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:20:45.0375 4640 Ntfs - ok 19:20:45.0406 4640 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 19:20:45.0453 4640 Null - ok 19:20:45.0484 4640 [ 4CB891301E4339F8652A0ED6B1B50EF7 ] NvnUsbAudio C:\Windows\system32\DRIVERS\nvnusbaudio.sys 19:20:45.0500 4640 NvnUsbAudio - ok 19:20:45.0531 4640 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:20:45.0562 4640 nvraid - ok 19:20:45.0578 4640 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:20:45.0593 4640 nvstor - ok 19:20:45.0625 4640 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:20:45.0640 4640 nv_agp - ok 19:20:45.0671 4640 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:20:45.0703 4640 ohci1394 - ok 19:20:45.0734 4640 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:20:45.0781 4640 p2pimsvc - ok 19:20:45.0812 4640 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 19:20:45.0828 4640 p2psvc - ok 19:20:45.0953 4640 [ 05E4E87619D25370EEA0D368B58AA1F0 ] PaceLicenseDServices C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe 19:20:46.0062 4640 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - warning 19:20:46.0062 4640 PaceLicenseDServices - detected UnsignedFile.Multi.Generic (1) 19:20:46.0093 4640 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 19:20:46.0109 4640 Parport - ok 19:20:46.0125 4640 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:20:46.0140 4640 partmgr - ok 19:20:46.0171 4640 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:20:46.0218 4640 PcaSvc - ok 19:20:46.0250 4640 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 19:20:46.0265 4640 pci - ok 19:20:46.0281 4640 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 19:20:46.0296 4640 pciide - ok 19:20:46.0312 4640 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 19:20:46.0343 4640 pcmcia - ok 19:20:46.0359 4640 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 19:20:46.0359 4640 pcw - ok 19:20:46.0390 4640 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:20:46.0453 4640 PEAUTH - ok 19:20:46.0546 4640 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 19:20:46.0656 4640 PeerDistSvc - ok 19:20:46.0812 4640 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 19:20:46.0859 4640 PerfHost - ok 19:20:46.0937 4640 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 19:20:47.0046 4640 pla - ok 19:20:47.0093 4640 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:20:47.0171 4640 PlugPlay - ok 19:20:47.0265 4640 [ CBCEC2C45E7D672EC6E46CBFF23BDF8E ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe 19:20:47.0312 4640 PMBDeviceInfoProvider - ok 19:20:47.0343 4640 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:20:47.0359 4640 PNRPAutoReg - ok 19:20:47.0375 4640 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:20:47.0390 4640 PNRPsvc - ok 19:20:47.0515 4640 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:20:47.0593 4640 PolicyAgent - ok 19:20:47.0687 4640 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 19:20:47.0765 4640 Power - ok 19:20:47.0859 4640 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:20:47.0968 4640 PptpMiniport - ok 19:20:47.0984 4640 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 19:20:48.0109 4640 Processor - ok 19:20:48.0250 4640 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 19:20:48.0406 4640 ProfSvc - ok 19:20:48.0453 4640 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:20:48.0468 4640 ProtectedStorage - ok 19:20:48.0609 4640 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:20:48.0718 4640 Psched - ok 19:20:48.0859 4640 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 19:20:48.0906 4640 PxHlpa64 - ok 19:20:49.0343 4640 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 19:20:49.0515 4640 ql2300 - ok 19:20:49.0531 4640 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 19:20:49.0593 4640 ql40xx - ok 19:20:49.0687 4640 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 19:20:49.0718 4640 QWAVE - ok 19:20:49.0781 4640 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:20:49.0828 4640 QWAVEdrv - ok 19:20:49.0859 4640 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:20:49.0921 4640 RasAcd - ok 19:20:49.0984 4640 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 19:20:50.0031 4640 RasAgileVpn - ok 19:20:50.0093 4640 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 19:20:50.0125 4640 RasAuto - ok 19:20:50.0203 4640 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:20:50.0265 4640 Rasl2tp - ok 19:20:50.0312 4640 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 19:20:50.0375 4640 RasMan - ok 19:20:50.0406 4640 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:20:50.0453 4640 RasPppoe - ok 19:20:50.0484 4640 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:20:50.0531 4640 RasSstp - ok 19:20:50.0578 4640 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:20:50.0656 4640 rdbss - ok 19:20:50.0671 4640 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 19:20:50.0750 4640 rdpbus - ok 19:20:50.0765 4640 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:20:50.0828 4640 RDPCDD - ok 19:20:50.0875 4640 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 19:20:50.0921 4640 RDPDR - ok 19:20:50.0937 4640 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:20:50.0984 4640 RDPENCDD - ok 19:20:51.0031 4640 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 19:20:51.0078 4640 RDPREFMP - ok 19:20:51.0125 4640 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 19:20:51.0171 4640 RdpVideoMiniport - ok 19:20:51.0218 4640 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:20:51.0281 4640 RDPWD - ok 19:20:51.0312 4640 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:20:51.0328 4640 rdyboost - ok 19:20:51.0343 4640 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:20:51.0406 4640 RemoteAccess - ok 19:20:51.0468 4640 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:20:51.0562 4640 RemoteRegistry - ok 19:20:51.0593 4640 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 19:20:51.0625 4640 RFCOMM - ok 19:20:51.0671 4640 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:20:51.0718 4640 RpcEptMapper - ok 19:20:51.0765 4640 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 19:20:51.0828 4640 RpcLocator - ok 19:20:51.0890 4640 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 19:20:51.0937 4640 RpcSs - ok 19:20:51.0968 4640 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:20:52.0000 4640 rspndr - ok 19:20:52.0031 4640 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 19:20:52.0093 4640 RTL8167 - ok 19:20:52.0109 4640 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 19:20:52.0156 4640 s3cap - ok 19:20:52.0156 4640 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 19:20:52.0171 4640 SamSs - ok 19:20:52.0187 4640 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:20:52.0203 4640 sbp2port - ok 19:20:52.0234 4640 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:20:52.0281 4640 SCardSvr - ok 19:20:52.0296 4640 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:20:52.0343 4640 scfilter - ok 19:20:52.0531 4640 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 19:20:52.0625 4640 Schedule - ok 19:20:52.0671 4640 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 19:20:52.0687 4640 SCPolicySvc - ok 19:20:52.0750 4640 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:20:52.0812 4640 SDRSVC - ok 19:20:52.0906 4640 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe 19:20:52.0937 4640 SDScannerService - ok 19:20:52.0984 4640 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe 19:20:53.0000 4640 SDUpdateService - ok 19:20:53.0015 4640 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe 19:20:53.0031 4640 SDWSCService - ok 19:20:53.0046 4640 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 19:20:53.0093 4640 seclogon - ok 19:20:53.0125 4640 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 19:20:53.0187 4640 SENS - ok 19:20:53.0203 4640 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 19:20:53.0281 4640 SensrSvc - ok 19:20:53.0296 4640 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 19:20:53.0343 4640 Serenum - ok 19:20:53.0375 4640 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 19:20:53.0406 4640 Serial - ok 19:20:53.0437 4640 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 19:20:53.0453 4640 sermouse - ok 19:20:53.0500 4640 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 19:20:53.0546 4640 SessionEnv - ok 19:20:53.0578 4640 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:20:53.0609 4640 sffdisk - ok 19:20:53.0625 4640 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:20:53.0656 4640 sffp_mmc - ok 19:20:53.0687 4640 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:20:53.0703 4640 sffp_sd - ok 19:20:53.0734 4640 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 19:20:53.0750 4640 sfloppy - ok 19:20:53.0812 4640 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:20:53.0859 4640 SharedAccess - ok 19:20:53.0890 4640 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:20:53.0953 4640 ShellHWDetection - ok 19:20:53.0984 4640 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:20:54.0000 4640 SiSRaid2 - ok 19:20:54.0015 4640 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 19:20:54.0031 4640 SiSRaid4 - ok 19:20:54.0062 4640 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:20:54.0109 4640 Smb - ok 19:20:54.0140 4640 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:20:54.0187 4640 SNMPTRAP - ok 19:20:54.0203 4640 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 19:20:54.0218 4640 spldr - ok 19:20:54.0250 4640 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 19:20:54.0296 4640 Spooler - ok 19:20:54.0437 4640 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 19:20:54.0593 4640 sppsvc - ok 19:20:54.0625 4640 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 19:20:54.0671 4640 sppuinotify - ok 19:20:54.0750 4640 [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd C:\Windows\system32\Drivers\sptd.sys 19:20:54.0750 4640 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34F974F8B3C86DE03A30DCBE79091C97 19:20:54.0750 4640 sptd ( LockedFile.Multi.Generic ) - warning 19:20:54.0750 4640 sptd - detected LockedFile.Multi.Generic (1) 19:20:54.0781 4640 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 19:20:54.0828 4640 srv - ok 19:20:54.0843 4640 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:20:54.0875 4640 srv2 - ok 19:20:54.0875 4640 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:20:54.0906 4640 srvnet - ok 19:20:54.0968 4640 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys 19:20:55.0015 4640 ssadbus - ok 19:20:55.0046 4640 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys 19:20:55.0078 4640 ssadmdfl - ok 19:20:55.0093 4640 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys 19:20:55.0109 4640 ssadmdm - ok 19:20:55.0125 4640 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys 19:20:55.0171 4640 ssadserd - ok 19:20:55.0203 4640 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:20:55.0250 4640 SSDPSRV - ok 19:20:55.0265 4640 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:20:55.0296 4640 SstpSvc - ok 19:20:55.0328 4640 Steam Client Service - ok 19:20:55.0359 4640 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 19:20:55.0375 4640 stexstor - ok 19:20:55.0421 4640 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 19:20:55.0468 4640 stisvc - ok 19:20:55.0515 4640 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 19:20:55.0531 4640 storflt - ok 19:20:55.0546 4640 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 19:20:55.0609 4640 StorSvc - ok 19:20:55.0640 4640 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 19:20:55.0656 4640 storvsc - ok 19:20:55.0671 4640 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 19:20:55.0687 4640 swenum - ok 19:20:55.0781 4640 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 19:20:55.0796 4640 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 19:20:55.0796 4640 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 19:20:55.0828 4640 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 19:20:55.0890 4640 swprv - ok 19:20:55.0984 4640 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 19:20:56.0078 4640 SysMain - ok 19:20:56.0109 4640 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:20:56.0125 4640 TabletInputService - ok 19:20:56.0171 4640 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 19:20:56.0218 4640 TapiSrv - ok 19:20:56.0265 4640 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 19:20:56.0296 4640 TBS - ok 19:20:56.0375 4640 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:20:56.0468 4640 Tcpip - ok 19:20:56.0578 4640 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:20:56.0609 4640 TCPIP6 - ok 19:20:56.0625 4640 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:20:56.0656 4640 tcpipreg - ok 19:20:56.0687 4640 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:20:56.0750 4640 TDPIPE - ok 19:20:56.0765 4640 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:20:56.0796 4640 TDTCP - ok 19:20:56.0859 4640 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:20:56.0921 4640 tdx - ok 19:20:56.0984 4640 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 19:20:56.0984 4640 TermDD - ok 19:20:57.0125 4640 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 19:20:57.0187 4640 TermService - ok 19:20:57.0218 4640 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 19:20:57.0234 4640 Themes - ok 19:20:57.0250 4640 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 19:20:57.0281 4640 THREADORDER - ok 19:20:57.0312 4640 [ BD672184765A3E3EE117105632472920 ] Tpkd C:\Windows\system32\drivers\Tpkd.sys 19:20:57.0312 4640 Tpkd - ok 19:20:57.0359 4640 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 19:20:57.0406 4640 TrkWks - ok 19:20:57.0484 4640 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:20:57.0531 4640 TrustedInstaller - ok 19:20:57.0546 4640 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:20:57.0593 4640 tssecsrv - ok 19:20:57.0640 4640 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:20:57.0687 4640 TsUsbFlt - ok 19:20:57.0812 4640 [ 6AD9517C083D88BDE53DC9F5EAD8A0D9 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe 19:20:57.0890 4640 TuneUp.UtilitiesSvc - ok 19:20:57.0906 4640 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys 19:20:57.0921 4640 TuneUpUtilitiesDrv - ok 19:20:57.0937 4640 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:20:57.0984 4640 tunnel - ok 19:20:58.0015 4640 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 19:20:58.0046 4640 uagp35 - ok 19:20:58.0062 4640 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:20:58.0109 4640 udfs - ok 19:20:58.0156 4640 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:20:58.0187 4640 UI0Detect - ok 19:20:58.0234 4640 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:20:58.0250 4640 uliagpkx - ok 19:20:58.0265 4640 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 19:20:58.0296 4640 umbus - ok 19:20:58.0328 4640 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 19:20:58.0359 4640 UmPass - ok 19:20:58.0421 4640 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 19:20:58.0468 4640 UmRdpService - ok 19:20:58.0500 4640 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 19:20:58.0562 4640 upnphost - ok 19:20:58.0625 4640 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 19:20:58.0640 4640 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning 19:20:58.0640 4640 USBAAPL64 - detected UnsignedFile.Multi.Generic (1) 19:20:58.0671 4640 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 19:20:58.0703 4640 usbaudio - ok 19:20:58.0750 4640 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:20:58.0781 4640 usbccgp - ok 19:20:58.0796 4640 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:20:58.0812 4640 usbcir - ok 19:20:58.0843 4640 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 19:20:58.0875 4640 usbehci - ok 19:20:58.0906 4640 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:20:58.0953 4640 usbhub - ok 19:20:58.0984 4640 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 19:20:59.0015 4640 usbohci - ok 19:20:59.0031 4640 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:20:59.0062 4640 usbprint - ok 19:20:59.0093 4640 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 19:20:59.0125 4640 usbscan - ok 19:20:59.0156 4640 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:20:59.0203 4640 USBSTOR - ok 19:20:59.0218 4640 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 19:20:59.0250 4640 usbuhci - ok 19:20:59.0296 4640 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 19:20:59.0312 4640 usbvideo - ok 19:20:59.0343 4640 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 19:20:59.0390 4640 UxSms - ok 19:20:59.0437 4640 [ 69AF1428FE0E790F31CC2F10483B40C9 ] UxTuneUp C:\Windows\System32\uxtuneup.dll 19:20:59.0453 4640 UxTuneUp - ok 19:20:59.0468 4640 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 19:20:59.0468 4640 VaultSvc - ok 19:20:59.0500 4640 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:20:59.0515 4640 vdrvroot - ok 19:20:59.0546 4640 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 19:20:59.0609 4640 vds - ok 19:20:59.0656 4640 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:20:59.0656 4640 vga - ok 19:20:59.0687 4640 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 19:20:59.0734 4640 VgaSave - ok 19:20:59.0781 4640 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 19:20:59.0812 4640 vhdmp - ok 19:20:59.0843 4640 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 19:20:59.0843 4640 viaide - ok 19:20:59.0859 4640 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 19:20:59.0875 4640 vmbus - ok 19:20:59.0890 4640 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 19:20:59.0921 4640 VMBusHID - ok 19:20:59.0937 4640 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:20:59.0953 4640 volmgr - ok 19:20:59.0968 4640 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:20:59.0984 4640 volmgrx - ok 19:21:00.0000 4640 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:21:00.0015 4640 volsnap - ok 19:21:00.0046 4640 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 19:21:00.0062 4640 vsmraid - ok 19:21:00.0156 4640 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 19:21:00.0250 4640 VSS - ok 19:21:00.0281 4640 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 19:21:00.0312 4640 vwifibus - ok 19:21:00.0343 4640 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 19:21:00.0390 4640 W32Time - ok 19:21:00.0406 4640 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 19:21:00.0437 4640 WacomPen - ok 19:21:00.0468 4640 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 19:21:00.0515 4640 WANARP - ok 19:21:00.0546 4640 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:21:00.0562 4640 Wanarpv6 - ok 19:21:00.0718 4640 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 19:21:00.0796 4640 wbengine - ok 19:21:00.0828 4640 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:21:00.0843 4640 WbioSrvc - ok 19:21:00.0875 4640 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:21:00.0890 4640 wcncsvc - ok 19:21:00.0906 4640 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:21:00.0937 4640 WcsPlugInService - ok 19:21:00.0953 4640 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 19:21:00.0968 4640 Wd - ok 19:21:01.0031 4640 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:21:01.0062 4640 Wdf01000 - ok 19:21:01.0078 4640 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:21:01.0203 4640 WdiServiceHost - ok 19:21:01.0218 4640 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:21:01.0234 4640 WdiSystemHost - ok 19:21:01.0296 4640 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 19:21:01.0343 4640 WebClient - ok 19:21:01.0406 4640 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:21:01.0468 4640 Wecsvc - ok 19:21:01.0484 4640 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:21:01.0562 4640 wercplsupport - ok 19:21:01.0578 4640 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 19:21:01.0625 4640 WerSvc - ok 19:21:01.0656 4640 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 19:21:01.0687 4640 WfpLwf - ok 19:21:01.0703 4640 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:21:01.0734 4640 WIMMount - ok 19:21:01.0750 4640 WinDefend - ok 19:21:01.0750 4640 WinHttpAutoProxySvc - ok 19:21:01.0890 4640 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:21:01.0968 4640 Winmgmt - ok 19:21:02.0046 4640 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 19:21:02.0156 4640 WinRM - ok 19:21:02.0218 4640 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 19:21:02.0234 4640 WinUsb - ok 19:21:02.0359 4640 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 19:21:02.0406 4640 Wlansvc - ok 19:21:02.0421 4640 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 19:21:02.0453 4640 WmiAcpi - ok 19:21:02.0500 4640 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:21:02.0531 4640 wmiApSrv - ok 19:21:02.0562 4640 WMPNetworkSvc - ok 19:21:02.0609 4640 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:21:02.0671 4640 WPCSvc - ok 19:21:02.0687 4640 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:21:02.0703 4640 WPDBusEnum - ok 19:21:02.0750 4640 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:21:02.0781 4640 ws2ifsl - ok 19:21:02.0812 4640 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 19:21:02.0859 4640 wscsvc - ok 19:21:02.0859 4640 WSearch - ok 19:21:02.0984 4640 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 19:21:03.0109 4640 wuauserv - ok 19:21:03.0140 4640 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:21:03.0187 4640 WudfPf - ok 19:21:03.0203 4640 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:21:03.0234 4640 WUDFRd - ok 19:21:03.0265 4640 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:21:03.0296 4640 wudfsvc - ok 19:21:03.0359 4640 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 19:21:03.0406 4640 WwanSvc - ok 19:21:03.0421 4640 ================ Scan global =============================== 19:21:03.0437 4640 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 19:21:03.0468 4640 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 19:21:03.0484 4640 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 19:21:03.0515 4640 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 19:21:03.0531 4640 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 19:21:03.0546 4640 [Global] - ok 19:21:03.0546 4640 ================ Scan MBR ================================== 19:21:03.0546 4640 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 19:21:03.0765 4640 \Device\Harddisk0\DR0 - ok 19:21:03.0781 4640 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 19:21:04.0046 4640 \Device\Harddisk1\DR1 - ok 19:21:04.0062 4640 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2 19:21:05.0843 4640 \Device\Harddisk2\DR2 - ok 19:21:05.0843 4640 ================ Scan VBR ================================== 19:21:05.0843 4640 [ CAB8B98E489FAF89CB6408B1C09730F1 ] \Device\Harddisk0\DR0\Partition1 19:21:05.0843 4640 \Device\Harddisk0\DR0\Partition1 - ok 19:21:05.0843 4640 [ 36C2A3ACA4ABCB9B4E58A6BCF9A185A6 ] \Device\Harddisk0\DR0\Partition2 19:21:05.0843 4640 \Device\Harddisk0\DR0\Partition2 - ok 19:21:05.0859 4640 [ 75EAB9F3044FB4D11C303AC9DB672F42 ] \Device\Harddisk0\DR0\Partition3 19:21:05.0859 4640 \Device\Harddisk0\DR0\Partition3 - ok 19:21:05.0875 4640 [ EEBA9F8CD9B6F627043AB3E32236D896 ] \Device\Harddisk1\DR1\Partition1 19:21:05.0875 4640 \Device\Harddisk1\DR1\Partition1 - ok 19:21:05.0890 4640 [ 976E47B31F85941F33CB8B8FD754C8CB ] \Device\Harddisk1\DR1\Partition2 19:21:05.0890 4640 \Device\Harddisk1\DR1\Partition2 - ok 19:21:05.0921 4640 [ 17719BC79677E0610196C50B97DC7124 ] \Device\Harddisk1\DR1\Partition3 19:21:05.0921 4640 \Device\Harddisk1\DR1\Partition3 - ok 19:21:05.0937 4640 [ 9995E64CE1BBD17EA0C8EFE6902B1F53 ] \Device\Harddisk2\DR2\Partition1 19:21:05.0984 4640 \Device\Harddisk2\DR2\Partition1 - ok 19:21:06.0015 4640 [ 2D85F0C49393631B33ED1ACDD03D4C0E ] \Device\Harddisk2\DR2\Partition2 19:21:06.0062 4640 \Device\Harddisk2\DR2\Partition2 - ok 19:21:06.0062 4640 ============================================================ 19:21:06.0062 4640 Scan finished 19:21:06.0062 4640 ============================================================ 19:21:06.0234 4632 Detected object count: 9 19:21:06.0234 4632 Actual detected object count: 9 19:36:36.0107 4632 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user 19:36:36.0107 4632 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:36:36.0108 4632 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user 19:36:36.0108 4632 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:36:36.0110 4632 EPSON_EB_RPCV4_04 ( UnsignedFile.Multi.Generic ) - skipped by user 19:36:36.0110 4632 EPSON_EB_RPCV4_04 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:36:36.0111 4632 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user 19:36:36.0112 4632 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:36:36.0113 4632 NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user 19:36:36.0113 4632 NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:36:36.0114 4632 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - skipped by user 19:36:36.0114 4632 PaceLicenseDServices ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:36:36.0115 4632 sptd ( LockedFile.Multi.Generic ) - skipped by user 19:36:36.0115 4632 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 19:36:36.0116 4632 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 19:36:36.0116 4632 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:36:36.0117 4632 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user 19:36:36.0117 4632 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:38:39.0894 4448 Deinitialize success |
|
18.02.2013, 15:30
| #11 |
| /// Malware-holic | vlc trojaner? Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.02.2013, 17:44
| #12 |
| | vlc trojaner? Combofix Logfile: Code:
ATTFilter ComboFix 13-02-18.01 - Sicky Popp 18.02.2013 17:31:06.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8191.6862 [GMT 1:00]
ausgeführt von:: c:\users\Sicky Popp\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\users\Sicky Popp\AppData\Roaming\chrtmp
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-18 bis 2013-02-18 ))))))))))))))))))))))))))))))
.
.
2013-02-18 16:40 . 2013-02-18 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-18 16:38 . 2013-02-18 16:38 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{133C7150-80F5-4E92-9B8B-DCD736B01EA8}\offreg.dll
2013-02-17 18:54 . 2013-02-17 18:54 -------- d-----w- c:\program files (x86)\Free Video Converter
2013-02-17 18:54 . 2013-02-17 18:54 -------- d-----w- c:\users\Sicky Popp\AppData\Roaming\FreeVideoConverter
2013-02-17 00:53 . 2013-02-17 00:58 -------- d-----w- c:\programdata\Search Protection
2013-02-17 00:52 . 2013-02-17 00:52 -------- d-----w- c:\programdata\Downloaded Installations
2013-02-17 00:51 . 2013-02-17 00:51 -------- d-----w- c:\users\Sicky Popp\AppData\Roaming\LavasoftStatistics
2013-02-17 00:51 . 2013-02-17 00:51 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-02-16 21:24 . 2013-02-16 21:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-02-16 21:24 . 2013-02-16 21:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-02-16 21:24 . 2013-02-16 21:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-02-16 21:24 . 2013-02-16 21:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-02-16 21:24 . 2013-02-16 21:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-02-16 21:24 . 2013-02-16 21:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-02-16 21:24 . 2013-02-16 21:24 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-02-16 21:21 . 2012-07-01 23:15 4102656 ----a-w- c:\windows\SysWow64\x264vfw.dll
2013-02-16 21:21 . 2011-12-07 18:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
2013-02-16 21:21 . 2011-06-24 15:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2013-02-16 21:21 . 2012-06-09 18:21 178688 ----a-w- c:\windows\SysWow64\unrar.dll
2013-02-16 21:21 . 2011-12-21 18:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2013-02-16 21:21 . 2013-02-06 18:00 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2013-02-16 21:21 . 2013-02-16 21:21 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2013-02-15 11:26 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{133C7150-80F5-4E92-9B8B-DCD736B01EA8}\mpengine.dll
2013-02-14 01:05 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 01:05 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 20:13 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 20:13 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 20:13 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 20:13 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 20:13 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-13 20:13 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-13 20:13 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-13 20:13 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-13 20:13 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-13 20:13 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-13 20:13 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 20:13 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 09:59 . 2013-02-13 09:59 -------- d-----w- c:\program files (x86)\Magellan
2013-02-12 23:26 . 2013-02-12 23:26 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2013-02-12 23:26 . 2013-02-12 23:26 -------- d-----w- c:\windows\system32\wbem\en-US
2013-02-12 23:21 . 2013-02-12 23:21 -------- d-----w- c:\program files\Microsoft Silverlight
2013-02-12 23:21 . 2013-02-12 23:21 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-02-12 23:17 . 2012-08-23 15:09 3584 ----a-w- c:\windows\system32\drivers\de-DE\tsusbflt.sys.mui
2013-02-12 23:16 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-02-12 23:16 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-02-12 23:16 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-02-12 23:16 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-02-12 23:16 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-02-12 23:16 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-02-12 23:16 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-02-12 23:15 . 2013-02-12 23:15 -------- d-----w- c:\programdata\ATI
2013-02-12 23:15 . 2013-02-12 23:15 -------- d-----w- c:\program files (x86)\AMD AVT
2013-02-12 23:14 . 2013-02-12 23:14 -------- d-----w- c:\program files (x86)\AMD APP
2013-02-12 22:26 . 2013-02-12 22:26 53248 ----a-r- c:\users\Sicky Popp\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-02-12 22:26 . 2013-02-12 22:26 -------- d-----w- c:\users\Sicky Popp\AppData\Local\Logishrd
2013-02-12 22:25 . 2013-02-12 22:25 -------- d-----w- c:\program files\Logitech
2013-02-10 18:10 . 2013-02-17 00:06 -------- d-----w- c:\programdata\Eisenberg
2013-02-09 05:44 . 2013-02-09 05:48 -------- d-----w- c:\users\Sicky Popp\AppData\Roaming\ImgBurn
2013-02-09 05:39 . 2013-02-09 05:39 -------- d-----w- c:\program files (x86)\ImgBurn
2013-02-09 05:20 . 2013-02-09 05:20 -------- d-----w- c:\programdata\XLN Audio
2013-02-09 05:20 . 2013-02-09 07:12 -------- d-----w- c:\program files (x86)\XLN Audio
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 01:08 . 2011-04-13 14:08 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 22:26 . 2011-04-13 13:41 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-02-08 06:53 . 2012-04-02 19:21 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-08 06:53 . 2011-05-19 09:26 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-17 00:28 . 2011-04-15 09:53 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-15 15:56 . 2012-07-02 08:08 477616 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-15 15:56 . 2011-05-17 01:10 473520 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-04 04:43 . 2013-02-13 20:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-19 20:50 . 2012-12-19 20:50 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll
2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll
2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-12-19 20:09 . 2012-12-19 20:09 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-12-19 20:08 . 2011-03-09 04:55 1151488 ----a-w- c:\windows\system32\aticfx64.dll
2012-12-19 20:06 . 2012-12-19 20:06 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-12-19 19:59 . 2012-09-28 01:31 5087744 ----a-w- c:\windows\system32\atiumd6a.dll
2012-12-19 19:57 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-12-19 19:49 . 2011-03-09 04:40 7370752 ----a-w- c:\windows\system32\atidxx64.dll
2012-12-19 19:44 . 2012-12-19 19:44 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-12-19 19:44 . 2012-09-28 01:25 6786560 ----a-w- c:\windows\system32\atiumd64.dll
2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-12-19 19:33 . 2012-09-28 01:13 619008 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-19 19:31 . 2011-03-09 04:17 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-12-19 19:31 . 2012-12-19 19:31 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-12-19 19:31 . 2012-06-13 01:35 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-12-19 19:30 . 2012-12-19 19:30 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-19 14:45 . 2012-12-19 14:45 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-12-19 14:44 . 2012-12-19 14:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-12-19 14:44 . 2012-12-19 14:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-12-19 14:44 . 2012-12-19 14:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll
2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-12-19 14:34 . 2012-12-19 14:34 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-12-16 17:11 . 2012-12-20 22:50 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-20 22:50 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-20 22:50 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-20 22:50 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-07 13:20 . 2013-01-09 16:58 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 16:58 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 16:58 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 16:58 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 16:58 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 16:58 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 16:58 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 16:58 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 16:58 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 16:58 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 16:58 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 16:58 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 16:58 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 16:58 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 16:58 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 16:58 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 16:58 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 16:58 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 16:58 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 16:58 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 16:58 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 16:58 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 16:58 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 16:58 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 16:58 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 16:58 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 16:58 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 16:58 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 16:58 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 16:58 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 16:58 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 16:58 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 16:58 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 16:58 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 16:58 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 16:58 16384 ----a-w- c:\windows\system32\ntvdm64.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"M-Audio Taskbar Icon"="c:\windows\system32\DeltaIITray.exe" [2012-01-25 237872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"M-Audio Taskbar Icon"=c:\windows\system32\DeltaIITray.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"AMD AVT"=Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files (x86)\AMD AVT\bin\kdbsync.exe" aml
"WD Spindown Utility"="c:\program files (x86)\Western Digital Technologies\Spindown\ExSpinDn.exe"
"PMBVolumeWatcher"=c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
"DivXMediaServer"=c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
.
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;l:\tech_stick_programme\hw64_391_1485\HWiNFO64A.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-10-27 36328]
R3 automap;Automap MIDI Driver;c:\windows\system32\DRIVERS\automap.sys [2011-07-06 19800]
R3 BEHRINGER_2902;usb-audio.de driver for BEHRINGER USB AUDIO;c:\windows\system32\Drivers\BUSB2902.sys [2009-10-30 460864]
R3 BUSB_AUDIO_WDM;BEHRINGER USB WDM AUDIO;c:\windows\system32\drivers\busbwdm.sys [2009-10-30 49728]
R3 MADFUCONECTIV;Service for M-Audio Conectiv DFU;c:\windows\system32\DRIVERS\MAudioConectiv_DFU.sys [2010-03-16 46088]
R3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [2010-02-09 28680]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 MAUSBCONECTIV;Service for M-Audio Conectiv;c:\windows\system32\DRIVERS\MAudioConectiv.sys [2010-03-16 187912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-10-27 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-10-27 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-10-27 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-10-27 146920]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-02-17 14456]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-04-05 503352]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-01-12 168448]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-11-09 151648]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-12-05 5739008]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2010-11-07 2647552]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-11-27 479840]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-19 1974080]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [2012-01-25 339760]
S3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;c:\windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [2010-02-09 196616]
S3 NIWinCDEmu;ISO Mounter driver;c:\windows\system32\DRIVERS\NIWinCDEmu.sys [2012-04-23 111696]
S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2011-02-16 50232]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:53]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-14 12:29]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-14 12:29]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1303213111-1996448718-967368058-1001Core.job
- c:\users\Sicky Popp\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-19 12:16]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1303213111-1996448718-967368058-1001UA.job
- c:\users\Sicky Popp\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-19 12:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=A9DF01CB43AC7EC4704536512029F075
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Sicky Popp\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Sicky Popp\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{9FB232C5-6909-4F81-99B4-BAB4998940F2}
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-SearchProtection - c:\programdata\Search Protection\_run.bat
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-18 17:42:19
ComboFix-quarantined-files.txt 2013-02-18 16:42
.
Vor Suchlauf: 10 Verzeichnis(se), 32.593.330.176 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 32.614.952.960 Bytes frei
.
- - End Of File - - AD1632DECAA71C7B615396B910A39EF4
|
|
18.02.2013, 18:20
| #13 |
| /// Malware-holic | vlc trojaner? Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.02.2013, 21:44
| #14 |
| | vlc trojaner? Malwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.02.18.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sicky Popp :: TOWEROFPOWER [Administrator] 18.02.2013 20:21:40 mbam-log-2013-02-18 (20-21-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 613215 Laufzeit: 1 Stunde(n), 21 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 11 D:\System Volume Information\_restore{F0BB7D97-ACEB-4657-92DC-B064E5399B39}\RP211\A0062593.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt. F:\Musik Content\VstPlugins\Toxic Biohazard\Plugins\Fruity\Generators\Toxic Biohazard\Toxic Biohazard.dll (Trojan.Backdoor) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\System Volume Information\_restore{0960BA56-7E48-4D29-B919-C9F7C9E511F6}\RP37\A0022762.exe (PUP.RiskWareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\System Volume Information\_restore{0960BA56-7E48-4D29-B919-C9F7C9E511F6}\RP37\A0022770.exe (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\System Volume Information\_restore{0960BA56-7E48-4D29-B919-C9F7C9E511F6}\RP5\A0008324.exe (PUP.RiskWareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\System Volume Information\_restore{0960BA56-7E48-4D29-B919-C9F7C9E511F6}\RP5\A0008332.exe (Riskware.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\System Volume Information\_restore{36DBDCE9-BD2A-40B2-83B1-DF2316C32A35}\RP43\A0003886.exe (Rootkit.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\System Volume Information\_restore{36DBDCE9-BD2A-40B2-83B1-DF2316C32A35}\RP43\A0003887.exe (Rootkit.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\System Volume Information\_restore{7F6ACDE0-D563-42EA-9D86-12F991513B41}\RP84\A0043242.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\System Volume Information\_restore{7F6ACDE0-D563-42EA-9D86-12F991513B41}\RP84\A0043246.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. I:\System Volume Information\_restore{C592EB3F-1021-4B98-A5F4-7E1DDFED006B}\RP16\A0008386.exe (Adware.TryMedia) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
18.02.2013, 21:50
| #15 |
| /// Malware-holic | vlc trojaner? Hi, deaktiviere die Systemwiederherstellung: Aktivieren und Deaktivieren der Systemwiederherstellung Warte 5 Min. starte neu, reaktiviere sie wieder. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu vlc trojaner? |
| auflösung, blau, bräuchte, design, fenster, gestern, player, plötzlich, rechner, sache, sachen, schnelle, startfenster, symbole, troja, trojaner, trojaner?, vlc player, vlc.de, win, win 7, überhaupt |
WARNUNG an die MITLESER: 
Linear-Darstellung
