| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fenster werden automatisch inaktivWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.02.2013, 09:51
| #1 |
 |  Fenster werden automatisch inaktiv Hallo, ich habe seit kurz nach meiner Neuinstallation von Windows 7 Prof. das Problem, dass alle Fenster nach einer bestimmten Zeit automatisch inaktiv werden. Das ist vorallem dann nervig, wenn man irgendwelche Texte verfasst, da man dann immer erst wieder ins Fenster klicken muss bevor man weiterschreiben kann. In der Suche habe ich gefunden, dass es schoneinmal ein ähliches Thema gab: http://www.trojaner-board.de/104766-...h-inaktiv.html Jedoch steht dort auch, dass die angebotene Hilfe nur für diejenige Person erstellt wurde und nicht für andere Übertragbar ist. Einen Suchlauf mit Malwarebytes habe ich bereits durchgeführt, jedoch hat er nichts gefunden. Woran könnte es sonst noch liegen? Ich danke euch schonmal im vorraus für eure Hilfe. Hier noch das Log-File: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.20.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 XXX :: XXX-PC [Administrator] 20.02.2013 17:53:08 mbam-log-2013-02-20 (17-53-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 814624 Laufzeit: 1 Stunde(n), 28 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
21.02.2013, 23:49
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Fenster werden automatisch inaktiv Hallo und
__________________ Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
22.02.2013, 17:39
| #3 |
| | Fenster werden automatisch inaktiv Hallo,
__________________danke für deine Antwort. Es handelt sich um einen Privaten Laptop. Ich bin Student und habe mir zum Start von Windows 7 die Professional Version zum Studentenpreis gekauft. (War genauso teuer wie die Home-Version). Hier jetzt die beiden Textfiles von OTL: Code:
ATTFilter OTL logfile created on: 22.02.2013 17:13:13 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\XXX\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 58,34% Memory free 7,80 Gb Paging File | 5,92 Gb Available in Paging File | 75,95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,62 Gb Total Space | 15,19 Gb Free Space | 25,48% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 149,98 Gb Free Space | 32,20% Space Free | Partition Type: NTFS Drive E: | 7,45 Gb Total Space | 6,84 Gb Free Space | 91,81% Space Free | Partition Type: FAT32 Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) PRC - C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Users\XXX\AppData\Local\Smartbar\Application\QuickShare.exe (Smartbar) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - D:\Program Files (x86)\UGS\UGSLicensing\ugslmd.exe () PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\USB Server\Networking USB Server\Networking USB Server.exe () PRC - D:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe (Acresso Software Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () MOD - C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll () MOD - C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\MACTrackBarLib.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll () MOD - C:\Users\XXX\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Program Files (x86)\USB Server\Networking USB Server\Networking USB Server.exe () MOD - C:\Program Files (x86)\USB Server\Networking USB Server\PSMDLL.dll () MOD - C:\Program Files (x86)\USB Server\Networking USB Server\DCPDLL.dll () MOD - C:\Program Files (x86)\USB Server\Networking USB Server\UNTPDLL.dll () MOD - C:\Program Files (x86)\USB Server\Networking USB Server\ESTLogDLL.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (dtsvc) -- C:\Windows\SysNative\DTS.exe () SRV:64bit: - (ADMonitor) -- C:\Windows\SysNative\ADMonitor.exe () SRV:64bit: - (ATService) -- C:\Windows\SysNative\ATService.exe (AuthenTec, Inc.) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SplashtopRemoteService) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.) SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (NPWService) -- C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe () SRV - (CoordinatorServiceHost) -- D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (Remote Solver for Flow Simulation 2012) -- D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (Mentor Graphics Corporation) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (UGS License Server (ugslmd) -- D:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe (Acresso Software Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (NUS_Bus) -- C:\Windows\SysNative\drivers\NUS_Bus.sys (Elite Silicon Technology Inc.) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.) DRV:64bit: - (EST_Server) -- C:\Windows\SysNative\drivers\GenHC.sys ( ) DRV:64bit: - (EST_BusEnum) -- C:\Windows\SysNative\drivers\GenBus.sys ( ) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 12 11 B4 A2 B2 CD 01 [binary data] IE - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Programme\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013.02.02 12:10:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 11:52:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.25 12:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2013.02.14 19:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\52p3ld99.default\extensions [2013.01.30 16:23:56 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\52p3ld99.default\extensions\helperbar@helperbar.com [2012.12.11 18:10:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\52p3ld99.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.14 19:40:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\firefox\profiles\52p3ld99.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.20 11:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.20 11:52:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.20 11:52:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.20 11:52:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.20 11:52:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.20 11:52:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.20 11:52:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.20 11:52:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec) O4:64bit: - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-116213940-2147198843-1770016352-1001..\Run: [Browser Infrastructure Helper] C:\Users\XXX\AppData\Local\Smartbar\Application\QuickShare.exe (Smartbar) O4 - HKU\S-1-5-21-116213940-2147198843-1770016352-1001..\Run: [Networking USB Server] C:\Program Files (x86)\USB Server\Networking USB Server\Networking USB Server.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files (x86)\Generic\Network Printer Wizard\NPWprint.dll (Elite Silicon Technology Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82136C0A-C63B-4089-86B7-98BE6EF9754C}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE22D0F-ADEA-42D7-8D20-3FA6425D1123}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f945a9c8-1ea7-11e2-b39b-001c259abb7e}\Shell - "" = AutoRun O33 - MountPoints2\{f945a9c8-1ea7-11e2-b39b-001c259abb7e}\Shell\AutoRun\command - "" = F:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.20 13:45:22 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Sony Corporation [2013.02.20 13:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home [2013.02.20 13:27:24 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2013.02.20 13:27:24 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2013.02.20 13:27:23 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2013.02.20 13:27:23 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2013.02.20 13:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2013.02.20 13:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2013.02.20 13:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Data Converter [2013.02.20 11:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.19 18:01:08 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\SysNative\rixdicon.dll [2013.02.19 18:01:08 | 000,090,112 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\snymsico.dll [2013.02.19 18:01:08 | 000,067,072 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimmpx64.sys [2013.02.19 18:01:08 | 000,057,856 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rixdpx64.sys [2013.02.19 18:01:08 | 000,054,784 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimspx64.sys [2013.02.16 11:42:06 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2013.02.16 11:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.16 11:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.16 11:41:51 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.16 11:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.16 11:41:44 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Programs [2013.02.15 17:54:22 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\CAM2 Measure 10 [2013.02.15 17:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\FARO Technologies [2013.02.15 17:53:57 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\CAM2 Measure [2013.02.15 17:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FARO [2013.02.15 17:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FARO Shared [2013.02.15 17:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\FARO Shared [2013.02.15 17:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\FARO [2013.02.15 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Downloaded Installations [2013.02.15 17:50:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013.02.15 17:43:28 | 000,071,040 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksdf.sys [2013.02.15 17:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared [2013.02.15 17:43:26 | 003,750,400 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\hasplms.exe [2013.02.15 17:43:26 | 003,750,400 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\aksllmtp.exe [2013.02.15 17:43:25 | 000,130,816 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksfridge.sys [2013.02.15 17:43:23 | 000,318,464 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\hardlock.sys [2013.02.15 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\MAGIX_Guitar_Backing_Maker [2013.02.15 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\MAGIX Downloads [2013.02.15 16:05:41 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\MAGIX [2013.02.15 16:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2013.02.14 22:11:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.14 22:11:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.14 22:11:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.14 22:11:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.14 22:11:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.14 22:11:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.14 22:11:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.14 22:11:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.14 22:11:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.14 22:11:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.14 22:11:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.14 22:11:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.14 22:11:39 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.14 22:11:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.14 22:11:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.14 19:20:59 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.14 19:20:59 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.14 19:20:58 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.14 19:20:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.14 19:20:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.14 19:20:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.14 19:20:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.14 19:20:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.14 19:20:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.14 19:20:50 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.06 10:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop [2013.02.06 10:23:01 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9} [2013.02.04 08:39:16 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2013.02.04 08:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Twixtor 5, After Effects-compatible plugin set [2013.02.04 08:35:30 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REVisionEffects [2013.02.04 08:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REVisionEffects [2013.02.02 17:27:32 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.02.02 12:10:38 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Adobe [2013.02.02 12:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2013.02.02 12:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2013.02.02 11:58:07 | 000,000,000 | ---D | C] -- C:\Users\XXX\Adobe Flash Builder 4 [2013.02.02 11:56:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe [2013.02.02 11:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player [2013.02.02 11:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2013.02.02 11:52:57 | 000,055,280 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys [2013.02.02 11:52:57 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys [2013.02.02 11:52:57 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys [2013.02.02 11:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2013.02.02 11:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2013.02.02 11:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name [2013.02.02 11:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.02.02 11:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.02.02 11:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5 [2013.02.02 11:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.01.30 11:32:47 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Smartbar [2013.01.30 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\My Cheat Tables [2013.01.30 11:32:26 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\OpenCandy [2013.01.30 09:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.01.30 09:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.01.30 09:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2012.12.13 16:20:29 | 000,047,104 | --S- | C] (WexTech Systems, Inc.) -- C:\Users\XXX\ntuser.sys ========== Files - Modified Within 30 Days ========== [2013.02.22 17:13:19 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.22 17:13:19 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.22 17:13:19 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.22 17:13:19 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.22 17:13:19 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.22 17:13:15 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.22 17:13:15 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.22 17:11:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.22 17:06:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.22 17:06:00 | 3139,457,024 | -HS- | M] () -- C:\hiberfil.sys [2013.02.20 13:28:41 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\PlayMemories Home-Hilfe.lnk [2013.02.20 13:28:41 | 000,001,303 | ---- | M] () -- C:\Users\Public\Desktop\PlayMemories Home.lnk [2013.02.20 13:21:37 | 000,002,354 | ---- | M] () -- C:\Users\Public\Desktop\Image Data Converter Ver. 4.lnk [2013.02.19 22:35:47 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.16 15:35:02 | 004,994,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.16 15:31:33 | 001,590,506 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.16 11:41:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.08 13:11:22 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.08 13:11:22 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.05 19:52:21 | 000,000,132 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Adobe PNG Format CS5 Prefs [2013.01.26 10:26:50 | 000,001,051 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ========== Files Created - No Company Name ========== [2013.02.20 13:51:58 | 002,897,913 | ---- | C] () -- C:\Users\XXX\Desktop\Handbook Sony Alpha 57.pdf [2013.02.20 13:28:41 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\PlayMemories Home-Hilfe.lnk [2013.02.20 13:28:41 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk [2013.02.20 13:28:41 | 000,001,303 | ---- | C] () -- C:\Users\Public\Desktop\PlayMemories Home.lnk [2013.02.20 13:21:37 | 000,002,354 | ---- | C] () -- C:\Users\Public\Desktop\Image Data Converter Ver. 4.lnk [2013.02.16 11:41:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.15 17:48:27 | 001,590,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.05 19:48:36 | 000,000,132 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\Adobe PNG Format CS5 Prefs [2013.02.02 11:50:50 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.12.02 15:23:04 | 000,007,605 | ---- | C] () -- C:\Users\XXX\AppData\Local\resmon.resmoncfg [2012.10.28 15:21:06 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.10.28 15:21:05 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.10.27 12:17:31 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Local\Temptable.xml [2012.10.27 12:00:17 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2012.10.25 12:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.10.25 12:28:24 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2012.10.25 12:26:57 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2012.10.25 12:26:57 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2012.10.25 12:26:55 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2012.10.25 12:26:52 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.10.11 14:51:44 | 000,045,568 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.02.2013 17:13:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 58,34% Memory free
7,80 Gb Paging File | 5,92 Gb Available in Paging File | 75,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,62 Gb Total Space | 15,19 Gb Free Space | 25,48% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 149,98 Gb Free Space | 32,20% Space Free | Partition Type: NTFS
Drive E: | 7,45 Gb Total Space | 6,84 Gb Free Space | 91,81% Space Free | Partition Type: FAT32
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-116213940-2147198843-1770016352-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- D:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- D:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B7B144B-7434-4F08-9E05-7F8A69594780}" = rport=445 | protocol=6 | dir=out | app=system |
"{1FC0706E-2BCA-4A2B-BF23-6298FEB4A3B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C702A08-9994-4ECF-9F0C-A48685C7E4A2}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C27CB04-906A-4C88-A33C-8BB8312066F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E2331FE-E635-4845-9915-6C4B7BBFB3F9}" = rport=137 | protocol=17 | dir=out | app=system |
"{59AB1611-4003-4CB0-917A-66D275D66DCF}" = lport=137 | protocol=17 | dir=in | app=system |
"{63A3A89D-EAB9-45F3-8958-F96B04F2CF29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{766B0694-8150-4372-9B29-EB7E8BBB39BE}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B46BFF3-DD19-4800-97E6-FDCA3BCFB7D1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{92F1444D-09AB-4817-AEC3-110C48C44C2A}" = rport=138 | protocol=17 | dir=out | app=system |
"{97D24A08-496C-4E2C-BABD-0AADCFD270E2}" = lport=139 | protocol=6 | dir=in | app=system |
"{A07088F2-4D92-4D48-B5A0-A05915C6BACE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2A98502-C940-47C7-A0B4-4586317DBDF6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A30310CF-53F5-4C6D-A125-445EF734762D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A37BDF22-FD34-413D-A084-F09412CC3F3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A49AC1CC-0636-467A-9F5F-FE1764446BBD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE9E086F-CD6D-443B-958E-A44153BDE676}" = rport=139 | protocol=6 | dir=out | app=system |
"{B6A3986F-3895-4DB7-BCC8-C410888A9F33}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BA096E2A-E65D-4B56-9699-337423363FBB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF03673E-99AF-4D0B-A717-A08B5860F658}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D040CB78-E0C6-4A03-88B5-FD0FE1FE9F00}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D803ABB1-4952-4DEC-80A9-BBD9D184B21B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{D9CB038E-CEAA-4F86-B7DD-653E334DC2F3}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BB1AB8-1C65-46BB-828B-09729F60B8C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09021C51-3DC6-4F9E-95EB-71DF6A199A22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E19A5D3-184F-414B-B8A8-20261689F6E4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1A36516A-12A6-4F56-A98F-41BF600C81B3}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe |
"{1D78FED2-AE03-4982-A439-BF13DBA29E0D}" = protocol=17 | dir=in | app=d:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{1EBA4EF4-6505-4B04-8C68-5C5A9A6CC591}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2278E8C5-FB51-43FA-8C5D-3B369296C716}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{270D3CCB-27C1-4F0F-8D5A-8CBEB1D3237F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{30ADEE46-BEB7-48FB-90DC-96C1264D1702}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34DAEBB2-2374-42D8-A608-7AECEABBD4C5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3D6D5714-AB97-494A-ADB4-B0523154AFDA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{47DC1C61-8500-4859-886E-A1E0D3BA2BEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48C2C648-FAD6-47C1-98E7-4B68A392D156}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4A042569-E1BC-484B-8F65-0988CE8F35B1}" = protocol=17 | dir=in | app=c:\program files (x86)\usb server\networking usb server\networking usb server.exe |
"{4DFFFF5A-A241-44AD-971F-87EE0008212E}" = protocol=6 | dir=out | app=system |
"{4E8AA6C7-FCB6-4704-A54C-F102ADFF514B}" = protocol=6 | dir=in | app=d:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe |
"{501BA514-13B2-461C-9B0B-252567A2E436}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54EF3DF0-5C01-47D9-A134-AED252FA1B57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5647406C-82A2-4D02-B128-A2C9CAAEC2BE}" = protocol=6 | dir=in | app=d:\program files\solidworks corp\solidworks\photoview\photoview360.exe |
"{5776C540-8C85-46FC-9274-A95C3346C888}" = protocol=6 | dir=in | app=d:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{63F41220-A9A7-4ED4-9A5A-DF9E0031F271}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69E78976-18B3-4070-873D-C0D9F0674A85}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{713498CE-D9B7-4F6E-B7FC-2B1BB9CE2252}" = protocol=17 | dir=in | app=d:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe |
"{84458044-0361-4793-9BF7-27488537DB28}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{8EA2F6A6-2C35-4726-AED1-8D1D17FB68B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94F1334C-D4A6-4688-AD1F-75EC1B5ABE0F}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{9A149BA2-7E80-4377-8D94-06F607953238}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C9B3407-6CC6-4575-91DC-7BB1ADF76F4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A28672CB-5B15-41B5-A0DA-E52A41B7C422}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5C6EC92-6F76-4E33-AEE8-B30EE32F0B6D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE0F4F8A-CE36-4E21-A048-2824789594CD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B9D25BB2-7467-4976-AB8F-6756BD9ACF59}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe |
"{C094958D-9D14-40D9-8F13-99F5EA9A195E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C18B2E6B-A757-4877-BD81-5F613261600E}" = protocol=17 | dir=in | app=d:\program files\solidworks corp\solidworks\photoview\photoview360.exe |
"{C939D117-EEDC-482A-8125-CF95783EB072}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe |
"{CC994CA2-29FB-4AC5-AA67-A31E7D6C2AF1}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{CDBAEAA5-EF90-43EB-B05D-34E4B4102E8C}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{DFC755FC-DEEB-42B5-874B-69B77348A660}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E9EF17D2-104B-41EE-B107-4D8F25886B9C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA59C951-5CFA-4043-9C56-55C50BC3149C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F4868C94-3181-4107-972C-AE9BCB455DCC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F9D5B83E-2944-44CA-8C77-4B4E37858B0D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FD43CC32-B0F7-488E-B5F1-534C338C003C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{4D9EED15-B5E2-4612-B5B2-95775EEA6B5F}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{6052858E-2E86-4690-84EB-7A70098966E3}D:\program files\siemens\nx 8.0\ugii\ugraf.exe" = protocol=6 | dir=in | app=d:\program files\siemens\nx 8.0\ugii\ugraf.exe |
"TCP Query User{A65A2546-9C25-4A0C-B317-47A2610DF763}D:\program files\siemens\nx 8.0\ugii\ugraf.exe" = protocol=6 | dir=in | app=d:\program files\siemens\nx 8.0\ugii\ugraf.exe |
"UDP Query User{5F83B2DE-C8EA-49F9-8E65-40B22135665F}D:\program files\siemens\nx 8.0\ugii\ugraf.exe" = protocol=17 | dir=in | app=d:\program files\siemens\nx 8.0\ugii\ugraf.exe |
"UDP Query User{C581FA28-F36A-44EF-AD4D-0B8BAF4AFE9D}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{CE80F44C-5440-45AB-A772-15CC3C04E1B2}D:\program files\siemens\nx 8.0\ugii\ugraf.exe" = protocol=17 | dir=in | app=d:\program files\siemens\nx 8.0\ugii\ugraf.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{215D88B7-661F-4C71-A7F9-75E53E9A5061}" = SolidWorks eDrawings 2012 x64 Edition SP02
"{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software
"{32F9B623-BDF7-18AC-80F1-32E9B0E25F3A}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C66F076-D3AB-49C8-85D4-BAA6D82FCAE2}" = SolidWorks 2012 x64 Edition SP02
"{4E22D0BC-2A2E-4723-B7E7-F34701EE501E}" = 3Dconnexion 3DxWare (x64)
"{51676C0E-2D18-49F3-A1BE-005DE2654168}" = Siemens NX 8.0
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64E6DF7A-E726-4001-8573-E6A6D6F35454}" = Networking USB Server
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{923D3F31-64AD-4620-88C5-E2451E5E25ED}" = MELTEC Device Drivers x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B0EAC89-4331-A96E-C7D3-754192589BEE}" = ATI Catalyst Install Manager
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B1BF0EE8-216A-4212-9CF3-FC9551507556}" = FaroArm USB Driver 5
"{B8F5E355-C43B-4860-B690-D79CB5B0186D}" = 3Dconnexion Add-In for Solid Edge V18 - ST5
"{C2DBF59B-1D2C-44E9-A52A-93ACDAD9D27B}" = 3Dconnexion Plug-In for NX v3.0 - v8.5
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEECF49B-552B-44E7-8F59-CCD9C98378AE}" = 3Dconnexion Add-In for SolidWorks 2005 - 2013
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D3CB988F-2A25-4AD5-BE84-24349E9CCCD8}" = SolidWorks 2012 x64 German Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{EB9400D5-6289-4F9F-9B79-B3528101C0C7}" = SolidWorks Flow Simulation 2012 SP02 x64 Edition
"{F2DF59A0-5C1F-4454-9B67-538F43E2D335}" = Network Printer Wizard
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"05FBE63CF9C9B3424152207E7278CD6DA193C56C" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2010 8.6.0.29)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"Logitech Unifying" = Logitech Unifying-Software 2.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A8F063-C727-95AA-F10B-CD8E6B23ED16}" = CCC Help Italian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2898B91C-B75B-2EC5-4D4C-DD6C286F9485}" = Catalyst Control Center InstallProxy
"{2C4FD7D3-6F3A-45C2-AAAD-929B40346E3F}" = Catalyst Control Center - Branding
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7055
"{3DF5B915-A374-78B4-EE86-58346774DEC8}" = PX Profile Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5506986E-3173-E510-82BB-033C18299878}" = Catalyst Control Center Graphics Previews Vista
"{55532499-5676-4DAE-9A57-AEB907A0A1DD}" = QuickShare
"{5626FEDC-04D2-E67D-8261-3C6E7637A923}" = CCC Help German
"{563BBE0C-35F3-B1FF-1AD9-A5426CDEB388}" = CCC Help Korean
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66F6BD4B-4C2C-B10C-B3D4-7A311EC4FC1C}" = Catalyst Control Center Localization All
"{6AAB8068-BEB6-4CB6-958E-717EA6402467}" = 3Dconnexion Trainer
"{6D236956-B79D-4748-BEA3-A039334A66AB}" = 3Dconnexion Collage
"{6D46B934-2ACE-DC9A-800B-C1831ED0FF85}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DA16880-5718-E907-9A9F-EA8F5CBC51DA}" = CCC Help French
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87998E4E-6D9C-411B-AAE9-B8523FFE357D}" = Image Data Converter
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91F4AE26-4989-D770-A6BB-B50EB5BC938D}" = CCC Help Chinese Traditional
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6085E33-3DC7-1B94-C717-6B9D6686F183}" = CCC Help Chinese Standard
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B40EED7A-63D4-4ED2-910D-9A64FF94DF22}" = UGSLicensing
"{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware (x64 Edition)
"{C85DF163-6DB3-2A03-5E8E-2B059AAA4882}" = CCC Help Dutch
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CF36D287-4610-69E4-A69A-9EF2BFEDB258}" = CCC Help Portuguese
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB042BA1-BD6A-9E4A-C5ED-2CC523D92C7D}" = CCC Help Swedish
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF3FBAA8-A959-72A0-8530-D715855137E1}" = CCC Help Japanese
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{EB325412-D54D-B320-7D77-D4B4A6B9F276}" = ccc-core-static
"{EFB4E818-8A4D-B230-6D41-213D48A2C7B3}" = CCC Help Spanish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{64E6DF7A-E726-4001-8573-E6A6D6F35454}" = Networking USB Server
"InstallShield_{F2DF59A0-5C1F-4454-9B67-538F43E2D335}" = Network Printer Wizard
"JabRef 2.8.1" = JabRef 2.8.1
"LyX205" = LyX 2.0.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NauticTools_is1" = NauticTools
"SolidWorks Installation Manager 20120-40200-1100-100" = SolidWorks 2012 x64 Edition SP02
"Splashtop Software Updater" = Splashtop Software Updater
"Twixtor 5, After Effects-compatible plugin set" = Twixtor 5, After Effects-compatible plugin set
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-116213940-2147198843-1770016352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FLV Player" = FLV Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 19.02.2013 10:01:00 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.02.2013 02:53:23 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.02.2013 05:49:30 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 20.02.2013 11:56:14 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2013 04:21:04 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 21.02.2013 06:13:56 | Computer Name = xxx-PC | Source = System Restore | ID = 8193
Description =
Error - 21.02.2013 06:13:56 | Computer Name = xxx-PC | Source = System Restore | ID = 8211
Description =
Error - 21.02.2013 06:25:04 | Computer Name = xxx-PC | Source = VSS | ID = 12289
Description =
Error - 22.02.2013 04:41:28 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
Error - 22.02.2013 12:07:56 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 26.01.2013 05:25:23 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 26.01.2013 09:29:44 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 27.01.2013 07:59:25 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 27.01.2013 08:01:57 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error - 27.01.2013 08:01:57 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 27.01.2013 08:02:46 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 27.01.2013 10:08:55 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 27.01.2013 11:11:36 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 27.01.2013 18:04:58 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 28.01.2013 05:09:00 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
|
22.02.2013, 22:32
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fenster werden automatisch inaktiv Ok, danke für die Erklärung  Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.02.2013, 16:01
| #5 |
| | Fenster werden automatisch inaktiv MBAR: Da er nichts gefunden hat, wurde auch kein CleanUp durchgeführt und nicht neugestartet. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.23.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
XXX :: XXX-PC [administrator]
23.02.2013 15:59:31
mbar-log-2013-02-23 (15-59-31).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31625
Time elapsed: 4 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-23 16:45:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_MMCRE64G5MXP-0VB rev.VBM1801Q 59,63GB
Running: gmer_2.1.19081.exe; Driver: C:\Users\XXX\AppData\Local\Temp\uwdirpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\USB Server\Networking USB Server\Networking USB Server.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076151465 2 bytes [15, 76]
.text C:\Program Files (x86)\USB Server\Networking USB Server\Networking USB Server.exe[3428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000761514bb 2 bytes [15, 76]
.text ... * 2
.text C:\Users\XXX\AppData\Local\Smartbar\Application\QuickShare.exe[3500] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076151465 2 bytes [15, 76]
.text C:\Users\XXX\AppData\Local\Smartbar\Application\QuickShare.exe[3500] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000761514bb 2 bytes [15, 76]
.text ... * 2
.text C:\Users\XXX\AppData\Roaming\Dropbox\bin\Dropbox.exe[3580] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076151465 2 bytes [15, 76]
.text C:\Users\XXXl\AppData\Roaming\Dropbox\bin\Dropbox.exe[3580] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000761514bb 2 bytes [15, 76]
.text ... * 2
---- Devices - GMER 2.1 ----
Device \Driver\atapi \Device\Dev_fffffa800442e680 fffffa80079cd880
Device \Driver\atapi \Device\Dev_fffffa800443a060 fffffa80079cd880
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe2e796f4
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe2e796f4 (not active ControlSet)
---- EOF - GMER 2.1 ----
Geändert von KlausdieMaus (23.02.2013 um 16:52 Uhr) |
|
24.02.2013, 21:28
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fenster werden automatisch inaktiv aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Fenster werden automatisch inaktiv |
|
25.02.2013, 14:56
| #7 |
| | Fenster werden automatisch inaktiv aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-25 14:30:00
-----------------------------
14:30:00.626 OS Version: Windows x64 6.1.7601 Service Pack 1
14:30:00.626 Number of processors: 2 586 0x1706
14:30:00.626 ComputerName: xxx-PC UserName: xxx
14:30:00.797 Initialize success
14:34:42.806 AVAST engine defs: 13022500
14:35:05.645 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:35:05.645 Disk 0 Vendor: SAMSUNG_MMCRE64G5MXP-0VB VBM1801Q Size: 61057MB BusType: 11
14:35:05.645 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
14:35:05.645 Disk 1 Vendor: SAMSUNG_HM500JJ 2AK10001 Size: 476940MB BusType: 11
14:35:05.661 Disk 0 MBR read successfully
14:35:05.661 Disk 0 MBR scan
14:35:05.661 Disk 0 Windows 7 default MBR code
14:35:05.661 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 61055 MB offset 2048
14:35:05.707 Disk 0 scanning C:\Windows\system32\drivers
14:35:14.639 Service scanning
14:35:34.154 Modules scanning
14:35:34.154 Disk 0 trace - called modules:
14:35:34.164 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:35:34.494 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048fb060]
14:35:34.494 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004415680]
14:35:34.755 AVAST engine scan C:\Windows
14:35:35.761 AVAST engine scan C:\Windows\system32
14:37:54.120 AVAST engine scan C:\Windows\system32\drivers
14:38:05.033 AVAST engine scan C:\Users\xxx
14:41:00.486 AVAST engine scan C:\ProgramData
14:41:35.443 Scan finished successfully
14:47:30.922 Disk 0 MBR has been saved successfully to "C:\Users\xxx\Desktop\MBR.dat"
14:47:30.985 The log file has been saved successfully to "C:\Users\xxx\Desktop\aswMBR.txt"
Code:
ATTFilter 14:50:01.0555 4136 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:50:01.0679 4136 ============================================================
14:50:01.0679 4136 Current date / time: 2013/02/25 14:50:01.0679
14:50:01.0679 4136 SystemInfo:
14:50:01.0679 4136
14:50:01.0679 4136 OS Version: 6.1.7601 ServicePack: 1.0
14:50:01.0679 4136 Product type: Workstation
14:50:01.0679 4136 ComputerName: xxx-PC
14:50:01.0679 4136 UserName: xxx
14:50:01.0679 4136 Windows directory: C:\Windows
14:50:01.0679 4136 System windows directory: C:\Windows
14:50:01.0679 4136 Running under WOW64
14:50:01.0679 4136 Processor architecture: Intel x64
14:50:01.0679 4136 Number of processors: 2
14:50:01.0679 4136 Page size: 0x1000
14:50:01.0679 4136 Boot type: Normal boot
14:50:01.0679 4136 ============================================================
14:50:02.0210 4136 Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 (59.63 Gb), SectorSize: 0x200, Cylinders: 0x204E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:50:02.0553 4136 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
14:50:02.0600 4136 ============================================================
14:50:02.0600 4136 \Device\Harddisk0\DR0:
14:50:02.0600 4136 MBR partitions:
14:50:02.0600 4136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x773F800
14:50:02.0600 4136 \Device\Harddisk1\DR1:
14:50:02.0600 4136 MBR partitions:
14:50:02.0600 4136 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
14:50:02.0600 4136 ============================================================
14:50:02.0631 4136 C: <-> \Device\Harddisk0\DR0\Partition1
14:50:02.0647 4136 D: <-> \Device\Harddisk1\DR1\Partition1
14:50:02.0647 4136 ============================================================
14:50:02.0647 4136 Initialize success
14:50:02.0647 4136 ============================================================
14:51:22.0369 1164 ============================================================
14:51:22.0369 1164 Scan started
14:51:22.0369 1164 Mode: Manual; SigCheck; TDLFS;
14:51:22.0369 1164 ============================================================
14:51:22.0728 1164 ================ Scan system memory ========================
14:51:22.0728 1164 System memory - ok
14:51:22.0728 1164 ================ Scan services =============================
14:51:22.0774 1164 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
14:51:22.0821 1164 1394ohci - ok
14:51:22.0837 1164 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:51:22.0852 1164 ACPI - ok
14:51:22.0852 1164 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:51:22.0884 1164 AcpiPmi - ok
14:51:22.0884 1164 [ 92E9D1DEBDC9C6C367064EA403C68874 ] ADMonitor C:\Windows\system32\ADMonitor.exe
14:51:22.0884 1164 ADMonitor ( UnsignedFile.Multi.Generic ) - warning
14:51:22.0884 1164 ADMonitor - detected UnsignedFile.Multi.Generic (1)
14:51:22.0899 1164 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:51:22.0899 1164 AdobeARMservice - ok
14:51:22.0930 1164 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:51:22.0946 1164 AdobeFlashPlayerUpdateSvc - ok
14:51:22.0946 1164 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:51:22.0977 1164 adp94xx - ok
14:51:22.0977 1164 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:51:22.0993 1164 adpahci - ok
14:51:22.0993 1164 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:51:23.0008 1164 adpu320 - ok
14:51:23.0024 1164 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:51:23.0071 1164 AeLookupSvc - ok
14:51:23.0086 1164 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:51:23.0102 1164 AFD - ok
14:51:23.0102 1164 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:51:23.0118 1164 agp440 - ok
14:51:23.0118 1164 [ 95BC4330FA44240CA00C641A73C7E62D ] aksdf C:\Windows\system32\drivers\aksdf.sys
14:51:23.0133 1164 aksdf - ok
14:51:23.0133 1164 [ E2E5CF34D6C56ACE5E986969A3D9B0B5 ] aksfridge C:\Windows\system32\drivers\aksfridge.sys
14:51:23.0149 1164 aksfridge - ok
14:51:23.0149 1164 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:51:23.0164 1164 ALG - ok
14:51:23.0180 1164 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:51:23.0180 1164 aliide - ok
14:51:23.0196 1164 [ F23C8B2011900E7D0F1940CA75975B90 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:51:23.0211 1164 AMD External Events Utility - ok
14:51:23.0211 1164 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:51:23.0227 1164 amdide - ok
14:51:23.0227 1164 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:51:23.0242 1164 AmdK8 - ok
14:51:23.0336 1164 [ F9F4A7CC75C3101AD5A66FD035525CC3 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:51:23.0445 1164 amdkmdag - ok
14:51:23.0461 1164 [ 7FDAAE73445C2C9F8360AB45E22C03BE ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:51:23.0476 1164 amdkmdap - ok
14:51:23.0476 1164 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
14:51:23.0492 1164 AmdPPM - ok
14:51:23.0492 1164 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:51:23.0508 1164 amdsata - ok
14:51:23.0523 1164 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:51:23.0523 1164 amdsbs - ok
14:51:23.0539 1164 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:51:23.0539 1164 amdxata - ok
14:51:23.0554 1164 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:51:23.0617 1164 AppID - ok
14:51:23.0617 1164 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:51:23.0648 1164 AppIDSvc - ok
14:51:23.0648 1164 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:51:23.0679 1164 Appinfo - ok
14:51:23.0695 1164 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:51:23.0695 1164 Apple Mobile Device - ok
14:51:23.0710 1164 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
14:51:23.0710 1164 AppMgmt - ok
14:51:23.0726 1164 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
14:51:23.0726 1164 arc - ok
14:51:23.0742 1164 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:51:23.0757 1164 arcsas - ok
14:51:23.0773 1164 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:51:23.0773 1164 aspnet_state - ok
14:51:23.0788 1164 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:51:23.0820 1164 AsyncMac - ok
14:51:23.0820 1164 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:51:23.0835 1164 atapi - ok
14:51:23.0913 1164 [ F9F4A7CC75C3101AD5A66FD035525CC3 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:51:23.0991 1164 atikmdag - ok
14:51:24.0022 1164 [ 7FE1E7697D611E3638E237543D51B56A ] ATService C:\Windows\system32\ATService.exe
14:51:24.0085 1164 ATService - ok
14:51:24.0100 1164 [ 599FDE158B87EB33538FB0CEA1A5813F ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
14:51:24.0132 1164 ATSwpWDF - ok
14:51:24.0132 1164 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:51:24.0178 1164 AudioEndpointBuilder - ok
14:51:24.0178 1164 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:51:24.0210 1164 AudioSrv - ok
14:51:24.0225 1164 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:51:24.0241 1164 AxInstSV - ok
14:51:24.0256 1164 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
14:51:24.0272 1164 b06bdrv - ok
14:51:24.0272 1164 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:51:24.0288 1164 b57nd60a - ok
14:51:24.0303 1164 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:51:24.0319 1164 BDESVC - ok
14:51:24.0319 1164 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:51:24.0350 1164 Beep - ok
14:51:24.0366 1164 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:51:24.0397 1164 BFE - ok
14:51:24.0412 1164 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
14:51:24.0444 1164 BITS - ok
14:51:24.0459 1164 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:51:24.0459 1164 blbdrive - ok
14:51:24.0475 1164 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:51:24.0490 1164 Bonjour Service - ok
14:51:24.0490 1164 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:51:24.0506 1164 bowser - ok
14:51:24.0506 1164 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:51:24.0522 1164 BrFiltLo - ok
14:51:24.0522 1164 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:51:24.0537 1164 BrFiltUp - ok
14:51:24.0537 1164 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:51:24.0553 1164 Browser - ok
14:51:24.0568 1164 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:51:24.0584 1164 Brserid - ok
14:51:24.0584 1164 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:51:24.0600 1164 BrSerWdm - ok
14:51:24.0600 1164 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:51:24.0615 1164 BrUsbMdm - ok
14:51:24.0615 1164 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:51:24.0631 1164 BrUsbSer - ok
14:51:24.0646 1164 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
14:51:24.0646 1164 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
14:51:24.0646 1164 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
14:51:24.0646 1164 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
14:51:24.0662 1164 BthEnum - ok
14:51:24.0662 1164 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:51:24.0678 1164 BTHMODEM - ok
14:51:24.0693 1164 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:51:24.0693 1164 BthPan - ok
14:51:24.0709 1164 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
14:51:24.0724 1164 BTHPORT - ok
14:51:24.0724 1164 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:51:24.0771 1164 bthserv - ok
14:51:24.0771 1164 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
14:51:24.0787 1164 BTHUSB - ok
14:51:24.0787 1164 [ 2641A3FE3D7B0646308F33B67F3B5300 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
14:51:24.0802 1164 btusbflt - ok
14:51:24.0818 1164 [ FFE8C1C3ABBF75CE4E74E9A0942DAE7D ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
14:51:24.0834 1164 btwdins - ok
14:51:24.0834 1164 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:51:24.0865 1164 cdfs - ok
14:51:24.0880 1164 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:51:24.0880 1164 cdrom - ok
14:51:24.0896 1164 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:51:24.0927 1164 CertPropSvc - ok
14:51:24.0927 1164 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
14:51:24.0943 1164 circlass - ok
14:51:24.0943 1164 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:51:24.0958 1164 CLFS - ok
14:51:24.0974 1164 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:51:24.0990 1164 clr_optimization_v2.0.50727_32 - ok
14:51:24.0990 1164 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:51:25.0005 1164 clr_optimization_v2.0.50727_64 - ok
14:51:25.0021 1164 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:51:25.0036 1164 clr_optimization_v4.0.30319_32 - ok
14:51:25.0036 1164 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:51:25.0052 1164 clr_optimization_v4.0.30319_64 - ok
14:51:25.0052 1164 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:51:25.0068 1164 CmBatt - ok
14:51:25.0068 1164 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:51:25.0083 1164 cmdide - ok
14:51:25.0083 1164 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:51:25.0114 1164 CNG - ok
14:51:25.0130 1164 [ D3C4F72E8F8DC523B02A0C313CEEEA99 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
14:51:25.0146 1164 CnxtHdAudService - ok
14:51:25.0146 1164 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:51:25.0161 1164 Compbatt - ok
14:51:25.0161 1164 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:51:25.0177 1164 CompositeBus - ok
14:51:25.0177 1164 COMSysApp - ok
14:51:25.0614 1164 [ 4FC12A217DDA92C303B13A9C539D2B2E ] CoordinatorServiceHost D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
14:51:25.0645 1164 CoordinatorServiceHost - ok
14:51:25.0645 1164 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:51:25.0660 1164 crcdisk - ok
14:51:25.0660 1164 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:51:25.0676 1164 CryptSvc - ok
14:51:25.0692 1164 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
14:51:25.0707 1164 CSC - ok
14:51:25.0707 1164 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
14:51:25.0738 1164 CscService - ok
14:51:25.0738 1164 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:51:25.0785 1164 DcomLaunch - ok
14:51:25.0785 1164 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:51:25.0816 1164 defragsvc - ok
14:51:25.0832 1164 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:51:25.0863 1164 DfsC - ok
14:51:25.0863 1164 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:51:25.0894 1164 Dhcp - ok
14:51:25.0894 1164 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:51:25.0941 1164 discache - ok
14:51:25.0941 1164 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
14:51:25.0957 1164 Disk - ok
14:51:25.0957 1164 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
14:51:25.0972 1164 dmvsc - ok
14:51:25.0972 1164 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:51:25.0988 1164 Dnscache - ok
14:51:25.0988 1164 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:51:26.0019 1164 dot3svc - ok
14:51:26.0035 1164 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:51:26.0066 1164 DPS - ok
14:51:26.0066 1164 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:51:26.0082 1164 drmkaud - ok
14:51:26.0082 1164 [ 369E422B4BB5641718D212F713E646D0 ] dtsvc C:\Windows\system32\DTS.exe
14:51:26.0082 1164 dtsvc ( UnsignedFile.Multi.Generic ) - warning
14:51:26.0082 1164 dtsvc - detected UnsignedFile.Multi.Generic (1)
14:51:26.0097 1164 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:51:26.0128 1164 DXGKrnl - ok
14:51:26.0128 1164 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
14:51:26.0144 1164 e1yexpress - ok
14:51:26.0160 1164 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:51:26.0191 1164 EapHost - ok
14:51:26.0222 1164 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
14:51:26.0284 1164 ebdrv - ok
14:51:26.0284 1164 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:51:26.0300 1164 EFS - ok
14:51:26.0300 1164 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:51:26.0331 1164 ehRecvr - ok
14:51:26.0331 1164 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:51:26.0347 1164 ehSched - ok
14:51:26.0362 1164 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
14:51:26.0362 1164 ElbyCDIO - ok
14:51:26.0378 1164 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:51:26.0394 1164 elxstor - ok
14:51:26.0394 1164 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:51:26.0409 1164 ErrDev - ok
14:51:26.0409 1164 [ 917DFF97525B7D70C46D4DEDA240089F ] EST_BusEnum C:\Windows\system32\DRIVERS\GenBus.sys
14:51:26.0425 1164 EST_BusEnum - ok
14:51:26.0425 1164 [ B63CB796F3FC7DF6DB5C0DD7E4A6F16D ] EST_Server C:\Windows\system32\DRIVERS\GenHC.sys
14:51:26.0440 1164 EST_Server - ok
14:51:26.0456 1164 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:51:26.0487 1164 EventSystem - ok
14:51:26.0487 1164 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:51:26.0518 1164 exfat - ok
14:51:26.0534 1164 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:51:26.0565 1164 fastfat - ok
14:51:26.0565 1164 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:51:26.0596 1164 Fax - ok
14:51:26.0596 1164 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
14:51:26.0612 1164 fdc - ok
14:51:26.0612 1164 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:51:26.0643 1164 fdPHost - ok
14:51:26.0643 1164 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:51:26.0674 1164 FDResPub - ok
14:51:26.0674 1164 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:51:26.0690 1164 FileInfo - ok
14:51:26.0690 1164 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:51:26.0721 1164 Filetrace - ok
14:51:26.0737 1164 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:51:26.0846 1164 FLEXnet Licensing Service - ok
14:51:26.0862 1164 [ 5CEE6CD43AE5844C49300EA0B1E557EE ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
14:51:26.0971 1164 FLEXnet Licensing Service 64 - ok
14:51:26.0971 1164 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:51:26.0986 1164 flpydisk - ok
14:51:26.0986 1164 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:51:27.0002 1164 FltMgr - ok
14:51:27.0018 1164 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
14:51:27.0064 1164 FontCache - ok
14:51:27.0064 1164 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:51:27.0080 1164 FontCache3.0.0.0 - ok
14:51:27.0080 1164 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:51:27.0096 1164 FsDepends - ok
14:51:27.0096 1164 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:51:27.0111 1164 Fs_Rec - ok
14:51:27.0111 1164 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:51:27.0127 1164 fvevol - ok
14:51:27.0127 1164 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:51:27.0142 1164 gagp30kx - ok
14:51:27.0142 1164 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:51:27.0158 1164 GEARAspiWDM - ok
14:51:27.0174 1164 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:51:27.0205 1164 gpsvc - ok
14:51:27.0205 1164 [ 78FAD9117E4527F2CA82259DA10F40BD ] hardlock C:\Windows\system32\drivers\hardlock.sys
14:51:27.0220 1164 hardlock - ok
14:51:27.0236 1164 hasplms - ok
14:51:27.0236 1164 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:51:27.0252 1164 hcw85cir - ok
14:51:27.0252 1164 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:51:27.0267 1164 HdAudAddService - ok
14:51:27.0267 1164 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:51:27.0283 1164 HDAudBus - ok
14:51:27.0298 1164 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:51:27.0314 1164 HidBatt - ok
14:51:27.0314 1164 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:51:27.0330 1164 HidBth - ok
14:51:27.0330 1164 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:51:27.0345 1164 HidIr - ok
14:51:27.0345 1164 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
14:51:27.0376 1164 hidserv - ok
14:51:27.0376 1164 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:51:27.0392 1164 HidUsb - ok
14:51:27.0392 1164 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:51:27.0423 1164 hkmsvc - ok
14:51:27.0439 1164 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:51:27.0454 1164 HomeGroupListener - ok
14:51:27.0454 1164 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:51:27.0470 1164 HomeGroupProvider - ok
14:51:27.0470 1164 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:51:27.0486 1164 HpSAMD - ok
14:51:27.0501 1164 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:51:27.0532 1164 HTTP - ok
14:51:27.0532 1164 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:51:27.0548 1164 hwpolicy - ok
14:51:27.0548 1164 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:51:27.0564 1164 i8042prt - ok
14:51:27.0579 1164 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:51:27.0595 1164 iaStorV - ok
14:51:27.0595 1164 [ 16A43ABB5A334C7842F4A60CF9FF8041 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
14:51:27.0610 1164 IBMPMDRV - ok
14:51:27.0610 1164 [ 32B778CCF1F3B1458EDDA98FB8431EAC ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
14:51:27.0610 1164 IBMPMSVC - ok
14:51:27.0626 1164 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:51:27.0657 1164 idsvc - ok
14:51:27.0751 1164 [ 4EAA4261E1AD4B860657CADA790B9B38 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:51:27.0919 1164 igfx - ok
14:51:27.0919 1164 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:51:27.0929 1164 iirsp - ok
14:51:27.0949 1164 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:51:27.0989 1164 IKEEXT - ok
14:51:27.0989 1164 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:51:27.0999 1164 intelide - ok
14:51:28.0109 1164 [ 4EAA4261E1AD4B860657CADA790B9B38 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
14:51:28.0269 1164 intelkmd - ok
14:51:28.0279 1164 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:51:28.0289 1164 intelppm - ok
14:51:28.0299 1164 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:51:28.0329 1164 IPBusEnum - ok
14:51:28.0329 1164 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:51:28.0369 1164 IpFilterDriver - ok
14:51:28.0369 1164 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:51:28.0409 1164 iphlpsvc - ok
14:51:28.0419 1164 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:51:28.0429 1164 IPMIDRV - ok
14:51:28.0429 1164 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:51:28.0459 1164 IPNAT - ok
14:51:28.0469 1164 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:51:28.0489 1164 iPod Service - ok
14:51:28.0499 1164 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:51:28.0509 1164 IRENUM - ok
14:51:28.0519 1164 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:51:28.0529 1164 isapnp - ok
14:51:28.0539 1164 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:51:28.0549 1164 iScsiPrt - ok
14:51:28.0549 1164 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:51:28.0569 1164 kbdclass - ok
14:51:28.0569 1164 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:51:28.0579 1164 kbdhid - ok
14:51:28.0579 1164 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:51:28.0599 1164 KeyIso - ok
14:51:28.0599 1164 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:51:28.0609 1164 KSecDD - ok
14:51:28.0619 1164 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:51:28.0629 1164 KSecPkg - ok
14:51:28.0629 1164 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:51:28.0659 1164 ksthunk - ok
14:51:28.0669 1164 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:51:28.0709 1164 KtmRm - ok
14:51:28.0709 1164 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:51:28.0749 1164 LanmanServer - ok
14:51:28.0749 1164 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:51:28.0779 1164 LanmanWorkstation - ok
14:51:28.0789 1164 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:51:28.0819 1164 lltdio - ok
14:51:28.0829 1164 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:51:28.0859 1164 lltdsvc - ok
14:51:28.0869 1164 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:51:28.0899 1164 lmhosts - ok
14:51:28.0899 1164 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:51:28.0919 1164 LSI_FC - ok
14:51:28.0919 1164 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:51:28.0929 1164 LSI_SAS - ok
14:51:28.0939 1164 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:51:28.0949 1164 LSI_SAS2 - ok
14:51:28.0949 1164 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:51:28.0959 1164 LSI_SCSI - ok
14:51:28.0969 1164 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:51:28.0999 1164 luafv - ok
14:51:29.0009 1164 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:51:29.0019 1164 Mcx2Svc - ok
14:51:29.0019 1164 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
14:51:29.0029 1164 megasas - ok
14:51:29.0039 1164 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:51:29.0059 1164 MegaSR - ok
14:51:29.0059 1164 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:51:29.0069 1164 Microsoft Office Groove Audit Service - ok
14:51:29.0079 1164 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:51:29.0109 1164 MMCSS - ok
14:51:29.0109 1164 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:51:29.0149 1164 Modem - ok
14:51:29.0149 1164 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:51:29.0159 1164 monitor - ok
14:51:29.0169 1164 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:51:29.0179 1164 mouclass - ok
14:51:29.0179 1164 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:51:29.0189 1164 mouhid - ok
14:51:29.0199 1164 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:51:29.0209 1164 mountmgr - ok
14:51:29.0219 1164 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:51:29.0229 1164 MozillaMaintenance - ok
14:51:29.0229 1164 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
14:51:29.0249 1164 MpFilter - ok
14:51:29.0249 1164 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:51:29.0269 1164 mpio - ok
14:51:29.0269 1164 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:51:29.0299 1164 mpsdrv - ok
14:51:29.0309 1164 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:51:29.0349 1164 MpsSvc - ok
14:51:29.0359 1164 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:51:29.0379 1164 MRxDAV - ok
14:51:29.0379 1164 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:51:29.0399 1164 mrxsmb - ok
14:51:29.0399 1164 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:51:29.0419 1164 mrxsmb10 - ok
14:51:29.0419 1164 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:51:29.0429 1164 mrxsmb20 - ok
14:51:29.0439 1164 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:51:29.0449 1164 msahci - ok
14:51:29.0449 1164 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:51:29.0469 1164 msdsm - ok
14:51:29.0469 1164 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:51:29.0489 1164 MSDTC - ok
14:51:29.0489 1164 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:51:29.0529 1164 Msfs - ok
14:51:29.0529 1164 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:51:29.0559 1164 mshidkmdf - ok
14:51:29.0559 1164 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:51:29.0569 1164 msisadrv - ok
14:51:29.0579 1164 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:51:29.0609 1164 MSiSCSI - ok
14:51:29.0609 1164 msiserver - ok
14:51:29.0619 1164 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:51:29.0649 1164 MSKSSRV - ok
14:51:29.0649 1164 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
14:51:29.0669 1164 MsMpSvc - ok
14:51:29.0669 1164 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:51:29.0699 1164 MSPCLOCK - ok
14:51:29.0699 1164 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:51:29.0729 1164 MSPQM - ok
14:51:29.0739 1164 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:51:29.0759 1164 MsRPC - ok
14:51:29.0759 1164 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:51:29.0769 1164 mssmbios - ok
14:51:29.0779 1164 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:51:30.0099 1164 MSTEE - ok
14:51:30.0099 1164 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
14:51:30.0109 1164 MTConfig - ok
14:51:30.0119 1164 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:51:30.0129 1164 Mup - ok
14:51:30.0139 1164 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:51:30.0179 1164 napagent - ok
14:51:30.0179 1164 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:51:30.0199 1164 NativeWifiP - ok
14:51:30.0209 1164 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:51:30.0239 1164 NDIS - ok
14:51:30.0239 1164 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:51:30.0279 1164 NdisCap - ok
14:51:30.0279 1164 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:51:30.0309 1164 NdisTapi - ok
14:51:30.0309 1164 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:51:30.0349 1164 Ndisuio - ok
14:51:30.0349 1164 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:51:30.0379 1164 NdisWan - ok
14:51:30.0389 1164 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:51:30.0419 1164 NDProxy - ok
14:51:30.0429 1164 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
14:51:30.0439 1164 Netaapl - ok
14:51:30.0439 1164 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:51:30.0469 1164 NetBIOS - ok
14:51:30.0479 1164 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:51:30.0509 1164 NetBT - ok
14:51:30.0519 1164 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:51:30.0529 1164 Netlogon - ok
14:51:30.0529 1164 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:51:30.0569 1164 Netman - ok
14:51:30.0569 1164 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:51:30.0589 1164 NetMsmqActivator - ok
14:51:30.0589 1164 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:51:30.0599 1164 NetPipeActivator - ok
14:51:30.0609 1164 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:51:30.0649 1164 netprofm - ok
14:51:30.0649 1164 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:51:30.0659 1164 NetTcpActivator - ok
14:51:30.0669 1164 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:51:30.0679 1164 NetTcpPortSharing - ok
14:51:30.0729 1164 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
14:51:30.0819 1164 netw5v64 - ok
14:51:30.0829 1164 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:51:30.0839 1164 nfrd960 - ok
14:51:30.0839 1164 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:51:30.0859 1164 NisDrv - ok
14:51:30.0859 1164 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
14:51:30.0879 1164 NisSrv - ok
14:51:30.0889 1164 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:51:30.0919 1164 NlaSvc - ok
14:51:30.0929 1164 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:51:30.0959 1164 Npfs - ok
14:51:30.0969 1164 [ 394BE69E33DF78FD1A942124B985F7EA ] NPWService C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe
14:51:31.0019 1164 NPWService ( UnsignedFile.Multi.Generic ) - warning
14:51:31.0019 1164 NPWService - detected UnsignedFile.Multi.Generic (1)
14:51:31.0029 1164 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:51:31.0059 1164 nsi - ok
14:51:31.0069 1164 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:51:31.0099 1164 nsiproxy - ok
14:51:31.0119 1164 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:51:31.0159 1164 Ntfs - ok
14:51:31.0159 1164 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:51:31.0189 1164 Null - ok
14:51:31.0199 1164 [ D4FA3EA39C6E919103DAA24FAB48B329 ] NUS_Bus C:\Windows\system32\DRIVERS\NUS_Bus.sys
14:51:31.0209 1164 NUS_Bus - ok
14:51:31.0209 1164 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:51:31.0229 1164 nvraid - ok
14:51:31.0229 1164 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:51:31.0239 1164 nvstor - ok
14:51:31.0249 1164 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:51:31.0259 1164 nv_agp - ok
14:51:31.0269 1164 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:51:31.0289 1164 odserv - ok
14:51:31.0289 1164 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:51:31.0299 1164 ohci1394 - ok
14:51:31.0309 1164 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:51:31.0319 1164 ose - ok
14:51:31.0329 1164 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:51:31.0339 1164 p2pimsvc - ok
14:51:31.0349 1164 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:51:31.0369 1164 p2psvc - ok
14:51:31.0369 1164 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:51:31.0389 1164 Parport - ok
14:51:31.0389 1164 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:51:31.0399 1164 partmgr - ok
14:51:31.0409 1164 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:51:31.0429 1164 PcaSvc - ok
14:51:31.0429 1164 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:51:31.0449 1164 pci - ok
14:51:31.0449 1164 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:51:31.0459 1164 pciide - ok
14:51:31.0469 1164 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:51:31.0479 1164 pcmcia - ok
14:51:31.0479 1164 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:51:31.0489 1164 pcw - ok
14:51:31.0499 1164 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:51:31.0539 1164 PEAUTH - ok
14:51:31.0559 1164 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:51:31.0589 1164 PeerDistSvc - ok
14:51:31.0609 1164 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:51:31.0629 1164 PerfHost - ok
14:51:31.0649 1164 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:51:31.0699 1164 pla - ok
14:51:31.0699 1164 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:51:31.0719 1164 PlugPlay - ok
14:51:31.0739 1164 [ 30A72FBE14196E659714566571763785 ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
14:51:31.0759 1164 PMBDeviceInfoProvider - ok
14:51:31.0759 1164 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:51:31.0769 1164 PNRPAutoReg - ok
14:51:31.0779 1164 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:51:31.0789 1164 PNRPsvc - ok
14:51:31.0799 1164 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:51:31.0839 1164 PolicyAgent - ok
14:51:31.0849 1164 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:51:31.0879 1164 Power - ok
14:51:31.0879 1164 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:51:31.0919 1164 PptpMiniport - ok
14:51:31.0919 1164 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
14:51:31.0929 1164 Processor - ok
14:51:31.0939 1164 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
14:51:31.0969 1164 ProfSvc - ok
14:51:31.0969 1164 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:51:31.0989 1164 ProtectedStorage - ok
14:51:31.0989 1164 [ C2C5F5D150605FD14FA2ABDE88DB2020 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
14:51:31.0999 1164 psadd - ok
14:51:31.0999 1164 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:51:32.0029 1164 Psched - ok
14:51:32.0039 1164 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:51:32.0049 1164 PxHlpa64 - ok
14:51:32.0069 1164 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:51:32.0099 1164 ql2300 - ok
14:51:32.0109 1164 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:51:32.0119 1164 ql40xx - ok
14:51:32.0119 1164 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:51:32.0139 1164 QWAVE - ok
14:51:32.0149 1164 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:51:32.0159 1164 QWAVEdrv - ok
14:51:32.0169 1164 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:51:32.0199 1164 RasAcd - ok
14:51:32.0199 1164 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:51:32.0229 1164 RasAgileVpn - ok
14:51:32.0239 1164 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:51:32.0269 1164 RasAuto - ok
14:51:32.0279 1164 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:51:32.0309 1164 Rasl2tp - ok
14:51:32.0309 1164 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:51:32.0349 1164 RasMan - ok
14:51:32.0349 1164 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:51:32.0389 1164 RasPppoe - ok
14:51:32.0389 1164 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:51:32.0419 1164 RasSstp - ok
14:51:32.0429 1164 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:51:32.0459 1164 rdbss - ok
14:51:32.0469 1164 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:51:32.0479 1164 rdpbus - ok
14:51:32.0479 1164 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:51:32.0509 1164 RDPCDD - ok
14:51:32.0519 1164 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:51:32.0529 1164 RDPDR - ok
14:51:32.0539 1164 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:51:32.0569 1164 RDPENCDD - ok
14:51:32.0569 1164 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:51:32.0599 1164 RDPREFMP - ok
14:51:32.0609 1164 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:51:32.0619 1164 RDPWD - ok
14:51:32.0629 1164 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:51:32.0639 1164 rdyboost - ok
14:51:32.0669 1164 [ 164B20F948F662995E4435A0BEC270F2 ] Remote Solver for Flow Simulation 2012 D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
14:51:32.0689 1164 Remote Solver for Flow Simulation 2012 - ok
14:51:32.0699 1164 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:51:32.0729 1164 RemoteAccess - ok
14:51:32.0729 1164 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:51:32.0769 1164 RemoteRegistry - ok
14:51:32.0769 1164 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:51:32.0789 1164 RFCOMM - ok
14:51:32.0789 1164 [ F45D6E12EB99A668F52201637C67C8F5 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
14:51:32.0809 1164 rimmptsk - ok
14:51:32.0809 1164 [ EAC02ED935A9C1F2DDD8D985C465B854 ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
14:51:32.0819 1164 rimsptsk - ok
14:51:32.0829 1164 [ 931A8F843B4120DF527C3684DAF77FD9 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
14:51:32.0839 1164 rismxdp - ok
14:51:32.0839 1164 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:51:32.0879 1164 RpcEptMapper - ok
14:51:32.0879 1164 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:51:32.0889 1164 RpcLocator - ok
14:51:32.0899 1164 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:51:32.0939 1164 RpcSs - ok
14:51:32.0939 1164 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:51:32.0969 1164 rspndr - ok
14:51:32.0979 1164 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:51:32.0989 1164 s3cap - ok
14:51:32.0989 1164 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:51:32.0999 1164 SamSs - ok
14:51:33.0009 1164 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:51:33.0019 1164 sbp2port - ok
14:51:33.0029 1164 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:51:33.0059 1164 SCardSvr - ok
14:51:33.0059 1164 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:51:33.0089 1164 scfilter - ok
14:51:33.0109 1164 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:51:33.0149 1164 Schedule - ok
14:51:33.0159 1164 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:51:33.0189 1164 SCPolicySvc - ok
14:51:33.0189 1164 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:51:33.0209 1164 sdbus - ok
14:51:33.0209 1164 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:51:33.0229 1164 SDRSVC - ok
14:51:33.0229 1164 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:51:33.0259 1164 secdrv - ok
14:51:33.0269 1164 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:51:33.0299 1164 seclogon - ok
14:51:33.0299 1164 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
14:51:33.0329 1164 SENS - ok
14:51:33.0339 1164 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:51:33.0349 1164 SensrSvc - ok
14:51:33.0349 1164 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:51:33.0369 1164 Serenum - ok
14:51:33.0369 1164 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:51:33.0379 1164 Serial - ok
14:51:33.0389 1164 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:51:33.0399 1164 sermouse - ok
14:51:33.0409 1164 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:51:33.0439 1164 SessionEnv - ok
14:51:33.0439 1164 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:51:33.0459 1164 sffdisk - ok
14:51:33.0459 1164 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:51:33.0479 1164 sffp_mmc - ok
14:51:33.0479 1164 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:51:33.0489 1164 sffp_sd - ok
14:51:33.0499 1164 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:51:33.0509 1164 sfloppy - ok
14:51:33.0519 1164 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:51:33.0549 1164 SharedAccess - ok
14:51:33.0559 1164 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:51:33.0599 1164 ShellHWDetection - ok
14:51:33.0599 1164 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
14:51:33.0609 1164 SiSRaid2 - ok
14:51:33.0619 1164 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:51:33.0629 1164 SiSRaid4 - ok
14:51:33.0629 1164 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:51:33.0659 1164 Smb - ok
14:51:33.0669 1164 [ E11C9E13E92DA6747363924CFFCBD7EF ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
14:51:33.0679 1164 SmbDrvI - ok
14:51:33.0689 1164 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:51:33.0699 1164 SNMPTRAP - ok
14:51:33.0699 1164 [ 4945020BC094C322571184A6E8056B3A ] SolidWorks Licensing Service C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
14:51:33.0799 1164 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - warning
14:51:33.0799 1164 SolidWorks Licensing Service - detected UnsignedFile.Multi.Generic (1)
14:51:33.0809 1164 [ 777B4A39A65854C39C581DD129F946B3 ] SplashtopRemoteService C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
14:51:33.0829 1164 SplashtopRemoteService - ok
14:51:33.0829 1164 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:51:33.0839 1164 spldr - ok
14:51:33.0849 1164 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
14:51:33.0889 1164 Spooler - ok
14:51:33.0929 1164 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:51:34.0009 1164 sppsvc - ok
14:51:34.0009 1164 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:51:34.0049 1164 sppuinotify - ok
14:51:34.0059 1164 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:51:34.0069 1164 srv - ok
14:51:34.0079 1164 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:51:34.0099 1164 srv2 - ok
14:51:34.0099 1164 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:51:34.0119 1164 SrvHsfHDA - ok
14:51:34.0139 1164 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:51:34.0169 1164 SrvHsfV92 - ok
14:51:34.0179 1164 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:51:34.0199 1164 SrvHsfWinac - ok
14:51:34.0209 1164 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:51:34.0219 1164 srvnet - ok
14:51:34.0219 1164 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:51:34.0259 1164 SSDPSRV - ok
14:51:34.0259 1164 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:51:34.0289 1164 SstpSvc - ok
14:51:34.0309 1164 [ F9AEDD871E1CD759B95728C9B935D203 ] SSUService C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
14:51:34.0319 1164 SSUService - ok
14:51:34.0329 1164 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
14:51:34.0339 1164 stexstor - ok
14:51:34.0349 1164 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:51:34.0369 1164 stisvc - ok
14:51:34.0379 1164 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:51:34.0389 1164 storflt - ok
14:51:34.0389 1164 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
14:51:34.0399 1164 StorSvc - ok
14:51:34.0409 1164 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:51:34.0419 1164 storvsc - ok
14:51:34.0419 1164 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:51:34.0429 1164 swenum - ok
14:51:34.0439 1164 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
14:51:34.0459 1164 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
14:51:34.0459 1164 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
14:51:34.0469 1164 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:51:34.0499 1164 swprv - ok
14:51:34.0509 1164 [ BB3E8D7B5165672A71392DB27028144B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:51:34.0529 1164 SynTP - ok
14:51:34.0549 1164 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:51:34.0589 1164 SysMain - ok
14:51:34.0589 1164 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:51:34.0609 1164 TabletInputService - ok
14:51:34.0619 1164 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:51:34.0649 1164 TapiSrv - ok
14:51:34.0659 1164 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:51:34.0689 1164 TBS - ok
14:51:34.0709 1164 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:51:34.0749 1164 Tcpip - ok
14:51:34.0779 1164 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:51:34.0809 1164 TCPIP6 - ok
14:51:34.0819 1164 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:51:34.0849 1164 tcpipreg - ok
14:51:34.0849 1164 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:51:34.0859 1164 TDPIPE - ok
14:51:34.0869 1164 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:51:34.0879 1164 TDTCP - ok
14:51:34.0879 1164 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:51:34.0909 1164 tdx - ok
14:51:34.0919 1164 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:51:34.0929 1164 TermDD - ok
14:51:34.0939 1164 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:51:34.0979 1164 TermService - ok
14:51:34.0979 1164 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:51:34.0999 1164 Themes - ok
14:51:34.0999 1164 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:51:35.0039 1164 THREADORDER - ok
14:51:35.0039 1164 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
14:51:35.0049 1164 TPM - ok
14:51:35.0059 1164 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:51:35.0089 1164 TrkWks - ok
14:51:35.0099 1164 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:51:35.0129 1164 TrustedInstaller - ok
14:51:35.0129 1164 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:51:35.0169 1164 tssecsrv - ok
14:51:35.0169 1164 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:51:35.0179 1164 TsUsbFlt - ok
14:51:35.0189 1164 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
14:51:35.0199 1164 TsUsbGD - ok
14:51:35.0199 1164 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:51:35.0229 1164 tunnel - ok
14:51:35.0239 1164 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:51:35.0249 1164 uagp35 - ok
14:51:35.0259 1164 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:51:35.0289 1164 udfs - ok
14:51:35.0359 1164 [ A3A5DCF65B4AC8D98C7E2DD9B58B37A3 ] UGS License Server (ugslmd) D:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe
14:51:35.0619 1164 UGS License Server (ugslmd) - ok
14:51:35.0619 1164 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:51:35.0639 1164 UI0Detect - ok
14:51:35.0639 1164 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:51:35.0649 1164 uliagpkx - ok
14:51:35.0659 1164 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:51:35.0669 1164 umbus - ok
14:51:35.0669 1164 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
14:51:35.0679 1164 UmPass - ok
14:51:35.0689 1164 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
14:51:35.0699 1164 UmRdpService - ok
14:51:35.0709 1164 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:51:35.0749 1164 upnphost - ok
14:51:35.0749 1164 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:51:35.0759 1164 USBAAPL64 - ok
14:51:35.0769 1164 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:51:35.0779 1164 usbccgp - ok
14:51:35.0789 1164 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:51:35.0799 1164 usbcir - ok
14:51:35.0809 1164 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:51:35.0819 1164 usbehci - ok
14:51:35.0829 1164 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:51:35.0839 1164 usbhub - ok
14:51:35.0849 1164 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:51:35.0859 1164 usbohci - ok
14:51:35.0859 1164 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:51:35.0869 1164 usbprint - ok
14:51:35.0879 1164 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:51:35.0889 1164 usbscan - ok
14:51:35.0899 1164 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:51:35.0909 1164 USBSTOR - ok
14:51:35.0909 1164 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:51:35.0919 1164 usbuhci - ok
14:51:35.0929 1164 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:51:35.0959 1164 UxSms - ok
14:51:35.0959 1164 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:51:35.0979 1164 VaultSvc - ok
14:51:35.0979 1164 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
14:51:35.0989 1164 VClone - ok
14:51:35.0989 1164 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:51:35.0999 1164 vdrvroot - ok
14:51:36.0009 1164 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:51:36.0049 1164 vds - ok
14:51:36.0059 1164 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:51:36.0069 1164 vga - ok
14:51:36.0069 1164 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:51:36.0099 1164 VgaSave - ok
14:51:36.0109 1164 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:51:36.0119 1164 vhdmp - ok
14:51:36.0129 1164 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:51:36.0139 1164 viaide - ok
14:51:36.0139 1164 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:51:36.0159 1164 vmbus - ok
14:51:36.0159 1164 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:51:36.0169 1164 VMBusHID - ok
14:51:36.0179 1164 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:51:36.0189 1164 volmgr - ok
14:51:36.0199 1164 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:51:36.0209 1164 volmgrx - ok
14:51:36.0219 1164 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:51:36.0229 1164 volsnap - ok
14:51:36.0239 1164 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:51:36.0249 1164 vsmraid - ok
14:51:36.0269 1164 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:51:36.0329 1164 VSS - ok
14:51:36.0329 1164 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:51:36.0339 1164 vwifibus - ok
14:51:36.0359 1164 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:51:36.0389 1164 W32Time - ok
14:51:36.0399 1164 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:51:36.0409 1164 WacomPen - ok
14:51:36.0419 1164 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:51:36.0449 1164 WANARP - ok
14:51:36.0449 1164 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:51:36.0479 1164 Wanarpv6 - ok
14:51:36.0499 1164 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:51:36.0529 1164 wbengine - ok
14:51:36.0539 1164 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:51:36.0559 1164 WbioSrvc - ok
14:51:36.0559 1164 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:51:36.0579 1164 wcncsvc - ok
14:51:36.0589 1164 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:51:36.0599 1164 WcsPlugInService - ok
14:51:36.0609 1164 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
14:51:36.0619 1164 Wd - ok
14:51:36.0629 1164 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:51:36.0640 1164 Wdf01000 - ok
14:51:36.0650 1164 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:51:36.0680 1164 WdiServiceHost - ok
14:51:36.0680 1164 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:51:36.0700 1164 WdiSystemHost - ok
14:51:36.0710 1164 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:51:36.0730 1164 WebClient - ok
14:51:36.0730 1164 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:51:36.0770 1164 Wecsvc - ok
14:51:36.0770 1164 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:51:36.0810 1164 wercplsupport - ok
14:51:36.0810 1164 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:51:36.0840 1164 WerSvc - ok
14:51:36.0850 1164 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:51:36.0880 1164 WfpLwf - ok
14:51:36.0880 1164 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:51:36.0890 1164 WIMMount - ok
14:51:36.0900 1164 WinDefend - ok
14:51:36.0900 1164 WinHttpAutoProxySvc - ok
14:51:36.0910 1164 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:51:36.0950 1164 Winmgmt - ok
14:51:36.0970 1164 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:51:37.0030 1164 WinRM - ok
14:51:37.0040 1164 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:51:37.0050 1164 WinUsb - ok
14:51:37.0070 1164 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:51:37.0090 1164 Wlansvc - ok
14:51:37.0100 1164 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:51:37.0110 1164 WmiAcpi - ok
14:51:37.0120 1164 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:51:37.0130 1164 wmiApSrv - ok
14:51:37.0130 1164 WMPNetworkSvc - ok
14:51:37.0140 1164 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:51:37.0150 1164 WPCSvc - ok
14:51:37.0160 1164 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:51:37.0170 1164 WPDBusEnum - ok
14:51:37.0180 1164 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:51:37.0210 1164 ws2ifsl - ok
14:51:37.0210 1164 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
14:51:37.0230 1164 wscsvc - ok
14:51:37.0230 1164 WSearch - ok
14:51:37.0270 1164 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:51:37.0320 1164 wuauserv - ok
14:51:37.0320 1164 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:51:37.0360 1164 WudfPf - ok
14:51:37.0360 1164 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:51:37.0390 1164 WUDFRd - ok
14:51:37.0400 1164 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:51:37.0430 1164 wudfsvc - ok
14:51:37.0440 1164 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:51:37.0460 1164 WwanSvc - ok
14:51:37.0470 1164 ================ Scan global ===============================
14:51:37.0470 1164 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:51:37.0480 1164 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:51:37.0480 1164 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
14:51:37.0490 1164 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:51:37.0500 1164 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:51:37.0500 1164 [Global] - ok
14:51:37.0500 1164 ================ Scan MBR ==================================
14:51:37.0500 1164 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:51:37.0630 1164 \Device\Harddisk0\DR0 - ok
14:51:37.0630 1164 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
14:51:37.0680 1164 \Device\Harddisk1\DR1 - ok
14:51:37.0680 1164 ================ Scan VBR ==================================
14:51:37.0680 1164 [ 23511E1029063AE482916C6D60D85F82 ] \Device\Harddisk0\DR0\Partition1
14:51:37.0680 1164 \Device\Harddisk0\DR0\Partition1 - ok
14:51:37.0680 1164 [ 805205F65B5D201FC954EEE1F9353421 ] \Device\Harddisk1\DR1\Partition1
14:51:37.0680 1164 \Device\Harddisk1\DR1\Partition1 - ok
14:51:37.0680 1164 ============================================================
14:51:37.0680 1164 Scan finished
14:51:37.0680 1164 ============================================================
14:51:37.0690 3852 Detected object count: 6
14:51:37.0690 3852 Actual detected object count: 6
14:52:42.0133 3852 ADMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:42.0133 3852 ADMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:42.0133 3852 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:42.0133 3852 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:42.0133 3852 dtsvc ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:42.0133 3852 dtsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:42.0148 3852 NPWService ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:42.0148 3852 NPWService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:42.0148 3852 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:42.0148 3852 SolidWorks Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:52:42.0148 3852 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
14:52:42.0148 3852 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
25.02.2013, 15:21
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fenster werden automatisch inaktiv Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.02.2013, 16:47
| #9 |
| | Fenster werden automatisch inaktiv Hier jetzt das Log-Filfe von Combofix: [code] Combofix Logfile: Code:
ATTFilter ComboFix 13-02-24.01 - xxx 25.02.2013 15:54:39.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3992.2050 [GMT 1:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-25 bis 2013-02-25 ))))))))))))))))))))))))))))))
.
.
2013-02-25 14:58 . 2013-02-25 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-24 19:56 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{64A82D3E-E09E-43C9-AF44-B93AE3C61CF3}\mpengine.dll
2013-02-24 19:52 . 2013-02-24 19:52 -------- d-----w- c:\users\xxx\AppData\Roaming\dvdcss
2013-02-23 15:49 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-20 12:45 . 2013-02-20 12:51 -------- d-----w- c:\users\xxx\AppData\Roaming\Sony Corporation
2013-02-20 12:27 . 2007-07-19 17:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2013-02-20 12:27 . 2007-07-19 17:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2013-02-20 12:27 . 2006-03-31 11:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2013-02-20 12:21 . 2013-02-20 12:21 -------- d-----w- c:\programdata\Sony Corporation
2013-02-20 12:21 . 2013-02-20 12:26 -------- d-----w- c:\program files (x86)\Sony
2013-02-19 17:01 . 2009-09-03 19:14 57856 ----a-w- c:\windows\system32\drivers\rixdpx64.sys
2013-02-19 17:01 . 2009-09-03 18:59 54784 ----a-w- c:\windows\system32\drivers\rimspx64.sys
2013-02-19 17:01 . 2009-09-03 18:37 67072 ----a-w- c:\windows\system32\drivers\rimmpx64.sys
2013-02-19 17:01 . 2007-07-25 11:48 172032 ----a-w- c:\windows\system32\rixdicon.dll
2013-02-19 17:01 . 2004-09-04 02:00 90112 ----a-w- c:\windows\system32\snymsico.dll
2013-02-16 10:42 . 2013-02-16 10:42 -------- d-----w- c:\users\xxx\AppData\Roaming\Malwarebytes
2013-02-16 10:41 . 2013-02-16 10:41 -------- d-----w- c:\programdata\Malwarebytes
2013-02-16 10:41 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-16 10:41 . 2013-02-16 10:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-16 10:41 . 2013-02-16 10:41 -------- d-----w- c:\users\xxx\AppData\Local\Programs
2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-15 16:54 . 2013-02-15 16:54 -------- d-----w- c:\programdata\FARO Technologies
2013-02-15 16:53 . 2013-02-15 16:53 -------- d-----w- c:\users\xxx\AppData\Roaming\CAM2 Measure
2013-02-15 16:52 . 2013-02-16 13:57 -------- d-----w- c:\program files\Common Files\FARO Shared
2013-02-15 16:52 . 2013-02-16 13:57 -------- d-----w- c:\program files (x86)\Common Files\FARO Shared
2013-02-15 16:52 . 2013-02-15 16:52 -------- d-----w- c:\programdata\FARO
2013-02-15 16:51 . 2013-02-15 16:51 -------- d-----w- c:\users\xxx\AppData\Local\Downloaded Installations
2013-02-15 16:43 . 2009-09-21 07:07 71040 ----a-w- c:\windows\system32\drivers\aksdf.sys
2013-02-15 16:43 . 2013-02-15 16:43 -------- d-----w- c:\program files (x86)\Common Files\Aladdin Shared
2013-02-15 16:43 . 2009-12-16 15:44 3750400 ----a-w- c:\windows\system32\hasplms.exe
2013-02-15 16:43 . 2009-12-16 15:44 3750400 ----a-w- c:\windows\system32\aksllmtp.exe
2013-02-15 16:43 . 2009-08-20 06:02 130816 ----a-w- c:\windows\system32\drivers\aksfridge.sys
2013-02-15 16:43 . 2009-03-13 09:55 318464 ----a-w- c:\windows\system32\drivers\hardlock.sys
2013-02-15 15:05 . 2013-02-15 15:07 -------- d-----w- c:\programdata\MAGIX
2013-02-15 15:05 . 2013-02-15 15:05 -------- d-----w- c:\users\xxx\AppData\Roaming\MAGIX
2013-02-14 21:12 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 21:12 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 18:20 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 18:20 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 18:20 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 18:20 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-14 18:20 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 18:20 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-14 18:20 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-14 18:20 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-14 18:20 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-14 18:20 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-14 18:20 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 18:20 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-06 09:23 . 2013-02-06 09:23 -------- d-----w- c:\programdata\Splashtop
2013-02-06 09:23 . 2013-02-06 09:23 -------- d-----w- c:\users\xxx\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9}
2013-02-04 07:39 . 2008-01-30 16:36 90112 ----a-w- c:\windows\unvise32.exe
2013-02-04 07:35 . 2013-02-04 07:46 -------- d-----w- c:\program files (x86)\REVisionEffects
2013-02-02 16:27 . 2013-02-02 16:27 -------- d-----w- c:\users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-02-02 11:10 . 2013-02-05 18:48 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-02-02 11:02 . 2013-02-02 11:02 -------- d-----w- c:\programdata\ALM
2013-02-02 10:58 . 2013-02-02 10:58 -------- d-----w- c:\users\xxx\Adobe Flash Builder 4
2013-02-02 10:53 . 2013-02-02 10:53 -------- d-----w- c:\program files (x86)\Adobe Media Player
2013-02-02 10:52 . 2013-02-02 10:52 -------- d-----w- c:\program files (x86)\My Company Name
2013-02-02 10:52 . 2013-02-02 10:52 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2013-02-02 10:52 . 2013-02-02 10:52 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2013-02-02 10:52 . 2009-07-09 02:00 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2013-02-02 10:52 . 2009-06-23 02:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2013-02-02 10:52 . 2009-06-23 02:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2013-02-02 10:51 . 2013-02-02 11:05 -------- d-----w- c:\program files\Common Files\Adobe
2013-02-02 10:51 . 2013-02-02 11:04 -------- d-----w- c:\program files\Adobe
2013-02-02 10:50 . 2013-02-02 10:50 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-01-30 10:32 . 2013-01-30 10:33 -------- d-----w- c:\users\xxx\AppData\Local\Smartbar
2013-01-30 10:32 . 2013-01-30 10:32 -------- d-----w- c:\users\xxx\AppData\Roaming\OpenCandy
2013-01-30 08:30 . 2013-01-30 08:30 -------- d-----w- c:\programdata\LogiShrd
2013-01-30 08:30 . 2013-01-30 08:30 -------- d-----w- c:\program files\Common Files\LogiShrd
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-08 12:11 . 2012-10-25 11:53 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 12:11 . 2012-10-25 11:53 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 20:03 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-14 18:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 12:42 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 12:42 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:42 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:42 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-28 12:21 . 2012-11-28 12:21 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-28 12:21 . 2012-11-28 12:21 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-28 12:21 . 2012-11-28 12:21 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-28 08:38 . 2012-11-28 08:38 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{094B82FB-40D7-4FA5-8915-0B2A2B511EF8}\gapaengine.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Networking USB Server"="c:\program files (x86)\USB Server\Networking USB Server\Networking USB Server.exe" [2011-01-14 2449408]
"Browser Infrastructure Helper"="c:\users\xxx\AppData\Local\Smartbar\Application\QuickShare.exe" [2013-01-09 13824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-04 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"VirtualCloneDrive"="d:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2011-12-16 694328]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-1-24 1090848]
Start 3DxWare.lnk - d:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe [2012-10-11 134656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2011-05-31 130048]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-08 54824]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;d:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-01-20 89160]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-10-27 1431888]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;d:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-12-09 113800]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2009-09-21 71040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-05-04 203776]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\ATService.exe [2011-05-31 2715976]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2011-05-31 117760]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 NPWService;NPWService;c:\program files (x86)\Generic\Network Printer Wizard\NPWService.exe [2012-03-20 798720]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2011-12-16 475192]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-01-28 551264]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-01-25 583456]
S2 UGS License Server (ugslmd);UGS-Lizenzserver (ugslmd);d:\program files (x86)\UGS\UGSLicensing\lmgrd.exe [2009-07-07 1510152]
S3 ATSwpWDF;AuthenTec TruePrint USB Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2011-05-31 735616]
S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [2009-10-06 29696]
S3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [2009-10-06 199168]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-10-13 10629184]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 NUS_Bus;Network USB Server Bus;c:\windows\system32\DRIVERS\NUS_Bus.sys [2010-01-28 30208]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-10-17 44344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 59779178
*NewlyCreated* - ASWMBR
*Deregistered* - 59779178
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 12:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"FingerPrintSoftwareSplashScreen"="c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\52p3ld99.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-01-30 16:23; helperbar@helperbar.com; c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\52p3ld99.default\extensions\helperbar@helperbar.com
FF - ExtSQL: 2013-02-02 12:10; {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}; d:\programme\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-25 16:00:34
ComboFix-quarantined-files.txt 2013-02-25 15:00
.
Vor Suchlauf: 13 Verzeichnis(se), 14.711.508.992 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 14.854.184.960 Bytes frei
.
- - End Of File - - EC6F2B8F4467AAACAFE9F2448528EDBD
|
|
25.02.2013, 16:57
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fenster werden automatisch inaktiv JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.02.2013, 17:22
| #11 |
| | Fenster werden automatisch inaktiv JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Windows 7 Professional x64
Ran by xxx on 25.02.2013 at 17:01:54,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\browser infrastructure helper
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\smartbarbackup
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{31ad400d-1b06-4e33-a59a-90c2c140cba0}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\xxx\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\xxx\AppData\Roaming\opencandy"
Failed to delete: [Folder] "C:\Users\xxx\appdata\local\smartbar"
Successfully deleted: [Folder] "C:\Users\xxx\appdata\locallow\smartbar"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\52p3ld99.default\extensions\helperbar@helperbar.com
Emptied folder: C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\52p3ld99.default\minidumps [92 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.02.2013 at 17:08:02,53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.113 - Datei am 25/02/2013 um 17:09:58 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : xxx - xxx-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\xxx\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\xxx\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\xxx\AppData\Local\Temp\Smartbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\52p3ld99.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1792 octets] - [25/02/2013 17:09:58]
########## EOF - C:\AdwCleaner[S1].txt - [1852 octets] ##########
OTL Logfile: Code:
ATTFilter OTL logfile created on: 25.02.2013 17:15:39 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 64,76% Memory free 7,80 Gb Paging File | 6,26 Gb Available in Paging File | 80,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 59,62 Gb Total Space | 14,55 Gb Free Space | 24,41% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 151,41 Gb Free Space | 32,51% Space Free | Partition Type: NTFS Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) PRC - C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - D:\Program Files (x86)\UGS\UGSLicensing\ugslmd.exe () PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\USB Server\Networking USB Server\Networking USB Server.exe () PRC - D:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe (Acresso Software Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\USB Server\Networking USB Server\Networking USB Server.exe () MOD - C:\Program Files (x86)\USB Server\Networking USB Server\PSMDLL.dll () MOD - C:\Program Files (x86)\USB Server\Networking USB Server\DCPDLL.dll () MOD - C:\Program Files (x86)\USB Server\Networking USB Server\UNTPDLL.dll () MOD - C:\Program Files (x86)\USB Server\Networking USB Server\ESTLogDLL.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (dtsvc) -- C:\Windows\SysNative\DTS.exe () SRV:64bit: - (ADMonitor) -- C:\Windows\SysNative\ADMonitor.exe () SRV:64bit: - (ATService) -- C:\Windows\SysNative\ATService.exe (AuthenTec, Inc.) SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (SafeNet Inc.) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SplashtopRemoteService) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.) SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (NPWService) -- C:\Program Files (x86)\Generic\Network Printer Wizard\NPWService.exe () SRV - (CoordinatorServiceHost) -- D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.) SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (Remote Solver for Flow Simulation 2012) -- D:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (Mentor Graphics Corporation) SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (UGS License Server (ugslmd) -- D:\Program Files (x86)\UGS\UGSLicensing\lmgrd.exe (Acresso Software Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (NUS_Bus) -- C:\Windows\SysNative\drivers\NUS_Bus.sys (Elite Silicon Technology Inc.) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.) DRV:64bit: - (EST_Server) -- C:\Windows\SysNative\drivers\GenHC.sys ( ) DRV:64bit: - (EST_BusEnum) -- C:\Windows\SysNative\drivers\GenBus.sys ( ) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (aksfridge) -- C:\Windows\SysNative\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (e1yexpress) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 12 11 B4 A2 B2 CD 01 [binary data] IE - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Programme\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2013.02.02 12:10:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 11:52:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.25 12:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions [2013.02.25 17:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\52p3ld99.default\extensions [2012.12.11 18:10:40 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\52p3ld99.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.02.14 19:40:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\52p3ld99.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.20 11:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.20 11:52:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.20 11:52:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.20 11:52:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.20 11:52:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.20 11:52:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.20 11:52:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.20 11:52:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec) O4:64bit: - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-116213940-2147198843-1770016352-1001..\Run: [Networking USB Server] C:\Program Files (x86)\USB Server\Networking USB Server\Networking USB Server.exe () O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-116213940-2147198843-1770016352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files (x86)\Generic\Network Printer Wizard\NPWprint.dll (Elite Silicon Technology Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82136C0A-C63B-4089-86B7-98BE6EF9754C}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE22D0F-ADEA-42D7-8D20-3FA6425D1123}: DhcpNameServer = 139.7.30.126 139.7.30.125 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\ATFUS: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.25 17:01:52 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.02.25 17:01:42 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.25 16:59:07 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\xxx\Desktop\JRT.exe [2013.02.25 16:44:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.25 15:43:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.25 15:43:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.25 15:43:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.25 15:43:45 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.25 15:43:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.25 15:41:25 | 005,034,894 | R--- | C] (Swearware) -- C:\Users\xxx\Desktop\ComboFix.exe [2013.02.25 14:48:59 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\xxx\Desktop\tdsskiller.exe [2013.02.25 14:27:19 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\xxx\Desktop\aswMBR.exe [2013.02.24 20:52:04 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\dvdcss [2013.02.23 15:40:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\mbar [2013.02.22 17:11:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2013.02.20 13:45:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Sony Corporation [2013.02.20 13:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home [2013.02.20 13:27:24 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2013.02.20 13:27:24 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2013.02.20 13:27:23 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2013.02.20 13:27:23 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2013.02.20 13:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2013.02.20 13:21:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2013.02.20 13:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Data Converter [2013.02.20 11:52:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.19 18:01:08 | 000,172,032 | ---- | C] (Ricoh Company,Ltd) -- C:\Windows\SysNative\rixdicon.dll [2013.02.19 18:01:08 | 000,090,112 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\snymsico.dll [2013.02.19 18:01:08 | 000,067,072 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimmpx64.sys [2013.02.19 18:01:08 | 000,057,856 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rixdpx64.sys [2013.02.19 18:01:08 | 000,054,784 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimspx64.sys [2013.02.16 11:42:06 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes [2013.02.16 11:41:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.16 11:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.16 11:41:51 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.16 11:41:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.16 11:41:44 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Programs [2013.02.15 17:54:22 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\CAM2 Measure 10 [2013.02.15 17:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\FARO Technologies [2013.02.15 17:53:57 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\CAM2 Measure [2013.02.15 17:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FARO [2013.02.15 17:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FARO Shared [2013.02.15 17:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\FARO Shared [2013.02.15 17:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\FARO [2013.02.15 17:51:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Downloaded Installations [2013.02.15 17:50:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013.02.15 17:43:28 | 000,071,040 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksdf.sys [2013.02.15 17:43:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aladdin Shared [2013.02.15 17:43:26 | 003,750,400 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\hasplms.exe [2013.02.15 17:43:26 | 003,750,400 | ---- | C] (SafeNet Inc.) -- C:\Windows\SysNative\aksllmtp.exe [2013.02.15 17:43:25 | 000,130,816 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\aksfridge.sys [2013.02.15 17:43:23 | 000,318,464 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\drivers\hardlock.sys [2013.02.15 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\MAGIX_Guitar_Backing_Maker [2013.02.15 16:07:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\MAGIX Downloads [2013.02.15 16:05:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\MAGIX [2013.02.15 16:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2013.02.14 22:11:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.14 22:11:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.14 22:11:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.14 22:11:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.14 22:11:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.14 22:11:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.14 22:11:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.14 22:11:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.14 22:11:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.14 22:11:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.14 22:11:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.14 22:11:40 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.14 22:11:39 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.14 22:11:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.14 22:11:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.02.14 19:20:59 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.14 19:20:59 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.14 19:20:58 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.14 19:20:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.14 19:20:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.14 19:20:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.14 19:20:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.14 19:20:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.14 19:20:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.14 19:20:50 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.06 10:23:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop [2013.02.06 10:23:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9} [2013.02.04 08:39:16 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe [2013.02.04 08:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Twixtor 5, After Effects-compatible plugin set [2013.02.04 08:35:30 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\REVisionEffects [2013.02.04 08:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REVisionEffects [2013.02.02 17:27:32 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.02.02 12:10:38 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Adobe [2013.02.02 12:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2013.02.02 12:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2013.02.02 11:58:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\Adobe Flash Builder 4 [2013.02.02 11:56:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe [2013.02.02 11:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player [2013.02.02 11:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe [2013.02.02 11:52:57 | 000,055,280 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys [2013.02.02 11:52:57 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys [2013.02.02 11:52:57 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys [2013.02.02 11:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2013.02.02 11:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2013.02.02 11:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name [2013.02.02 11:51:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.02.02 11:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013.02.02 11:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5 [2013.02.02 11:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.01.30 11:32:35 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\My Cheat Tables [2013.01.30 09:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.01.30 09:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.01.30 09:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2012.12.13 16:20:29 | 000,047,104 | --S- | C] (WexTech Systems, Inc.) -- C:\Users\xxx\ntuser.sys ========== Files - Modified Within 30 Days ========== [2013.02.25 17:15:30 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.25 17:15:30 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.25 17:15:30 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.25 17:15:30 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.25 17:15:30 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.25 17:11:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.25 17:11:00 | 3139,457,024 | -HS- | M] () -- C:\hiberfil.sys [2013.02.25 17:00:18 | 000,594,019 | ---- | M] () -- C:\Users\xxx\Desktop\adwcleaner.exe [2013.02.25 16:59:38 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\xxx\Desktop\JRT.exe [2013.02.25 16:59:18 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.25 16:59:18 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.25 16:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.25 15:41:47 | 005,034,894 | R--- | M] (Swearware) -- C:\Users\xxx\Desktop\ComboFix.exe [2013.02.25 14:49:04 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\xxx\Desktop\tdsskiller.exe [2013.02.25 14:47:30 | 000,000,512 | ---- | M] () -- C:\Users\xxx\Desktop\MBR.dat [2013.02.25 14:28:46 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\xxx\Desktop\aswMBR.exe [2013.02.23 16:05:54 | 000,376,832 | ---- | M] () -- C:\Users\xxx\Desktop\gmer_2.1.19081.exe [2013.02.23 15:40:29 | 013,711,621 | ---- | M] () -- C:\Users\xxx\Desktop\mbar-1.01.0.1020.zip [2013.02.22 17:11:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2013.02.20 13:28:41 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\PlayMemories Home-Hilfe.lnk [2013.02.20 13:28:41 | 000,001,303 | ---- | M] () -- C:\Users\Public\Desktop\PlayMemories Home.lnk [2013.02.20 13:21:37 | 000,002,354 | ---- | M] () -- C:\Users\Public\Desktop\Image Data Converter Ver. 4.lnk [2013.02.19 22:35:47 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.16 15:35:02 | 004,994,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.16 15:31:33 | 001,590,506 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.16 11:41:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.08 13:11:22 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.08 13:11:22 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.05 19:52:21 | 000,000,132 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Adobe PNG Format CS5 Prefs ========== Files Created - No Company Name ========== [2013.02.25 17:00:13 | 000,594,019 | ---- | C] () -- C:\Users\xxx\Desktop\adwcleaner.exe [2013.02.25 15:43:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.25 15:43:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.25 15:43:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.25 15:43:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.25 15:43:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.25 14:47:30 | 000,000,512 | ---- | C] () -- C:\Users\xxx\Desktop\MBR.dat [2013.02.23 16:05:53 | 000,376,832 | ---- | C] () -- C:\Users\xxx\Desktop\gmer_2.1.19081.exe [2013.02.23 15:36:41 | 013,711,621 | ---- | C] () -- C:\Users\xxx\Desktop\mbar-1.01.0.1020.zip [2013.02.20 13:51:58 | 002,897,913 | ---- | C] () -- C:\Users\xxx\Desktop\Handbook Sony Alpha 57.pdf [2013.02.20 13:28:41 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\PlayMemories Home-Hilfe.lnk [2013.02.20 13:28:41 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk [2013.02.20 13:28:41 | 000,001,303 | ---- | C] () -- C:\Users\Public\Desktop\PlayMemories Home.lnk [2013.02.20 13:21:37 | 000,002,354 | ---- | C] () -- C:\Users\Public\Desktop\Image Data Converter Ver. 4.lnk [2013.02.16 11:41:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.15 17:48:27 | 001,590,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.05 19:48:36 | 000,000,132 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Adobe PNG Format CS5 Prefs [2013.02.02 11:50:50 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2012.12.02 15:23:04 | 000,007,605 | ---- | C] () -- C:\Users\xxx\AppData\Local\resmon.resmoncfg [2012.10.28 15:21:06 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.10.28 15:21:05 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.10.27 12:17:31 | 000,000,000 | ---- | C] () -- C:\Users\xxx\AppData\Local\Temptable.xml [2012.10.27 12:00:17 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2012.10.25 12:29:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.10.25 12:28:24 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2012.10.25 12:26:57 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2012.10.25 12:26:57 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2012.10.25 12:26:55 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2012.10.25 12:26:52 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.10.11 14:51:44 | 000,045,568 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 25.02.2013 17:15:39 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,90 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 64,76% Memory free
7,80 Gb Paging File | 6,26 Gb Available in Paging File | 80,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,62 Gb Total Space | 14,55 Gb Free Space | 24,41% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 151,41 Gb Free Space | 32,51% Space Free | Partition Type: NTFS
Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-116213940-2147198843-1770016352-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- D:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- D:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B7B144B-7434-4F08-9E05-7F8A69594780}" = rport=445 | protocol=6 | dir=out | app=system |
"{1FC0706E-2BCA-4A2B-BF23-6298FEB4A3B5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C702A08-9994-4ECF-9F0C-A48685C7E4A2}" = lport=138 | protocol=17 | dir=in | app=system |
"{3C27CB04-906A-4C88-A33C-8BB8312066F1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3E2331FE-E635-4845-9915-6C4B7BBFB3F9}" = rport=137 | protocol=17 | dir=out | app=system |
"{59AB1611-4003-4CB0-917A-66D275D66DCF}" = lport=137 | protocol=17 | dir=in | app=system |
"{63A3A89D-EAB9-45F3-8958-F96B04F2CF29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{766B0694-8150-4372-9B29-EB7E8BBB39BE}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B46BFF3-DD19-4800-97E6-FDCA3BCFB7D1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{92F1444D-09AB-4817-AEC3-110C48C44C2A}" = rport=138 | protocol=17 | dir=out | app=system |
"{97D24A08-496C-4E2C-BABD-0AADCFD270E2}" = lport=139 | protocol=6 | dir=in | app=system |
"{A07088F2-4D92-4D48-B5A0-A05915C6BACE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A2A98502-C940-47C7-A0B4-4586317DBDF6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A30310CF-53F5-4C6D-A125-445EF734762D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A37BDF22-FD34-413D-A084-F09412CC3F3A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A49AC1CC-0636-467A-9F5F-FE1764446BBD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE9E086F-CD6D-443B-958E-A44153BDE676}" = rport=139 | protocol=6 | dir=out | app=system |
"{B6A3986F-3895-4DB7-BCC8-C410888A9F33}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BA096E2A-E65D-4B56-9699-337423363FBB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF03673E-99AF-4D0B-A717-A08B5860F658}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{D040CB78-E0C6-4A03-88B5-FD0FE1FE9F00}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D803ABB1-4952-4DEC-80A9-BBD9D184B21B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{D9CB038E-CEAA-4F86-B7DD-653E334DC2F3}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BB1AB8-1C65-46BB-828B-09729F60B8C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{09021C51-3DC6-4F9E-95EB-71DF6A199A22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E19A5D3-184F-414B-B8A8-20261689F6E4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1D78FED2-AE03-4982-A439-BF13DBA29E0D}" = protocol=17 | dir=in | app=d:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{1EBA4EF4-6505-4B04-8C68-5C5A9A6CC591}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{2278E8C5-FB51-43FA-8C5D-3B369296C716}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{270D3CCB-27C1-4F0F-8D5A-8CBEB1D3237F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{30ADEE46-BEB7-48FB-90DC-96C1264D1702}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34DAEBB2-2374-42D8-A608-7AECEABBD4C5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3D6D5714-AB97-494A-ADB4-B0523154AFDA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{47DC1C61-8500-4859-886E-A1E0D3BA2BEB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48C2C648-FAD6-47C1-98E7-4B68A392D156}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4A042569-E1BC-484B-8F65-0988CE8F35B1}" = protocol=17 | dir=in | app=c:\program files (x86)\usb server\networking usb server\networking usb server.exe |
"{4DFFFF5A-A241-44AD-971F-87EE0008212E}" = protocol=6 | dir=out | app=system |
"{4E8AA6C7-FCB6-4704-A54C-F102ADFF514B}" = protocol=6 | dir=in | app=d:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe |
"{501BA514-13B2-461C-9B0B-252567A2E436}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54EF3DF0-5C01-47D9-A134-AED252FA1B57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5647406C-82A2-4D02-B128-A2C9CAAEC2BE}" = protocol=6 | dir=in | app=d:\program files\solidworks corp\solidworks\photoview\photoview360.exe |
"{5776C540-8C85-46FC-9274-A95C3346C888}" = protocol=6 | dir=in | app=d:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
"{63F41220-A9A7-4ED4-9A5A-DF9E0031F271}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69E78976-18B3-4070-873D-C0D9F0674A85}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{713498CE-D9B7-4F6E-B7FC-2B1BB9CE2252}" = protocol=17 | dir=in | app=d:\program files\solidworks corp\solidworks\photoview\photoview360_cl.exe |
"{84458044-0361-4793-9BF7-27488537DB28}" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{8EA2F6A6-2C35-4726-AED1-8D1D17FB68B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94F1334C-D4A6-4688-AD1F-75EC1B5ABE0F}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{9A149BA2-7E80-4377-8D94-06F607953238}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C9B3407-6CC6-4575-91DC-7BB1ADF76F4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A28672CB-5B15-41B5-A0DA-E52A41B7C422}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A51EFC27-E5EC-486A-9202-321F0BABA172}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe |
"{A5C6EC92-6F76-4E33-AEE8-B30EE32F0B6D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE0F4F8A-CE36-4E21-A048-2824789594CD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C094958D-9D14-40D9-8F13-99F5EA9A195E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C18B2E6B-A757-4877-BD81-5F613261600E}" = protocol=17 | dir=in | app=d:\program files\solidworks corp\solidworks\photoview\photoview360.exe |
"{CBC9A6F0-78A8-4074-A0D8-B786021EAF1C}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe |
"{CC994CA2-29FB-4AC5-AA67-A31E7D6C2AF1}" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"{CDBAEAA5-EF90-43EB-B05D-34E4B4102E8C}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{DFC755FC-DEEB-42B5-874B-69B77348A660}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E9EF17D2-104B-41EE-B107-4D8F25886B9C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EA59C951-5CFA-4043-9C56-55C50BC3149C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F0D658EF-5C83-414A-8787-6FAD3218684B}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe |
"{F4868C94-3181-4107-972C-AE9BCB455DCC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F9D5B83E-2944-44CA-8C77-4B4E37858B0D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FD43CC32-B0F7-488E-B5F1-534C338C003C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{4D9EED15-B5E2-4612-B5B2-95775EEA6B5F}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{6052858E-2E86-4690-84EB-7A70098966E3}D:\program files\siemens\nx 8.0\ugii\ugraf.exe" = protocol=6 | dir=in | app=d:\program files\siemens\nx 8.0\ugii\ugraf.exe |
"TCP Query User{A65A2546-9C25-4A0C-B317-47A2610DF763}D:\program files\siemens\nx 8.0\ugii\ugraf.exe" = protocol=6 | dir=in | app=d:\program files\siemens\nx 8.0\ugii\ugraf.exe |
"UDP Query User{5F83B2DE-C8EA-49F9-8E65-40B22135665F}D:\program files\siemens\nx 8.0\ugii\ugraf.exe" = protocol=17 | dir=in | app=d:\program files\siemens\nx 8.0\ugii\ugraf.exe |
"UDP Query User{C581FA28-F36A-44EF-AD4D-0B8BAF4AFE9D}C:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\xxx\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{CE80F44C-5440-45AB-A772-15CC3C04E1B2}D:\program files\siemens\nx 8.0\ugii\ugraf.exe" = protocol=17 | dir=in | app=d:\program files\siemens\nx 8.0\ugii\ugraf.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{215D88B7-661F-4C71-A7F9-75E53E9A5061}" = SolidWorks eDrawings 2012 x64 Edition SP02
"{2ED326C9-A4E6-4884-B3F0-9A6CFB0A1141}" = Lenovo Fingerprint Software
"{32F9B623-BDF7-18AC-80F1-32E9B0E25F3A}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C66F076-D3AB-49C8-85D4-BAA6D82FCAE2}" = SolidWorks 2012 x64 Edition SP02
"{4E22D0BC-2A2E-4723-B7E7-F34701EE501E}" = 3Dconnexion 3DxWare (x64)
"{51676C0E-2D18-49F3-A1BE-005DE2654168}" = Siemens NX 8.0
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64E6DF7A-E726-4001-8573-E6A6D6F35454}" = Networking USB Server
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{923D3F31-64AD-4620-88C5-E2451E5E25ED}" = MELTEC Device Drivers x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B0EAC89-4331-A96E-C7D3-754192589BEE}" = ATI Catalyst Install Manager
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B1BF0EE8-216A-4212-9CF3-FC9551507556}" = FaroArm USB Driver 5
"{B8F5E355-C43B-4860-B690-D79CB5B0186D}" = 3Dconnexion Add-In for Solid Edge V18 - ST5
"{C2DBF59B-1D2C-44E9-A52A-93ACDAD9D27B}" = 3Dconnexion Plug-In for NX v3.0 - v8.5
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEECF49B-552B-44E7-8F59-CCD9C98378AE}" = 3Dconnexion Add-In for SolidWorks 2005 - 2013
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D3CB988F-2A25-4AD5-BE84-24349E9CCCD8}" = SolidWorks 2012 x64 German Resources
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{EB9400D5-6289-4F9F-9B79-B3528101C0C7}" = SolidWorks Flow Simulation 2012 SP02 x64 Edition
"{F2DF59A0-5C1F-4454-9B67-538F43E2D335}" = Network Printer Wizard
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"05FBE63CF9C9B3424152207E7278CD6DA193C56C" = Windows-Treiberpaket - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2010 8.6.0.29)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"ATI Uninstaller" = ATI Uninstaller
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"DE7217D2A8B057F15EC6E52329FDAB84231521E8" = Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430)
"Logitech Unifying" = Logitech Unifying-Software 2.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"Power Management Driver" = ThinkPad Power Management Driver
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A8F063-C727-95AA-F10B-CD8E6B23ED16}" = CCC Help Italian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = Dienstprogramm "ThinkPad UltraNav"
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2898B91C-B75B-2EC5-4D4C-DD6C286F9485}" = Catalyst Control Center InstallProxy
"{2C4FD7D3-6F3A-45C2-AAAD-929B40346E3F}" = Catalyst Control Center - Branding
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite DCP-7055
"{3DF5B915-A374-78B4-EE86-58346774DEC8}" = PX Profile Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5506986E-3173-E510-82BB-033C18299878}" = Catalyst Control Center Graphics Previews Vista
"{55532499-5676-4DAE-9A57-AEB907A0A1DD}" = QuickShare
"{5626FEDC-04D2-E67D-8261-3C6E7637A923}" = CCC Help German
"{563BBE0C-35F3-B1FF-1AD9-A5426CDEB388}" = CCC Help Korean
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.64.02
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{66F6BD4B-4C2C-B10C-B3D4-7A311EC4FC1C}" = Catalyst Control Center Localization All
"{6AAB8068-BEB6-4CB6-958E-717EA6402467}" = 3Dconnexion Trainer
"{6D236956-B79D-4748-BEA3-A039334A66AB}" = 3Dconnexion Collage
"{6D46B934-2ACE-DC9A-800B-C1831ED0FF85}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DA16880-5718-E907-9A9F-EA8F5CBC51DA}" = CCC Help French
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87998E4E-6D9C-411B-AAE9-B8523FFE357D}" = Image Data Converter
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91F4AE26-4989-D770-A6BB-B50EB5BC938D}" = CCC Help Chinese Traditional
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6085E33-3DC7-1B94-C717-6B9D6686F183}" = CCC Help Chinese Standard
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B40EED7A-63D4-4ED2-910D-9A64FF94DF22}" = UGSLicensing
"{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware (x64 Edition)
"{C85DF163-6DB3-2A03-5E8E-2B059AAA4882}" = CCC Help Dutch
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CF36D287-4610-69E4-A69A-9EF2BFEDB258}" = CCC Help Portuguese
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB042BA1-BD6A-9E4A-C5ED-2CC523D92C7D}" = CCC Help Swedish
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DF3FBAA8-A959-72A0-8530-D715855137E1}" = CCC Help Japanese
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{EB325412-D54D-B320-7D77-D4B4A6B9F276}" = ccc-core-static
"{EFB4E818-8A4D-B230-6D41-213D48A2C7B3}" = CCC Help Spanish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{64E6DF7A-E726-4001-8573-E6A6D6F35454}" = Networking USB Server
"InstallShield_{F2DF59A0-5C1F-4454-9B67-538F43E2D335}" = Network Printer Wizard
"JabRef 2.8.1" = JabRef 2.8.1
"LyX205" = LyX 2.0.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NauticTools_is1" = NauticTools
"SolidWorks Installation Manager 20120-40200-1100-100" = SolidWorks 2012 x64 Edition SP02
"Splashtop Software Updater" = Splashtop Software Updater
"Twixtor 5, After Effects-compatible plugin set" = Twixtor 5, After Effects-compatible plugin set
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-116213940-2147198843-1770016352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FLV Player" = FLV Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.02.2013 12:12:56 | Computer Name = xxx-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 25.02.2013 12:10:24 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "Data Transfer Service" hat einen ungültigen aktuellen
Status gemeldet: 0
Error - 25.02.2013 12:11:12 | Computer Name = xxx-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
|
26.02.2013, 00:08
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fenster werden automatisch inaktiv Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.02.2013, 14:32
| #13 |
| | Fenster werden automatisch inaktiv Gestern Abend sind die Fenster wieder automatisch in den Hintergrund gegangen. Viel hat sich durch die ganzen Programme ja nicht verändert, da nie irgendwas gefunden wurde, oder? Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.26.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 xxx :: xxx-PC [Administrator] 26.02.2013 09:28:16 mbam-log-2013-02-26 (09-28-16).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 210146 Laufzeit: 1 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ee36f035a5427541a89448cc301e33cf
# engine=13241
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-26 12:31:59
# local_time=2013-02-26 01:31:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 59287696 113511769 0 0
# scanned=440696
# found=0
# cleaned=0
# scan_time=11175
|
|
26.02.2013, 23:25
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fenster werden automatisch inaktiv Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.02.2013, 09:12
| #15 |
| | Fenster werden automatisch inaktiv Ich habe genau jetzt wieder das Problem, dass die Fenster automatisch inaktiv werden. Das passiert so etwa alle 30s. |
|
| Themen zu Fenster werden automatisch inaktiv |
| administrator, aktiv, anti-malware, automatisch, autostart, bestimmte, dateien, erstellt, explorer, klicke, log-file, malwarebytes, nervig, neuinstallation, nichts, problem, service, speicher, suche, texte, thema, version, windows, windows 7 |
WARNUNG an die MITLESER: 
Linear-Darstellung
