| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: startfenster.com Windows 8 vcl player downloadWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.03.2013, 19:29
| #1 | ||
 |  startfenster.com Windows 8 vcl player download Servus zusammen, bin einer der vielen, die sich dummerweise das startfenster.com Problem zugezogen haben. Hab mich durch 2 threads hier gelesen und schon mal die Anweisungen aus nem ähnlichen thread befolgt und würd mich sehr freuen, wenn mir jemand helfen könnte/ die Ergebnisse für mich analysieren könnte.... logfile von ADWcleaner Zitat:
Zitat:
|
|
04.03.2013, 19:48
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | startfenster.com Windows 8 vcl player download Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Danach eine Kontrolle mit OTL bitte:
__________________ |
|
04.03.2013, 20:21
| #3 | |
| | startfenster.com Windows 8 vcl player download Hey cosinus,
__________________vielen Dank dir schonmal! JRT scan: Zitat:
Code:
ATTFilter OTL logfile created on: 04/03/2013 20:05:08 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\juerg_000\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16420) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.89 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 66.00% Memory free 7.39 Gb Paging File | 5.64 Gb Available in Paging File | 76.37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186.30 Gb Total Space | 133.56 Gb Free Space | 71.69% Space Free | Partition Type: NTFS Drive D: | 258.15 Gb Total Space | 258.03 Gb Free Space | 99.95% Space Free | Partition Type: NTFS Drive F: | 275.41 Gb Total Space | 53.54 Gb Free Space | 19.44% Space Free | Partition Type: NTFS Drive G: | 22.66 Gb Total Space | 13.73 Gb Free Space | 60.57% Space Free | Partition Type: FAT32 Computer Name: *** | User Name: juerg_000 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\juerg_000\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll () ========== Services (SafeList) ========== SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (0123871362419113mcinstcleanup) -- C:\Windows\Temp\0123871362419113mcinst.exe (McAfee, Inc.) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS) SRV - (McAWFwk) -- c:\PROGRA~1\mcafee\msc\mcawfwk.exe (McAfee, Inc.) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\Drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\Drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\Drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\Drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfeelamk) -- C:\Windows\SysNative\Drivers\mfeelamk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\Drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\Drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\Drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (ATP) -- C:\Windows\SysNative\Drivers\AsusTP.sys (ASUS Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\Drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\Drivers\AiCharger.sys (ASUSTek Computer Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\Drivers\kbfiltr.sys ( ) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\Drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\Drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation) DRV:64bit: - (HIDSwitch) -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys (ASUS) DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\Drivers\HipShieldK.sys (McAfee, Inc.) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://de-de.facebook.com/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/04 11:46:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/04 18:50:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/03/04 11:04:36 | 000,000,000 | ---D | M] [2013/03/04 11:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juerg_000\AppData\Roaming\mozilla\Extensions [2013/03/04 13:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juerg_000\AppData\Roaming\mozilla\Firefox\Profiles\rnxhzc2u.default\extensions [2013/03/04 13:02:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\juerg_000\AppData\Roaming\mozilla\firefox\profiles\rnxhzc2u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/03/04 11:46:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/02/27 06:10:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013/02/27 06:09:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/02/27 06:09:34 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.234.128.7 195.234.128.16 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DF84F21-D7C0-4CAD-B46D-D41FFD5FDD3E}: DhcpNameServer = 195.234.128.7 195.234.128.16 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8E7A823-7114-4CD8-B198-C7D8D85E3B2B}: DhcpNameServer = 40.53.1.201 40.53.1.203 O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/04 19:53:25 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/03/04 19:52:39 | 000,000,000 | ---D | C] -- C:\JRT [2013/03/04 19:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/03/04 19:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/03/04 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013/03/04 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013/03/04 18:21:40 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Malwarebytes [2013/03/04 18:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/04 18:21:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/03/04 18:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/03/04 18:20:55 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Programs [2013/03/04 18:02:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013/03/04 17:01:45 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2013/03/04 17:01:45 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2013/03/04 17:01:38 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2013/03/04 17:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect [2013/03/04 17:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2013/03/04 17:01:29 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Winamp [2013/03/04 17:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2013/03/04 16:53:34 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\pixx [2013/03/04 16:44:27 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\SILVER LININGS DVDRIP EDAW2013 [2013/03/04 16:43:44 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\momentane fav`s [2013/03/04 16:42:44 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\Word [2013/03/04 14:19:20 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Macromedia [2013/03/04 13:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2013/03/04 13:38:18 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Paint.NET [2013/03/04 12:41:25 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\uTorrent [2013/03/04 12:40:14 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\BitTorrent [2013/03/04 12:19:49 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Avira [2013/03/04 12:11:05 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Macromedia [2013/03/04 12:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013/03/04 12:01:25 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/03/04 12:01:25 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/03/04 12:01:25 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/03/04 12:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013/03/04 12:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013/03/04 11:57:55 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\fav programme [2013/03/04 11:46:48 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Mozilla [2013/03/04 11:46:48 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Mozilla [2013/03/04 11:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/03/04 11:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013/03/04 11:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/03/04 11:29:33 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Documents\ASUS [2013/03/04 11:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS [2013/03/04 11:08:08 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\ASUS WebStorage [2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Searches [2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Contacts [2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013/03/04 11:06:38 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Adobe [2013/03/04 11:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView [2013/03/04 11:04:29 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\VirtualStore [2013/03/04 11:04:18 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Packages [2013/03/04 11:04:15 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\ASUS [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Vorlagen [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\AppData\Local\Verlauf [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\AppData\Local\Temporary Internet Files [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Startmenü [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\SendTo [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Recent [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Netzwerkumgebung [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Lokale Einstellungen [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Documents\Eigene Videos [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Documents\Eigene Musik [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Eigene Dateien [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Documents\Eigene Bilder [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Druckumgebung [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Cookies [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\AppData\Local\Anwendungsdaten [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Anwendungsdaten [2013/03/04 11:03:58 | 000,000,000 | --SD | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Videos [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Saved Games [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Pictures [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Music [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Links [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Favorites [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Downloads [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Documents [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Desktop [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2013/03/04 11:03:58 | 000,000,000 | -H-D | C] -- C:\Users\juerg_000\AppData [2013/03/04 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Temp [2013/03/04 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Microsoft [2013/03/04 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance ========== Files - Modified Within 30 Days ========== [2013/03/04 19:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/04 19:13:41 | 000,881,935 | ---- | M] () -- C:\Users\juerg_000\Desktop\SecurityCheck(1).exe [2013/03/04 19:09:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/04 19:08:55 | 000,000,401 | ---- | M] () -- C:\Users\juerg_000\AppData\Roaming\sp_data.sys [2013/03/04 19:07:35 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013/03/04 19:07:32 | 3338,391,552 | -HS- | M] () -- C:\hiberfil.sys [2013/03/04 18:21:29 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/04 17:53:56 | 000,281,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/03/04 16:43:21 | 004,568,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/03/04 16:43:21 | 000,790,022 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2013/03/04 16:43:21 | 000,785,550 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013/03/04 16:43:21 | 000,780,976 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013/03/04 16:43:21 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/03/04 16:43:21 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/03/04 16:43:21 | 000,158,586 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013/03/04 16:43:21 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/03/04 16:43:21 | 000,155,084 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2013/03/04 16:43:21 | 000,152,608 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013/03/04 16:43:21 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/03/04 16:41:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2013/03/04 12:00:21 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/03/04 12:00:21 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/03/04 12:00:21 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/02/15 18:51:48 | 009,808,492 | ---- | M] () -- C:\Users\juerg_000\Desktop\Anlagen Jürgen Haberzett.pdf [2013/02/03 15:09:00 | 000,009,075 | ---- | M] () -- C:\Users\juerg_000\Desktop\to do or think of (or not anymore;).odt ========== Files Created - No Company Name ========== [2013/03/04 19:13:40 | 000,881,935 | ---- | C] () -- C:\Users\juerg_000\Desktop\SecurityCheck(1).exe [2013/03/04 18:50:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/03/04 18:21:29 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/03/04 17:53:46 | 000,281,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/03/04 16:57:49 | 000,009,075 | ---- | C] () -- C:\Users\juerg_000\Desktop\to do or think of (or not anymore;).odt [2013/03/04 16:45:18 | 009,808,492 | ---- | C] () -- C:\Users\juerg_000\Desktop\Anlagen Jürgen Haberzett.pdf [2013/03/04 16:41:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2013/03/04 14:18:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/04 13:39:42 | 000,001,302 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2013/03/04 11:46:41 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/03/04 11:08:00 | 000,000,401 | ---- | C] () -- C:\Users\juerg_000\AppData\Roaming\sp_data.sys [2013/03/04 11:06:38 | 000,001,444 | ---- | C] () -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013/01/08 02:22:28 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012/11/20 11:01:21 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012/11/20 11:00:59 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/11/20 11:00:54 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012/08/17 01:52:29 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe [2012/08/17 01:52:28 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd [2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/09/20 07:32:51 | 019,775,488 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/09/20 06:54:47 | 017,559,552 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 04/03/2013 20:05:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\juerg_000\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16420)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.89 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 66.00% Memory free
7.39 Gb Paging File | 5.64 Gb Available in Paging File | 76.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 133.56 Gb Free Space | 71.69% Space Free | Partition Type: NTFS
Drive D: | 258.15 Gb Total Space | 258.03 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Drive F: | 275.41 Gb Total Space | 53.54 Gb Free Space | 19.44% Space Free | Partition Type: NTFS
Drive G: | 22.66 Gb Total Space | 13.73 Gb Free Space | 60.57% Space Free | Partition Type: FAT32
Computer Name: *** | User Name: juerg_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B3CACB-AE81-4952-88AD-2F9A6AAF1C2C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{171A8D83-DE4E-467A-858B-CF9262C2033F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1DD7A109-AA81-4605-81F5-757B10A4A942}" = rport=137 | protocol=17 | dir=out | app=system |
"{2A9F92BC-BC08-47AB-A0BA-D1B7D607E11B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32AD0ED7-6020-4B5B-94E2-DF23637048B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{365E73B6-EAF5-40CD-B80B-94736574301A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{380AE527-6E53-4141-A57E-D7B6D66B47E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{4ADEBB8E-4DAB-4D33-9299-DA2609F8EE1B}" = rport=445 | protocol=6 | dir=out | app=system |
"{593C6697-A1E5-4459-BC31-AA072A5B80D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6AE593F5-D13B-4371-A496-8EA0E2CA964C}" = lport=137 | protocol=17 | dir=in | app=system |
"{7E4C71B7-50B0-49FB-A9EB-F47F1955B785}" = rport=138 | protocol=17 | dir=out | app=system |
"{8746CAB6-9CFC-44A6-9847-48761CFA3318}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E6A0F74-98CE-43F8-9D09-D4573CB9AB6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{991A54D4-39C6-46BC-B84A-8A3FD27F2E94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9BC61B2C-868E-4BD4-9339-7C7527E7C567}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8BDD9E4-36C9-428A-A7EC-28BECDFD6F5A}" = lport=138 | protocol=17 | dir=in | app=system |
"{AA7900C5-27B6-4F11-A532-0D0A90E49159}" = lport=445 | protocol=6 | dir=in | app=system |
"{B42565A7-D24A-4A2C-A0E0-BFE2E24890E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D4BD7778-E439-4A3C-A875-056035527348}" = lport=139 | protocol=6 | dir=in | app=system |
"{EA296D4F-F717-4AD7-9D7A-4E1AD319132A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ECAB1CF0-995C-4810-8AB4-8AEA7817A8B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0101C7F2-27FF-44BD-9C20-F3661EC351B2}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{0316779F-9120-436F-9697-C8CAE00ABB4F}" = dir=out | name=fresh paint |
"{07D088F5-0DE1-4936-9C51-E18FEC45D90A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0FA1BEBF-1D69-4431-9597-2C77A39B631B}" = protocol=6 | dir=out | app=system |
"{17F605DA-83DD-4418-912A-666D62F36140}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{18A23013-6DE7-4529-9E49-4B69B9B3A3C7}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{1BB53BB9-9C39-4D0C-B092-3BD764320193}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1D7876A6-B641-4B7C-9751-16B651392115}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{2385AB9F-471A-4F81-8A03-72C9FDD292B4}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{28B55B69-8861-4957-B834-D78D96440926}" = dir=in | name=skype |
"{2DF4F3C0-F263-475D-BEE0-FAB18BCBC44E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{311AAF25-6FA9-49D3-A26A-FDABAA901DE6}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3D32ACCB-9242-49EF-B10F-7EDC84A1CE1A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{426C781B-8732-4CF9-BEF0-6C49C59987F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49ECF422-BBDD-4135-BF16-35E1C3F5CDCC}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{5243CE6A-49C0-45A8-A96A-1D60A95A6F9E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{59D1251B-F7B0-4002-9533-67D4E3F32DA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D2DA09A-38C7-43FB-B3B4-84C7E7B235AF}" = protocol=6 | dir=in | app=c:\users\juerg_000\appdata\roaming\utorrent\utorrent.exe |
"{5DEEDAB3-D39D-4494-BFE3-ACDAFC614631}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{64C35042-3087-4371-A832-F80C2568091F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65D8CB08-9F33-4C96-81F1-A484912979CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66F92256-6BCE-442A-A599-976AA735F60A}" = dir=out | name=taptiles |
"{77F63092-00A9-432C-A949-4D28CE3CCF1E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7C836E75-49A0-42FD-BBBF-0EFB2E20121A}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7E968864-3F53-4805-B18F-BA4D6CE3F226}" = protocol=17 | dir=in | app=c:\users\juerg_000\appdata\roaming\utorrent\utorrent.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8094E3E9-6767-453A-B33E-448BDB8CAC4B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{81AF5E57-FB24-4213-81A4-73D3F42929BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89477E4A-807C-4213-9B20-1A2093F417C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8FB06FA1-66B6-4A2B-9900-A9C7EC4ED927}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{8FEEE7F3-3E43-42B1-AFC5-8C37B0C77520}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{99E19A73-8E57-4B15-84D8-91182892DF90}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{9C64FBDE-E582-4A0D-8A7A-786073DB463A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9DE533CB-D42F-4891-BE96-6956D4B97C35}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir=out | name=windows_ie_ac_001 |
"{A60C517B-B392-4EBC-ABF4-3BCFAB10AACD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{AD97A3AC-A81F-4BF9-8463-3C83949A79B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF244168-5CAD-4AE8-AA0F-CF7078A00C3F}" = dir=out | name=wordament |
"{B6BAA601-0FEE-4859-8113-E1CCCA171C5E}" = dir=out | name=skype |
"{C36D5AF6-C0BF-46EE-99C4-B51388B91752}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{C9BB49B8-95C5-4055-B4B9-69A3FBCA4E8A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CFBDE754-F8E2-41AE-9831-85456D7B1270}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7E89D3A-4AAD-4931-B64D-66A149FE6386}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D7FA004F-15EA-40B9-BF88-1C5E17B93623}" = dir=out | name=adera |
"{DFF40C64-5898-4605-82C6-023481B9B0AD}" = dir=out | name=microsoft solitaire collection |
"{E2F9527E-5BC6-4A14-B824-59E5FC46BC68}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EB6DEE6B-E0A2-4AF6-85D8-97706E4296B0}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{F0C8D715-119A-4B96-863D-99518AF92B1F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{F22BD3BC-15A5-4871-AB6A-D39888B39859}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{F3A05029-E637-4FF3-A5E0-127163E18237}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FAFA0F3D-BD79-4EAF-8A45-DCE966E22D14}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FB27EE7C-6A8C-43A1-A31A-F9D870CE64A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCF3071B-D02B-486D-B30E-1F1A7B0EEB91}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69CC4B1E-0ADB-48E7-83D5-B45DA8CD1320}" = Alcor Micro USB Card Reader
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.1 (x86 en-US)" = Mozilla Firefox 19.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security
"uTorrent" = µTorrent
"Winamp" = Winamp
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04/03/2013 15:04:21 | Computer Name = raxfei | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\juerg_000\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
< End of report >
|
|
04.03.2013, 20:23
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | startfenster.com Windows 8 vcl player download Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
04.03.2013, 21:01
| #5 |
| | startfenster.com Windows 8 vcl player download GMER wollte wirklich nich so recht ohne zu haken. Bei MBAR stand nach dem Scan: No malware found, no clean Up necessary=) dennoch: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.04.09
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16384
juerg_000 :: *** [administrator]
04/03/2013 20:57:14
mbar-log-2013-03-04 (20-57-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 6900
Time elapsed: 15 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
04.03.2013, 21:13
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | startfenster.com Windows 8 vcl player download aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> startfenster.com Windows 8 vcl player download |
|
04.03.2013, 21:32
| #7 |
| | startfenster.com Windows 8 vcl player download awsMBR txt: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-04 21:17:59
-----------------------------
21:17:59.293 OS Version: Windows x64 6.2.9200
21:17:59.293 Number of processors: 4 586 0x2A07
21:17:59.308 ComputerName: *** UserName:
21:17:59.371 Initialze error 1
21:22:08.856 AVAST engine defs: 13030400
21:24:16.753 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000038
21:24:16.753 Disk 0 Vendor: TOSHIBA_MQ01ABD050 AX002J Size: 476940MB BusType: 11
21:24:16.784 Disk 0 MBR read successfully
21:24:16.784 Disk 0 MBR scan
21:24:16.784 Disk 0 unknown MBR code
21:24:16.784 Disk 0 Partition 1 00 EE GPT 476940 MB offset 1
21:24:16.800 Disk 0 scanning C:\Windows\system32\drivers
21:24:16.800 Service scanning
21:24:17.409 Modules scanning
21:24:17.409 Disk 0 trace - called modules:
21:24:17.409 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
21:24:17.409 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005cba060]
21:24:17.425 3 CLASSPNP.SYS[fffff88001a578aa] -> nt!IofCallDriver -> [0xfffffa8004405320]
21:24:17.425 5 ACPI.sys[fffff88001159a91] -> nt!IofCallDriver -> \Device\00000038[0xfffffa80044057f0]
21:24:17.425 AVAST engine scan C:\Windows
21:24:17.425 AVAST engine scan C:\Windows\system32
21:24:17.441 AVAST engine scan C:\Windows\system32\drivers
21:24:17.441 AVAST engine scan C:\Users\juerg_000
21:24:17.441 AVAST engine scan C:\ProgramData
21:24:17.441 Scan finished successfully
21:24:38.395 Disk 0 MBR has been saved successfully to "C:\Users\juerg_000\Desktop\MBR.dat"
21:24:38.411 The log file has been saved successfully to "C:\Users\juerg_000\Desktop\aswMBR.txt"
Code:
ATTFilter 21:27:10.0736 3332 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:27:10.0736 3332 UEFI system
21:27:10.0939 3332 ============================================================
21:27:10.0939 3332 Current date / time: 2013/03/04 21:27:10.0939
21:27:10.0939 3332 SystemInfo:
21:27:10.0939 3332
21:27:10.0939 3332 OS Version: 6.2.9200 ServicePack: 0.0
21:27:10.0939 3332 Product type: Workstation
21:27:10.0939 3332 ComputerName: ***
21:27:10.0939 3332 UserName: juerg_000
21:27:10.0939 3332 Windows directory: C:\Windows
21:27:10.0939 3332 System windows directory: C:\Windows
21:27:10.0939 3332 Running under WOW64
21:27:10.0939 3332 Processor architecture: Intel x64
21:27:10.0939 3332 Number of processors: 4
21:27:10.0939 3332 Page size: 0x1000
21:27:10.0939 3332 Boot type: Normal boot
21:27:10.0939 3332 ============================================================
21:27:11.0596 3332 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:27:11.0596 3332 ============================================================
21:27:11.0596 3332 \Device\Harddisk0\DR0:
21:27:11.0596 3332 GPT partitions:
21:27:11.0596 3332 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {2825BE3C-A830-413A-B913-334F17389C83}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
21:27:11.0596 3332 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5975917D-3891-4E85-83F2-FC6400BC7ED7}, Name: Basic data partition, StartLBA 0x96800, BlocksNum 0x1C2000
21:27:11.0596 3332 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {AA7229B7-5630-4FE3-8774-19B93251FF33}, Name: Microsoft reserved partition, StartLBA 0x258800, BlocksNum 0x40000
21:27:11.0596 3332 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {89794D6E-B731-4E38-A031-27B0734916FC}, Name: Basic data partition, StartLBA 0x298800, BlocksNum 0x1749C000
21:27:11.0596 3332 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {52B90836-DC99-4C81-911A-540B85A280FD}, Name: Basic data partition, StartLBA 0x17734800, BlocksNum 0x2044C800
21:27:11.0596 3332 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {3E8FC2A2-1158-442D-BC49-1EF339F1F09C}, Name: Basic data partition, StartLBA 0x37B81000, BlocksNum 0x2805000
21:27:11.0596 3332 MBR partitions:
21:27:11.0596 3332 ============================================================
21:27:11.0611 3332 C: <-> \Device\Harddisk0\DR0\Partition4
21:27:11.0643 3332 D: <-> \Device\Harddisk0\DR0\Partition5
21:27:11.0643 3332 ============================================================
21:27:11.0643 3332 Initialize success
21:27:11.0643 3332 ============================================================
21:27:29.0628 5272 ============================================================
21:27:29.0628 5272 Scan started
21:27:29.0628 5272 Mode: Manual; SigCheck; TDLFS;
21:27:29.0628 5272 ============================================================
21:27:30.0315 5272 ================ Scan system memory ========================
21:27:30.0315 5272 System memory - ok
21:27:30.0315 5272 ================ Scan services =============================
21:27:30.0378 5272 0123871362419113mcinstcleanup - ok
21:27:30.0456 5272 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
21:27:30.0612 5272 1394ohci - ok
21:27:30.0612 5272 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
21:27:30.0628 5272 3ware - ok
21:27:30.0659 5272 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:27:30.0690 5272 ACPI - ok
21:27:30.0706 5272 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
21:27:30.0722 5272 acpiex - ok
21:27:30.0722 5272 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
21:27:30.0753 5272 acpipagr - ok
21:27:30.0753 5272 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
21:27:30.0815 5272 AcpiPmi - ok
21:27:30.0815 5272 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
21:27:30.0847 5272 acpitime - ok
21:27:30.0894 5272 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:27:30.0909 5272 AdobeARMservice - ok
21:27:31.0003 5272 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:27:31.0019 5272 AdobeFlashPlayerUpdateSvc - ok
21:27:31.0034 5272 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:27:31.0065 5272 adp94xx - ok
21:27:31.0081 5272 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:27:31.0112 5272 adpahci - ok
21:27:31.0112 5272 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:27:31.0128 5272 adpu320 - ok
21:27:31.0159 5272 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:27:31.0206 5272 AeLookupSvc - ok
21:27:31.0237 5272 [ 9E975BDC89C83900B2C534C4E1B018F8 ] AFD C:\Windows\system32\drivers\afd.sys
21:27:31.0300 5272 AFD - ok
21:27:31.0331 5272 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
21:27:31.0394 5272 AgereSoftModem - ok
21:27:31.0409 5272 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:27:31.0425 5272 agp440 - ok
21:27:31.0456 5272 [ 16F6F6B7903B913AB41AB848C8BB5658 ] AiCharger C:\Windows\system32\DRIVERS\AiCharger.sys
21:27:31.0472 5272 AiCharger - ok
21:27:31.0487 5272 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
21:27:31.0612 5272 ALG - ok
21:27:31.0644 5272 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
21:27:31.0706 5272 AllUserInstallAgent - ok
21:27:31.0737 5272 [ FB88D16B55F788EEB7590584FE2D8F1A ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
21:27:31.0784 5272 AmdK8 - ok
21:27:31.0784 5272 [ 81402FF3373CE4DF77D5C874E369A985 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
21:27:31.0816 5272 AmdPPM - ok
21:27:31.0831 5272 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:27:31.0831 5272 amdsata - ok
21:27:31.0862 5272 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:27:31.0878 5272 amdsbs - ok
21:27:31.0878 5272 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:27:31.0894 5272 amdxata - ok
21:27:32.0034 5272 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:27:32.0050 5272 AntiVirSchedulerService - ok
21:27:32.0066 5272 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:27:32.0081 5272 AntiVirService - ok
21:27:32.0097 5272 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
21:27:32.0175 5272 AppID - ok
21:27:32.0222 5272 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:27:32.0253 5272 AppIDSvc - ok
21:27:32.0253 5272 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\Windows\System32\appinfo.dll
21:27:32.0284 5272 Appinfo - ok
21:27:32.0300 5272 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
21:27:32.0316 5272 arc - ok
21:27:32.0316 5272 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:27:32.0331 5272 arcsas - ok
21:27:32.0394 5272 [ D01D1B40EEF27F64B45165CE0ACDE6CD ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
21:27:32.0409 5272 ASLDRService - ok
21:27:32.0409 5272 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
21:27:32.0425 5272 ASMMAP64 - ok
21:27:32.0456 5272 [ 6A122B4F0E5293CACFA8A5F2CBA9B356 ] ASUS InstantOn C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
21:27:32.0456 5272 ASUS InstantOn - ok
21:27:32.0472 5272 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:27:32.0519 5272 AsyncMac - ok
21:27:32.0519 5272 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
21:27:32.0534 5272 atapi - ok
21:27:32.0675 5272 [ D55EBCD80CA519020338F75E420FDF3F ] athr C:\Windows\system32\DRIVERS\athw8x.sys
21:27:32.0831 5272 athr - ok
21:27:32.0847 5272 [ DBC598E47E7A382E60E2A4745D41FEF9 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
21:27:32.0847 5272 ATKGFNEXSrv - ok
21:27:32.0878 5272 [ 41CEAFFCF3550785E59E3EC9BEE8D97A ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
21:27:32.0894 5272 ATKWMIACPIIO - ok
21:27:32.0925 5272 [ 437EB91CB20144375DDE145149778405 ] ATP C:\Windows\System32\drivers\AsusTP.sys
21:27:32.0925 5272 ATP - ok
21:27:32.0956 5272 [ 8A814F4CBF6AA28A8F0212592824C927 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
21:27:33.0003 5272 AudioEndpointBuilder - ok
21:27:33.0034 5272 [ 01E8E96251900BCEFAB34FBC1FCEB552 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:27:33.0081 5272 Audiosrv - ok
21:27:33.0097 5272 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:27:33.0112 5272 avgntflt - ok
21:27:33.0144 5272 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:27:33.0159 5272 avipbb - ok
21:27:33.0175 5272 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:27:33.0175 5272 avkmgr - ok
21:27:33.0222 5272 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:27:33.0284 5272 AxInstSV - ok
21:27:33.0300 5272 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:27:33.0347 5272 b06bdrv - ok
21:27:33.0378 5272 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
21:27:33.0456 5272 BasicDisplay - ok
21:27:33.0456 5272 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
21:27:33.0487 5272 BasicRender - ok
21:27:33.0519 5272 [ 558F6EEF46EC2642C8F72D34CBB5612E ] BDESVC C:\Windows\System32\bdesvc.dll
21:27:33.0581 5272 BDESVC - ok
21:27:33.0613 5272 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
21:27:33.0675 5272 Beep - ok
21:27:33.0722 5272 [ 407F85D5387EDBB665A7969DF4D4712B ] BFE C:\Windows\System32\bfe.dll
21:27:33.0769 5272 BFE - ok
21:27:33.0800 5272 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
21:27:33.0894 5272 BITS - ok
21:27:33.0909 5272 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:27:33.0988 5272 bowser - ok
21:27:34.0034 5272 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
21:27:34.0097 5272 BrokerInfrastructure - ok
21:27:34.0128 5272 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
21:27:34.0191 5272 Browser - ok
21:27:34.0206 5272 [ FC79BE6D8FBC8699E9980F657D281BE9 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
21:27:34.0269 5272 BthAvrcpTg - ok
21:27:34.0284 5272 [ 8DE53C3B497D58C7D3E52F54D28E7D86 ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
21:27:34.0316 5272 BthEnum - ok
21:27:34.0331 5272 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
21:27:34.0456 5272 BthHFEnum - ok
21:27:34.0488 5272 [ 6F7368071FCDDB96C0527A6E5D7C1906 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
21:27:34.0519 5272 bthhfhid - ok
21:27:34.0550 5272 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
21:27:34.0597 5272 BTHMODEM - ok
21:27:34.0597 5272 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:27:34.0659 5272 BthPan - ok
21:27:34.0691 5272 [ 427510B95603B24A0E1DDB47EFC4BA44 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
21:27:34.0753 5272 BTHPORT - ok
21:27:34.0800 5272 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
21:27:34.0816 5272 bthserv - ok
21:27:34.0831 5272 [ 0BB16201253AA87015EFFECAF157225F ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
21:27:34.0847 5272 BTHUSB - ok
21:27:34.0878 5272 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:27:34.0941 5272 cdfs - ok
21:27:34.0941 5272 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
21:27:34.0956 5272 cdrom - ok
21:27:34.0988 5272 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
21:27:35.0019 5272 CertPropSvc - ok
21:27:35.0066 5272 [ A73276435F75025DA6E67B2470E1FE16 ] cfwids C:\Windows\system32\drivers\cfwids.sys
21:27:35.0081 5272 cfwids - ok
21:27:35.0097 5272 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
21:27:35.0144 5272 circlass - ok
21:27:35.0175 5272 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
21:27:35.0191 5272 CLFS - ok
21:27:35.0206 5272 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
21:27:35.0269 5272 CmBatt - ok
21:27:35.0300 5272 [ 1894FD2D5966A81D3B07A7C4D8724D59 ] CNG C:\Windows\system32\Drivers\cng.sys
21:27:35.0331 5272 CNG - ok
21:27:35.0347 5272 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
21:27:35.0378 5272 CompositeBus - ok
21:27:35.0378 5272 COMSysApp - ok
21:27:35.0394 5272 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
21:27:35.0409 5272 condrv - ok
21:27:35.0472 5272 [ 9F5AFC3EE57412798B1A559B620386A0 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:27:35.0488 5272 cphs - ok
21:27:35.0519 5272 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:27:35.0550 5272 CryptSvc - ok
21:27:35.0581 5272 [ A4CCA7289C1A6223D61FD27BF2FC413F ] dam C:\Windows\system32\drivers\dam.sys
21:27:35.0597 5272 dam - ok
21:27:35.0628 5272 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
21:27:35.0706 5272 DcomLaunch - ok
21:27:35.0738 5272 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:27:35.0816 5272 defragsvc - ok
21:27:35.0847 5272 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
21:27:35.0878 5272 DeviceAssociationService - ok
21:27:35.0909 5272 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
21:27:35.0941 5272 DeviceInstall - ok
21:27:35.0972 5272 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
21:27:35.0988 5272 Dfsc - ok
21:27:36.0035 5272 [ CFB72DF4B2364AF6D4D685DCD310E942 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:27:36.0113 5272 Dhcp - ok
21:27:36.0128 5272 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
21:27:36.0144 5272 discache - ok
21:27:36.0160 5272 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
21:27:36.0175 5272 disk - ok
21:27:36.0175 5272 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
21:27:36.0238 5272 dmvsc - ok
21:27:36.0253 5272 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:27:36.0300 5272 Dnscache - ok
21:27:36.0331 5272 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
21:27:36.0363 5272 dot3svc - ok
21:27:36.0378 5272 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
21:27:36.0410 5272 DPS - ok
21:27:36.0425 5272 [ 84D07E4E4FBE72DA3EC1C1E77C49B53C ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:27:36.0488 5272 drmkaud - ok
21:27:36.0519 5272 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
21:27:36.0613 5272 DsmSvc - ok
21:27:36.0660 5272 [ 898BF1647BBF012B38EF45C7F9F7A67E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:27:36.0722 5272 DXGKrnl - ok
21:27:36.0738 5272 [ 651FBD69A9713D623D456A240F96179C ] e1iexpress C:\Windows\system32\DRIVERS\e1i63x64.sys
21:27:36.0785 5272 e1iexpress - ok
21:27:36.0831 5272 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
21:27:36.0863 5272 Eaphost - ok
21:27:36.0941 5272 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:27:37.0050 5272 ebdrv - ok
21:27:37.0066 5272 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe
21:27:37.0144 5272 EFS - ok
21:27:37.0160 5272 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
21:27:37.0175 5272 EhStorClass - ok
21:27:37.0175 5272 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
21:27:37.0191 5272 EhStorTcgDrv - ok
21:27:37.0206 5272 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
21:27:37.0206 5272 ErrDev - ok
21:27:37.0269 5272 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
21:27:37.0331 5272 EventSystem - ok
21:27:37.0363 5272 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
21:27:37.0394 5272 exfat - ok
21:27:37.0394 5272 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:27:37.0410 5272 fastfat - ok
21:27:37.0456 5272 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
21:27:37.0519 5272 Fax - ok
21:27:37.0535 5272 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
21:27:37.0566 5272 fdc - ok
21:27:37.0581 5272 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
21:27:37.0613 5272 fdPHost - ok
21:27:37.0628 5272 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
21:27:37.0644 5272 FDResPub - ok
21:27:37.0691 5272 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll
21:27:37.0722 5272 fhsvc - ok
21:27:37.0753 5272 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:27:37.0769 5272 FileInfo - ok
21:27:37.0769 5272 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:27:37.0800 5272 Filetrace - ok
21:27:37.0800 5272 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
21:27:37.0831 5272 flpydisk - ok
21:27:37.0847 5272 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:27:37.0863 5272 FltMgr - ok
21:27:37.0910 5272 [ 305CB1E16576F436BC8797E629A3D46D ] FontCache C:\Windows\system32\FntCache.dll
21:27:38.0019 5272 FontCache - ok
21:27:38.0066 5272 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:27:38.0081 5272 FontCache3.0.0.0 - ok
21:27:38.0113 5272 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:27:38.0128 5272 FsDepends - ok
21:27:38.0128 5272 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:27:38.0144 5272 Fs_Rec - ok
21:27:38.0175 5272 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:27:38.0191 5272 fvevol - ok
21:27:38.0207 5272 [ 3EF3FCCC0E70EEC5C2AD996F32BBA642 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
21:27:38.0238 5272 FxPPM - ok
21:27:38.0238 5272 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:27:38.0253 5272 gagp30kx - ok
21:27:38.0269 5272 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
21:27:38.0285 5272 gencounter - ok
21:27:38.0316 5272 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
21:27:38.0331 5272 GPIOClx0101 - ok
21:27:38.0378 5272 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
21:27:38.0441 5272 gpsvc - ok
21:27:38.0472 5272 [ 9FC1F11D4D19F61DFE5CC878B4557D3A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:27:38.0519 5272 HdAudAddService - ok
21:27:38.0550 5272 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
21:27:38.0581 5272 HDAudBus - ok
21:27:38.0581 5272 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
21:27:38.0597 5272 HidBatt - ok
21:27:38.0628 5272 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\Windows\System32\drivers\hidbth.sys
21:27:38.0660 5272 HidBth - ok
21:27:38.0675 5272 [ AC0526C4E3A7954F750B8F8D95EFB340 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
21:27:38.0707 5272 hidi2c - ok
21:27:38.0722 5272 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
21:27:38.0753 5272 HidIr - ok
21:27:38.0832 5272 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll
21:27:38.0847 5272 hidserv - ok
21:27:38.0878 5272 [ A9F2301B8D28BB4D887F5AEBB55ACB3A ] HIDSwitch C:\Windows\System32\drivers\AsHIDSwitch64.sys
21:27:38.0894 5272 HIDSwitch - ok
21:27:38.0910 5272 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
21:27:38.0941 5272 HidUsb - ok
21:27:38.0941 5272 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
21:27:38.0957 5272 HipShieldK - ok
21:27:38.0988 5272 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:27:39.0019 5272 hkmsvc - ok
21:27:39.0035 5272 [ 6CC1AD7B0E071C317B7FB8FC6AEF0EDA ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:27:39.0113 5272 HomeGroupListener - ok
21:27:39.0128 5272 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:27:39.0160 5272 HomeGroupProvider - ok
21:27:39.0175 5272 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:27:39.0191 5272 HpSAMD - ok
21:27:39.0207 5272 [ 47DBBF38E00C3F7404B71F6509241EF1 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:27:39.0300 5272 HTTP - ok
21:27:39.0316 5272 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:27:39.0316 5272 hwpolicy - ok
21:27:39.0332 5272 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
21:27:39.0363 5272 hyperkbd - ok
21:27:39.0363 5272 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
21:27:39.0378 5272 HyperVideo - ok
21:27:39.0378 5272 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
21:27:39.0394 5272 i8042prt - ok
21:27:39.0441 5272 [ 0FE66A51D81A25AACEAAE4C26308121D ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
21:27:39.0457 5272 iaStorA - ok
21:27:39.0535 5272 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:27:39.0582 5272 iaStorV - ok
21:27:39.0847 5272 [ 11A31FC2481BFE69B0507ED8C80215F4 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:27:40.0097 5272 igfx - ok
21:27:40.0128 5272 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:27:40.0144 5272 iirsp - ok
21:27:40.0175 5272 [ 45EACE8D94B9CEC746A85154892C4FDC ] IKEEXT C:\Windows\System32\ikeext.dll
21:27:40.0222 5272 IKEEXT - ok
21:27:40.0238 5272 [ F5495B38BFB9149925F54F65AB40EFBF ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:27:40.0285 5272 IntcDAud - ok
21:27:40.0347 5272 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:27:40.0378 5272 Intel(R) Capability Licensing Service Interface - ok
21:27:40.0457 5272 [ 9656F8E29F6C3161A3E99BCD3A472FF9 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
21:27:40.0472 5272 Intel(R) ME Service - ok
21:27:40.0488 5272 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
21:27:40.0488 5272 intelide - ok
21:27:40.0519 5272 [ F9E126AA767E2E6E3128434A43C9F713 ] intelppm C:\Windows\System32\drivers\intelppm.sys
21:27:40.0535 5272 intelppm - ok
21:27:40.0535 5272 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:27:40.0566 5272 IpFilterDriver - ok
21:27:40.0597 5272 [ CAC5202757EF68C4849B0DFFA75F6D3C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:27:40.0660 5272 iphlpsvc - ok
21:27:40.0691 5272 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
21:27:40.0738 5272 IPMIDRV - ok
21:27:40.0738 5272 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:27:40.0769 5272 IPNAT - ok
21:27:40.0785 5272 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:27:40.0832 5272 IRENUM - ok
21:27:40.0847 5272 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:27:40.0863 5272 isapnp - ok
21:27:40.0894 5272 [ F5F0DE1B7F256997501EECECE9648108 ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
21:27:40.0910 5272 iScsiPrt - ok
21:27:40.0941 5272 [ 78ABBE558F57144047F10A0F50FE4B2F ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:27:40.0957 5272 jhi_service - ok
21:27:40.0957 5272 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
21:27:40.0972 5272 kbdclass - ok
21:27:40.0972 5272 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
21:27:41.0003 5272 kbdhid - ok
21:27:41.0035 5272 [ A8080BEBCDB7A16495CE1205921DCAC5 ] kbfiltr C:\Windows\System32\drivers\kbfiltr.sys
21:27:41.0035 5272 kbfiltr - ok
21:27:41.0066 5272 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
21:27:41.0144 5272 kdnic - ok
21:27:41.0160 5272 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe
21:27:41.0175 5272 KeyIso - ok
21:27:41.0207 5272 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:27:41.0207 5272 KSecDD - ok
21:27:41.0238 5272 [ E427D299CFE267A2465D3AAF81440ED9 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:27:41.0254 5272 KSecPkg - ok
21:27:41.0269 5272 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:27:41.0285 5272 ksthunk - ok
21:27:41.0332 5272 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:27:41.0363 5272 KtmRm - ok
21:27:41.0394 5272 [ CBD16721541EE334F6D623CE0B4003BF ] L1C C:\Windows\system32\DRIVERS\L1C63x64.sys
21:27:41.0394 5272 L1C - ok
21:27:41.0425 5272 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll
21:27:41.0457 5272 LanmanServer - ok
21:27:41.0472 5272 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:27:41.0504 5272 LanmanWorkstation - ok
21:27:41.0535 5272 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:27:41.0550 5272 lltdio - ok
21:27:41.0582 5272 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:27:41.0644 5272 lltdsvc - ok
21:27:41.0644 5272 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:27:41.0722 5272 lmhosts - ok
21:27:41.0754 5272 [ 2C24DC448DBE8DB9BE1441B824C57E79 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:27:41.0754 5272 LMS - ok
21:27:41.0785 5272 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:27:41.0800 5272 LSI_SAS - ok
21:27:41.0816 5272 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:27:41.0832 5272 LSI_SAS2 - ok
21:27:41.0832 5272 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:27:41.0847 5272 LSI_SCSI - ok
21:27:41.0847 5272 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
21:27:41.0863 5272 LSI_SSS - ok
21:27:41.0894 5272 [ 8FEFDCEE40B75FD23B4BC60DA6576113 ] LSM C:\Windows\System32\lsm.dll
21:27:41.0941 5272 LSM - ok
21:27:41.0941 5272 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
21:27:41.0972 5272 luafv - ok
21:27:42.0050 5272 [ 1E3AF124A3405EEE594BB9FFD4640F48 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
21:27:42.0066 5272 McAWFwk - ok
21:27:42.0129 5272 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:27:42.0144 5272 McMPFSvc - ok
21:27:42.0144 5272 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
21:27:42.0160 5272 mcmscsvc - ok
21:27:42.0160 5272 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
21:27:42.0160 5272 McNaiAnn - ok
21:27:42.0175 5272 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
21:27:42.0175 5272 McNASvc - ok
21:27:42.0222 5272 [ B26B99CE6218CC586B727CBA7C923233 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
21:27:42.0238 5272 McODS - ok
21:27:42.0238 5272 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
21:27:42.0254 5272 McOobeSv - ok
21:27:42.0254 5272 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
21:27:42.0269 5272 McProxy - ok
21:27:42.0316 5272 [ 23EA22ACADD66D7F1E18A4AA72BE6158 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
21:27:42.0332 5272 McShield - ok
21:27:42.0347 5272 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
21:27:42.0363 5272 megasas - ok
21:27:42.0379 5272 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:27:42.0394 5272 MegaSR - ok
21:27:42.0410 5272 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys
21:27:42.0425 5272 MEIx64 - ok
21:27:42.0457 5272 [ 19323081FA4018C9C1AEBF08114BEA11 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
21:27:42.0472 5272 mfeapfk - ok
21:27:42.0488 5272 [ EF1D39A70CAD1B7BEDC220480F26815C ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
21:27:42.0488 5272 mfeavfk - ok
21:27:42.0519 5272 mfeavfk01 - ok
21:27:42.0535 5272 [ 9DBA574C2189A32BF484F6EC2322C5CA ] mfeelamk C:\Windows\system32\drivers\mfeelamk.sys
21:27:42.0535 5272 mfeelamk - ok
21:27:42.0566 5272 [ 3CBBB569730EFD069B4BD253DDD4AD58 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
21:27:42.0582 5272 mfefire - ok
21:27:42.0613 5272 [ 67972BFC8F23054BD23E1DE1450E40BD ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
21:27:42.0629 5272 mfefirek - ok
21:27:42.0660 5272 [ 5C0EE849C03C37071FABDAA6B58D3D94 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
21:27:42.0691 5272 mfehidk - ok
21:27:42.0691 5272 [ 450B77CAC7384A9C1BAF476AC302CD4C ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
21:27:42.0707 5272 mferkdet - ok
21:27:42.0738 5272 [ 74CE2EBE64AB78904E33DD4C5F21611F ] mfevtp C:\windows\system32\mfevtps.exe
21:27:42.0738 5272 mfevtp - ok
21:27:42.0769 5272 [ F55F9742BFA88D02F96516B80AB400EC ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
21:27:42.0769 5272 mfewfpk - ok
21:27:42.0800 5272 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll
21:27:42.0832 5272 MMCSS - ok
21:27:42.0863 5272 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
21:27:42.0894 5272 Modem - ok
21:27:42.0894 5272 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:27:42.0957 5272 monitor - ok
21:27:42.0957 5272 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
21:27:42.0972 5272 mouclass - ok
21:27:42.0972 5272 [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid C:\Windows\System32\drivers\mouhid.sys
21:27:43.0004 5272 mouhid - ok
21:27:43.0019 5272 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:27:43.0019 5272 mountmgr - ok
21:27:43.0066 5272 [ 46C379299D0C831463162C473C2D5927 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:27:43.0066 5272 MozillaMaintenance - ok
21:27:43.0082 5272 [ 36BF4D86F166ACBC14F0B8B8F90CBCEA ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:27:43.0113 5272 mpsdrv - ok
21:27:43.0144 5272 [ 411EA973A1961C287927DF13891EB41E ] MpsSvc C:\Windows\system32\mpssvc.dll
21:27:43.0175 5272 MpsSvc - ok
21:27:43.0207 5272 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:27:43.0222 5272 MRxDAV - ok
21:27:43.0269 5272 [ 1EEAA5A62E8C49DDF58798F06F78BFFA ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:27:43.0300 5272 mrxsmb - ok
21:27:43.0300 5272 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:27:43.0332 5272 mrxsmb10 - ok
21:27:43.0332 5272 [ BFBE1EA55ECC15733933D429E384BCA4 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:27:43.0363 5272 mrxsmb20 - ok
21:27:43.0394 5272 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
21:27:43.0425 5272 MsBridge - ok
21:27:43.0441 5272 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
21:27:43.0457 5272 MSDTC - ok
21:27:43.0472 5272 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:27:43.0504 5272 Msfs - ok
21:27:43.0519 5272 [ C9BFB0353099B071E70299549C18C8AE ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
21:27:43.0535 5272 msgpiowin32 - ok
21:27:43.0551 5272 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:27:43.0582 5272 mshidkmdf - ok
21:27:43.0597 5272 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
21:27:43.0613 5272 mshidumdf - ok
21:27:43.0613 5272 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:27:43.0629 5272 msisadrv - ok
21:27:43.0676 5272 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:27:43.0707 5272 MSiSCSI - ok
21:27:43.0707 5272 msiserver - ok
21:27:43.0738 5272 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
21:27:43.0754 5272 MSK80Service - ok
21:27:43.0769 5272 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:27:43.0785 5272 MSKSSRV - ok
21:27:43.0801 5272 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
21:27:43.0816 5272 MsLldp - ok
21:27:43.0816 5272 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:27:43.0847 5272 MSPCLOCK - ok
21:27:43.0863 5272 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:27:43.0894 5272 MSPQM - ok
21:27:43.0910 5272 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:27:43.0926 5272 MsRPC - ok
21:27:43.0926 5272 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
21:27:43.0941 5272 mssmbios - ok
21:27:43.0941 5272 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:27:43.0957 5272 MSTEE - ok
21:27:43.0957 5272 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
21:27:43.0988 5272 MTConfig - ok
21:27:44.0004 5272 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
21:27:44.0004 5272 Mup - ok
21:27:44.0019 5272 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
21:27:44.0019 5272 mvumis - ok
21:27:44.0066 5272 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
21:27:44.0097 5272 napagent - ok
21:27:44.0129 5272 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:27:44.0160 5272 NativeWifiP - ok
21:27:44.0207 5272 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
21:27:44.0238 5272 NcaSvc - ok
21:27:44.0238 5272 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
21:27:44.0316 5272 NcdAutoSetup - ok
21:27:44.0347 5272 [ FE6463C1574610E26ED8DE2054DF59A4 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:27:44.0394 5272 NDIS - ok
21:27:44.0426 5272 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:27:44.0457 5272 NdisCap - ok
21:27:44.0457 5272 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
21:27:44.0472 5272 NdisImPlatform - ok
21:27:44.0504 5272 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:27:44.0566 5272 NdisTapi - ok
21:27:44.0597 5272 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:27:44.0629 5272 Ndisuio - ok
21:27:44.0629 5272 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:27:44.0660 5272 NdisWan - ok
21:27:44.0660 5272 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
21:27:44.0691 5272 NDISWANLEGACY - ok
21:27:44.0707 5272 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:27:44.0722 5272 NDProxy - ok
21:27:44.0738 5272 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
21:27:44.0754 5272 Ndu - ok
21:27:44.0769 5272 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:27:44.0801 5272 NetBIOS - ok
21:27:44.0832 5272 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:27:44.0894 5272 NetBT - ok
21:27:44.0926 5272 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe
21:27:44.0941 5272 Netlogon - ok
21:27:44.0972 5272 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
21:27:45.0004 5272 Netman - ok
21:27:45.0035 5272 [ 20F6FD63E6D456114BC8056D62792786 ] netprofm C:\Windows\System32\netprofmsvc.dll
21:27:45.0066 5272 netprofm - ok
21:27:45.0129 5272 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:27:45.0144 5272 NetTcpPortSharing - ok
21:27:45.0285 5272 [ 57B9C04D673F236D41FAB03842C8640B ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
21:27:45.0472 5272 NETwNs64 - ok
21:27:45.0488 5272 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:27:45.0504 5272 nfrd960 - ok
21:27:45.0519 5272 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:27:45.0582 5272 NlaSvc - ok
21:27:45.0582 5272 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:27:45.0613 5272 Npfs - ok
21:27:45.0644 5272 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
21:27:45.0676 5272 npsvctrig - ok
21:27:45.0707 5272 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
21:27:45.0738 5272 nsi - ok
21:27:45.0754 5272 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:27:45.0785 5272 nsiproxy - ok
21:27:45.0832 5272 [ 4A7EEA9C4AD5CBFDA3C0E5B821C99CAD ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:27:45.0879 5272 Ntfs - ok
21:27:45.0894 5272 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
21:27:45.0910 5272 Null - ok
21:27:45.0926 5272 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:27:45.0926 5272 nvraid - ok
21:27:45.0941 5272 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:27:45.0957 5272 nvstor - ok
21:27:45.0957 5272 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:27:45.0973 5272 nv_agp - ok
21:27:45.0988 5272 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:27:46.0066 5272 p2pimsvc - ok
21:27:46.0082 5272 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
21:27:46.0113 5272 p2psvc - ok
21:27:46.0144 5272 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
21:27:46.0176 5272 Parport - ok
21:27:46.0176 5272 [ C1D7BA7F0DE487DFEEB51BF8D3EC5562 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:27:46.0191 5272 partmgr - ok
21:27:46.0223 5272 [ 19E41F140A6ADBD38943710DA7FF0E38 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:27:46.0238 5272 PcaSvc - ok
21:27:46.0254 5272 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
21:27:46.0269 5272 pci - ok
21:27:46.0269 5272 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
21:27:46.0285 5272 pciide - ok
21:27:46.0301 5272 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:27:46.0316 5272 pcmcia - ok
21:27:46.0316 5272 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
21:27:46.0332 5272 pcw - ok
21:27:46.0348 5272 [ A192B9FC67F181A78B05175EE0A244FA ] pdc C:\Windows\system32\drivers\pdc.sys
21:27:46.0363 5272 pdc - ok
21:27:46.0394 5272 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:27:46.0457 5272 PEAUTH - ok
21:27:46.0535 5272 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:27:46.0566 5272 PerfHost - ok
21:27:46.0676 5272 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
21:27:46.0738 5272 pla - ok
21:27:46.0754 5272 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:27:46.0769 5272 PlugPlay - ok
21:27:46.0801 5272 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:27:46.0816 5272 PNRPAutoReg - ok
21:27:46.0816 5272 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:27:46.0832 5272 PNRPsvc - ok
21:27:46.0863 5272 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:27:46.0894 5272 PolicyAgent - ok
21:27:46.0926 5272 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll
21:27:46.0973 5272 Power - ok
21:27:47.0004 5272 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:27:47.0019 5272 PptpMiniport - ok
21:27:47.0301 5272 [ CC0B8655E4B2A5BBB215CDA8FC3BE4DE ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
21:27:47.0488 5272 PrintNotify - ok
21:27:47.0519 5272 [ 8DA167F8967AB35A2487095CB1B879A0 ] Processor C:\Windows\System32\drivers\processr.sys
21:27:47.0535 5272 Processor - ok
21:27:47.0566 5272 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
21:27:47.0598 5272 ProfSvc - ok
21:27:47.0629 5272 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:27:47.0644 5272 Psched - ok
21:27:47.0660 5272 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
21:27:47.0691 5272 QWAVE - ok
21:27:47.0707 5272 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:27:47.0738 5272 QWAVEdrv - ok
21:27:47.0754 5272 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:27:47.0785 5272 RasAcd - ok
21:27:47.0816 5272 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:27:47.0832 5272 RasAgileVpn - ok
21:27:47.0863 5272 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
21:27:47.0894 5272 RasAuto - ok
21:27:47.0910 5272 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:27:47.0941 5272 Rasl2tp - ok
21:27:47.0957 5272 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
21:27:47.0988 5272 RasMan - ok
21:27:48.0004 5272 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:27:48.0019 5272 RasPppoe - ok
21:27:48.0019 5272 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:27:48.0051 5272 RasSstp - ok
21:27:48.0082 5272 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:27:48.0098 5272 rdbss - ok
21:27:48.0113 5272 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
21:27:48.0160 5272 rdpbus - ok
21:27:48.0160 5272 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:27:48.0207 5272 RDPDR - ok
21:27:48.0223 5272 [ 3B4F32CA8B37584ECF98BCE136E38B96 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:27:48.0238 5272 RdpVideoMiniport - ok
21:27:48.0238 5272 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:27:48.0270 5272 RDPWD - ok
21:27:48.0285 5272 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:27:48.0301 5272 rdyboost - ok
21:27:48.0316 5272 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:27:48.0348 5272 RemoteAccess - ok
21:27:48.0395 5272 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:27:48.0441 5272 RemoteRegistry - ok
21:27:48.0473 5272 [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:27:48.0504 5272 RFCOMM - ok
21:27:48.0520 5272 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:27:48.0551 5272 RpcEptMapper - ok
21:27:48.0582 5272 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
21:27:48.0613 5272 RpcLocator - ok
21:27:48.0645 5272 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
21:27:48.0676 5272 RpcSs - ok
21:27:48.0691 5272 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:27:48.0723 5272 rspndr - ok
21:27:48.0754 5272 [ 15923AA360F7675D3D43C9669316A0BA ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
21:27:48.0801 5272 RTL8168 - ok
21:27:48.0816 5272 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
21:27:48.0848 5272 s3cap - ok
21:27:48.0879 5272 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe
21:27:48.0895 5272 SamSs - ok
21:27:48.0926 5272 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:27:48.0926 5272 sbp2port - ok
21:27:48.0973 5272 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:27:49.0004 5272 SCardSvr - ok
21:27:49.0004 5272 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:27:49.0035 5272 scfilter - ok
21:27:49.0066 5272 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\Windows\system32\schedsvc.dll
21:27:49.0129 5272 Schedule - ok
21:27:49.0176 5272 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:27:49.0191 5272 SCPolicySvc - ok
21:27:49.0191 5272 [ A27CF856218B1B1442A7A3B5CF94B4B9 ] sdbus C:\Windows\System32\drivers\sdbus.sys
21:27:49.0207 5272 sdbus - ok
21:27:49.0238 5272 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:27:49.0301 5272 SDRSVC - ok
21:27:49.0332 5272 [ 74369A913837FB46C3B27373DA2ADF4E ] sdstor C:\Windows\System32\drivers\sdstor.sys
21:27:49.0348 5272 sdstor - ok
21:27:49.0379 5272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:27:49.0395 5272 secdrv - ok
21:27:49.0441 5272 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
21:27:49.0473 5272 seclogon - ok
21:27:49.0473 5272 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
21:27:49.0520 5272 SENS - ok
21:27:49.0535 5272 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:27:49.0582 5272 SensrSvc - ok
21:27:49.0613 5272 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
21:27:49.0613 5272 SerCx - ok
21:27:49.0629 5272 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
21:27:49.0660 5272 Serenum - ok
21:27:49.0676 5272 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
21:27:49.0691 5272 Serial - ok
21:27:49.0691 5272 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
21:27:49.0707 5272 sermouse - ok
21:27:49.0754 5272 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
21:27:49.0770 5272 SessionEnv - ok
21:27:49.0770 5272 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
21:27:49.0801 5272 sfloppy - ok
21:27:49.0832 5272 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:27:49.0879 5272 SharedAccess - ok
21:27:49.0910 5272 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:27:50.0004 5272 ShellHWDetection - ok
21:27:50.0020 5272 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:27:50.0035 5272 SiSRaid2 - ok
21:27:50.0035 5272 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:27:50.0051 5272 SiSRaid4 - ok
21:27:50.0066 5272 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:27:50.0113 5272 SNMPTRAP - ok
21:27:50.0129 5272 [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport C:\Windows\system32\drivers\spaceport.sys
21:27:50.0145 5272 spaceport - ok
21:27:50.0145 5272 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
21:27:50.0160 5272 SpbCx - ok
21:27:50.0191 5272 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
21:27:50.0270 5272 Spooler - ok
21:27:50.0363 5272 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
21:27:50.0504 5272 sppsvc - ok
21:27:50.0535 5272 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:27:50.0566 5272 srv - ok
21:27:50.0582 5272 [ 0DE224F7B8041B17AA53D00327A86396 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:27:50.0613 5272 srv2 - ok
21:27:50.0629 5272 [ 9400C71F5A1A380B494B6922F007D485 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:27:50.0645 5272 srvnet - ok
21:27:50.0676 5272 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:27:50.0723 5272 SSDPSRV - ok
21:27:50.0754 5272 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:27:50.0770 5272 SstpSvc - ok
21:27:50.0801 5272 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:27:50.0817 5272 stexstor - ok
21:27:50.0863 5272 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
21:27:50.0942 5272 stisvc - ok
21:27:50.0957 5272 [ C588BBD37B432CE3204E5765B459E6B2 ] storahci C:\Windows\system32\drivers\storahci.sys
21:27:50.0973 5272 storahci - ok
21:27:50.0973 5272 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
21:27:50.0988 5272 storflt - ok
21:27:51.0020 5272 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
21:27:51.0067 5272 StorSvc - ok
21:27:51.0082 5272 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:27:51.0098 5272 storvsc - ok
21:27:51.0145 5272 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
21:27:51.0176 5272 svsvc - ok
21:27:51.0176 5272 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
21:27:51.0192 5272 swenum - ok
21:27:51.0223 5272 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
21:27:51.0254 5272 swprv - ok
21:27:51.0285 5272 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll
21:27:51.0317 5272 SysMain - ok
21:27:51.0348 5272 [ 079244F281621FEDCC161D3923E858FE ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
21:27:51.0395 5272 SystemEventsBroker - ok
21:27:51.0442 5272 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
21:27:51.0457 5272 TabletInputService - ok
21:27:51.0488 5272 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
21:27:51.0520 5272 TapiSrv - ok
21:27:51.0582 5272 [ 1D644E2D0FC395A055AB1C23C3B43631 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:27:51.0645 5272 Tcpip - ok
21:27:51.0754 5272 [ 1D644E2D0FC395A055AB1C23C3B43631 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:27:51.0801 5272 TCPIP6 - ok
21:27:51.0832 5272 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:27:51.0863 5272 tcpipreg - ok
21:27:51.0863 5272 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:27:51.0879 5272 tdx - ok
21:27:51.0879 5272 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
21:27:51.0895 5272 terminpt - ok
21:27:51.0926 5272 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
21:27:51.0973 5272 TermService - ok
21:27:51.0988 5272 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
21:27:52.0020 5272 Themes - ok
21:27:52.0051 5272 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll
21:27:52.0067 5272 THREADORDER - ok
21:27:52.0082 5272 [ 52066C139CC189468845D5BE557B25EB ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
21:27:52.0098 5272 TimeBroker - ok
21:27:52.0129 5272 [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM C:\Windows\system32\drivers\tpm.sys
21:27:52.0145 5272 TPM - ok
21:27:52.0160 5272 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
21:27:52.0192 5272 TrkWks - ok
21:27:52.0254 5272 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:27:52.0270 5272 TrustedInstaller - ok
21:27:52.0301 5272 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:27:52.0332 5272 TsUsbFlt - ok
21:27:52.0332 5272 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
21:27:52.0363 5272 TsUsbGD - ok
21:27:52.0363 5272 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:27:52.0410 5272 tunnel - ok
21:27:52.0410 5272 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:27:52.0426 5272 uagp35 - ok
21:27:52.0426 5272 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
21:27:52.0442 5272 UASPStor - ok
21:27:52.0473 5272 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
21:27:52.0488 5272 UCX01000 - ok
21:27:52.0504 5272 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:27:52.0520 5272 udfs - ok
21:27:52.0551 5272 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:27:52.0582 5272 UI0Detect - ok
21:27:52.0582 5272 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:27:52.0598 5272 uliagpkx - ok
21:27:52.0613 5272 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
21:27:52.0645 5272 umbus - ok
21:27:52.0645 5272 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
21:27:52.0660 5272 UmPass - ok
21:27:52.0707 5272 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
21:27:52.0738 5272 UmRdpService - ok
21:27:52.0848 5272 [ E1A119AD21F5AFE22EB516C549306D3D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:27:52.0863 5272 UNS - ok
21:27:52.0895 5272 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
21:27:52.0957 5272 upnphost - ok
21:27:52.0973 5272 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
21:27:53.0004 5272 usbccgp - ok
21:27:53.0020 5272 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
21:27:53.0051 5272 usbcir - ok
21:27:53.0082 5272 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
21:27:53.0098 5272 usbehci - ok
21:27:53.0114 5272 [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub C:\Windows\System32\drivers\usbhub.sys
21:27:53.0145 5272 usbhub - ok
21:27:53.0160 5272 [ 7B886003CEEBF3C8E4FDF3586DCB3787 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
21:27:53.0176 5272 USBHUB3 - ok
21:27:53.0207 5272 [ EC1303E3DBF312B846377A84C0D15F27 ] usbohci C:\Windows\System32\drivers\usbohci.sys
21:27:53.0239 5272 usbohci - ok
21:27:53.0254 5272 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
21:27:53.0301 5272 usbprint - ok
21:27:53.0317 5272 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
21:27:53.0332 5272 USBSTOR - ok
21:27:53.0348 5272 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
21:27:53.0364 5272 usbuhci - ok
21:27:53.0395 5272 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:27:53.0410 5272 usbvideo - ok
21:27:53.0457 5272 [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
21:27:53.0473 5272 USBXHCI - ok
21:27:53.0489 5272 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe
21:27:53.0504 5272 VaultSvc - ok
21:27:53.0520 5272 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:27:53.0535 5272 vdrvroot - ok
21:27:53.0567 5272 [ 00FBA165A1167738802DA5D0EE78EF10 ] vds C:\Windows\System32\vds.exe
21:27:53.0629 5272 vds - ok
21:27:53.0629 5272 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
21:27:53.0645 5272 VerifierExt - ok
21:27:53.0676 5272 [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
21:27:53.0692 5272 vhdmp - ok
21:27:53.0754 5272 [ C11A95D4D504A42FACF6691B7F9084B0 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
21:27:53.0801 5272 VIAHdAudAddService - ok
21:27:53.0801 5272 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
21:27:53.0817 5272 viaide - ok
21:27:53.0832 5272 [ 0C0B393138C55954929FE47611383BC9 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
21:27:53.0848 5272 VIAKaraokeService - ok
21:27:53.0879 5272 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:27:53.0895 5272 vmbus - ok
21:27:53.0895 5272 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
21:27:53.0926 5272 VMBusHID - ok
21:27:53.0973 5272 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
21:27:53.0989 5272 vmicheartbeat - ok
21:27:53.0989 5272 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
21:27:54.0004 5272 vmickvpexchange - ok
21:27:54.0020 5272 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
21:27:54.0035 5272 vmicrdv - ok
21:27:54.0035 5272 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
21:27:54.0051 5272 vmicshutdown - ok
21:27:54.0067 5272 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
21:27:54.0082 5272 vmictimesync - ok
21:27:54.0082 5272 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
21:27:54.0098 5272 vmicvss - ok
21:27:54.0114 5272 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:27:54.0129 5272 volmgr - ok
21:27:54.0145 5272 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:27:54.0176 5272 volmgrx - ok
21:27:54.0176 5272 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:27:54.0192 5272 volsnap - ok
21:27:54.0207 5272 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
21:27:54.0207 5272 vpci - ok
21:27:54.0223 5272 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:27:54.0239 5272 vsmraid - ok
21:27:54.0270 5272 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe
21:27:54.0348 5272 VSS - ok
21:27:54.0379 5272 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
21:27:54.0395 5272 VSTXRAID - ok
21:27:54.0410 5272 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
21:27:54.0426 5272 vwifibus - ok
21:27:54.0426 5272 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:27:54.0442 5272 vwififlt - ok
21:27:54.0457 5272 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:27:54.0473 5272 vwifimp - ok
21:27:54.0504 5272 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
21:27:54.0535 5272 W32Time - ok
21:27:54.0551 5272 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
21:27:54.0582 5272 WacomPen - ok
21:27:54.0614 5272 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:27:54.0645 5272 Wanarp - ok
21:27:54.0645 5272 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:27:54.0660 5272 Wanarpv6 - ok
21:27:54.0707 5272 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
21:27:54.0817 5272 wbengine - ok
21:27:54.0832 5272 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:27:54.0879 5272 WbioSrvc - ok
21:27:54.0910 5272 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
21:27:54.0942 5272 Wcmsvc - ok
21:27:54.0973 5272 [ 4507D89FA9E4283100948C91E867D130 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:27:55.0020 5272 wcncsvc - ok
21:27:55.0036 5272 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:27:55.0098 5272 WcsPlugInService - ok
21:27:55.0114 5272 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
21:27:55.0160 5272 Wd - ok
21:27:55.0160 5272 [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
21:27:55.0176 5272 WdBoot - ok
21:27:55.0192 5272 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:27:55.0239 5272 Wdf01000 - ok
21:27:55.0239 5272 [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
21:27:55.0254 5272 WdFilter - ok
21:27:55.0301 5272 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:27:55.0364 5272 WdiServiceHost - ok
21:27:55.0364 5272 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:27:55.0395 5272 WdiSystemHost - ok
21:27:55.0426 5272 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
21:27:55.0473 5272 WebClient - ok
21:27:55.0504 5272 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:27:55.0536 5272 Wecsvc - ok
21:27:55.0567 5272 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:27:55.0598 5272 wercplsupport - ok
21:27:55.0598 5272 [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc C:\Windows\System32\WerSvc.dll
21:27:55.0645 5272 WerSvc - ok
21:27:55.0676 5272 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
21:27:55.0692 5272 WFPLWFS - ok
21:27:55.0723 5272 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
21:27:55.0754 5272 WiaRpc - ok
21:27:55.0754 5272 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:27:55.0770 5272 WIMMount - ok
21:27:55.0786 5272 WinDefend - ok
21:27:55.0832 5272 [ 1369928779943B5C7AABA263E6E2BBC1 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
21:27:55.0848 5272 WinHttpAutoProxySvc - ok
21:27:55.0895 5272 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:27:55.0926 5272 Winmgmt - ok
21:27:55.0989 5272 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
21:27:56.0082 5272 WinRM - ok
21:27:56.0114 5272 [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
21:27:56.0129 5272 WinUsb - ok
21:27:56.0176 5272 [ 19B3CFB1D6516AB2C54772CB75426AD4 ] WlanSvc C:\Windows\System32\wlansvc.dll
21:27:56.0254 5272 WlanSvc - ok
21:27:56.0301 5272 [ 08EFA13A2234C8C3B8A99E4B88BE7E9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
21:27:56.0364 5272 wlidsvc - ok
21:27:56.0379 5272 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
21:27:56.0411 5272 WmiAcpi - ok
21:27:56.0457 5272 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:27:56.0489 5272 wmiApSrv - ok
21:27:56.0504 5272 WMPNetworkSvc - ok
21:27:56.0520 5272 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
21:27:56.0582 5272 wpcfltr - ok
21:27:56.0614 5272 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:27:56.0629 5272 WPCSvc - ok
21:27:56.0645 5272 [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:27:56.0661 5272 WPDBusEnum - ok
21:27:56.0676 5272 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
21:27:56.0707 5272 WpdUpFltr - ok
21:27:56.0739 5272 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:27:56.0770 5272 ws2ifsl - ok
21:27:56.0801 5272 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\Windows\System32\wscsvc.dll
21:27:56.0864 5272 wscsvc - ok
21:27:56.0864 5272 WSearch - ok
21:27:56.0926 5272 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll
21:27:57.0020 5272 WSService - ok
21:27:57.0098 5272 [ 69DDDAF7BB4D39A4CC928EA434A3E258 ] wuauserv C:\Windows\system32\wuaueng.dll
21:27:57.0223 5272 wuauserv - ok
21:27:57.0254 5272 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:27:57.0301 5272 WudfPf - ok
21:27:57.0301 5272 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
21:27:57.0332 5272 WUDFRd - ok
21:27:57.0379 5272 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:27:57.0411 5272 wudfsvc - ok
21:27:57.0411 5272 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
21:27:57.0426 5272 WUDFWpdFs - ok
21:27:57.0457 5272 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:27:57.0520 5272 WwanSvc - ok
21:27:57.0536 5272 ================ Scan global ===============================
21:27:57.0567 5272 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
21:27:57.0598 5272 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
21:27:57.0614 5272 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
21:27:57.0645 5272 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
21:27:57.0661 5272 [Global] - ok
21:27:57.0661 5272 ================ Scan MBR ==================================
21:27:57.0661 5272 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
21:27:57.0911 5272 \Device\Harddisk0\DR0 - ok
21:27:57.0911 5272 ================ Scan VBR ==================================
21:27:57.0926 5272 [ CC147B29700663BED1CCC618344BF7A2 ] \Device\Harddisk0\DR0\Partition1
21:27:57.0926 5272 \Device\Harddisk0\DR0\Partition1 - ok
21:27:57.0942 5272 [ 5E9F0C57291ECEFEB967DDC0F2209601 ] \Device\Harddisk0\DR0\Partition2
21:27:57.0942 5272 \Device\Harddisk0\DR0\Partition2 - ok
21:27:57.0958 5272 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
21:27:57.0958 5272 \Device\Harddisk0\DR0\Partition3 - ok
21:27:57.0973 5272 [ 0BEC1683E9D82884065F5A426CC9099C ] \Device\Harddisk0\DR0\Partition4
21:27:57.0973 5272 \Device\Harddisk0\DR0\Partition4 - ok
21:27:58.0004 5272 [ BF957E5AF69932A807B2DAC1AC8FE7E9 ] \Device\Harddisk0\DR0\Partition5
21:27:58.0004 5272 \Device\Harddisk0\DR0\Partition5 - ok
21:27:58.0020 5272 [ 7315884CC3C30CD71B6D2AEBA85492B8 ] \Device\Harddisk0\DR0\Partition6
21:27:58.0020 5272 \Device\Harddisk0\DR0\Partition6 - ok
21:27:58.0020 5272 ============================================================
21:27:58.0020 5272 Scan finished
21:27:58.0020 5272 ============================================================
21:27:58.0036 0452 Detected object count: 0
21:27:58.0036 0452 Actual detected object count: 0
|
|
05.03.2013, 10:21
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | startfenster.com Windows 8 vcl player download Unaufffällig  Eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.03.2013, 11:29
| #9 |
| | startfenster.com Windows 8 vcl player download Ja schon. Es hat sich auch nichts unerwünschtes mehr geöffnet gestern und die performance war normal. hab dann mal alles gereinigt und mir den vlc-Player über ne virenfreie Quelle besorgt O.o' (sorry, aber ich musste dringend was gucken  )OTL: Code:
ATTFilter OTL logfile created on: 05/03/2013 11:16:11 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\juerg_000\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16484) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.89 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.65% Memory free 7.39 Gb Paging File | 5.42 Gb Available in Paging File | 73.37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186.30 Gb Total Space | 128.35 Gb Free Space | 68.89% Space Free | Partition Type: NTFS Drive D: | 258.15 Gb Total Space | 258.03 Gb Free Space | 99.95% Space Free | Partition Type: NTFS Computer Name: *** | User Name: juerg_000 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\juerg_000\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll () ========== Services (SafeList) ========== SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (ASUS) SRV - (McAWFwk) -- c:\PROGRA~1\mcafee\msc\mcawfwk.exe (McAfee, Inc.) SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\Drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\Drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\Drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\Drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfeelamk) -- C:\Windows\SysNative\Drivers\mfeelamk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\Drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\Drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\Drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (ATP) -- C:\Windows\SysNative\Drivers\AsusTP.sys (ASUS Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\Drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\Drivers\AiCharger.sys (ASUSTek Computer Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\Drivers\kbfiltr.sys ( ) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\Drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\Drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\Drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation) DRV:64bit: - (HIDSwitch) -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys (ASUS) DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\Drivers\HipShieldK.sys (McAfee, Inc.) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3435455976-2761992232-2573730619-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "https://de-de.facebook.com/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/04 11:46:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/04 18:50:53 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/03/04 11:04:36 | 000,000,000 | ---D | M] [2013/03/04 11:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juerg_000\AppData\Roaming\mozilla\Extensions [2013/03/04 13:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\juerg_000\AppData\Roaming\mozilla\Firefox\Profiles\rnxhzc2u.default\extensions [2013/03/04 13:02:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\juerg_000\AppData\Roaming\mozilla\firefox\profiles\rnxhzc2u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/03/04 11:46:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/02/27 06:10:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013/02/27 06:09:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013/02/27 06:09:34 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.234.128.7 195.234.128.16 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DF84F21-D7C0-4CAD-B46D-D41FFD5FDD3E}: DhcpNameServer = 195.234.128.7 195.234.128.16 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8E7A823-7114-4CD8-B198-C7D8D85E3B2B}: DhcpNameServer = 40.53.1.201 40.53.1.203 O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/05 11:14:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\juerg_000\Desktop\OTL.exe [2013/03/05 11:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/03/04 23:41:16 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\vlc [2013/03/04 23:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013/03/04 23:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013/03/04 23:08:14 | 000,000,000 | R--D | C] -- C:\Windows\BrowserChoice [2013/03/04 21:48:30 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\T2 [2013/03/04 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013/03/04 18:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013/03/04 18:21:40 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Malwarebytes [2013/03/04 18:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/04 18:20:55 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Programs [2013/03/04 17:01:45 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2013/03/04 17:01:45 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2013/03/04 17:01:38 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2013/03/04 17:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect [2013/03/04 17:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2013/03/04 17:01:29 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Winamp [2013/03/04 17:01:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp [2013/03/04 16:53:34 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\pixx [2013/03/04 16:44:27 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\SILVER LININGS DVDRIP EDAW2013 [2013/03/04 16:43:44 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\momentane fav`s [2013/03/04 16:42:44 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\Word [2013/03/04 14:28:41 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100_clr0400.dll [2013/03/04 14:26:27 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100_clr0400.dll [2013/03/04 14:23:42 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe [2013/03/04 14:23:41 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll [2013/03/04 14:23:41 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll [2013/03/04 14:23:40 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe [2013/03/04 14:23:39 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll [2013/03/04 14:23:38 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll [2013/03/04 14:23:38 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll [2013/03/04 14:23:36 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll [2013/03/04 14:23:36 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll [2013/03/04 14:23:36 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll [2013/03/04 14:23:36 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2013/03/04 14:23:35 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys [2013/03/04 14:23:35 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys [2013/03/04 14:23:33 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013/03/04 14:23:33 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll [2013/03/04 14:23:32 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll [2013/03/04 14:23:32 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL [2013/03/04 14:23:32 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll [2013/03/04 14:23:32 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll [2013/03/04 14:23:32 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe [2013/03/04 14:23:31 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL [2013/03/04 14:23:31 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe [2013/03/04 14:23:31 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll [2013/03/04 14:23:31 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe [2013/03/04 14:23:30 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll [2013/03/04 14:23:30 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll [2013/03/04 14:23:29 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll [2013/03/04 14:23:29 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll [2013/03/04 14:23:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll [2013/03/04 14:23:17 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll [2013/03/04 14:23:17 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013/03/04 14:20:18 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll [2013/03/04 14:20:18 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appserverai.dll [2013/03/04 14:20:18 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RDWebAI.dll [2013/03/04 14:20:18 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VmHostAI.dll [2013/03/04 14:20:14 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2013/03/04 14:20:14 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2013/03/04 14:20:11 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2013/03/04 14:20:11 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2013/03/04 14:20:03 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll [2013/03/04 14:20:03 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll [2013/03/04 14:19:20 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Macromedia [2013/03/04 14:18:39 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/03/04 14:16:15 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll [2013/03/04 14:16:15 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\resetengmig.dll [2013/03/04 14:16:15 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll [2013/03/04 14:16:15 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll [2013/03/04 14:16:15 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sysreset.exe [2013/03/04 14:15:09 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll [2013/03/04 14:15:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe [2013/03/04 14:15:08 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll [2013/03/04 14:14:40 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/03/04 14:14:38 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013/03/04 14:14:37 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/03/04 14:14:36 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/03/04 14:14:34 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013/03/04 14:14:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013/03/04 14:14:33 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/03/04 14:14:33 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/03/04 14:14:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013/03/04 14:14:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013/03/04 14:14:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013/03/04 14:14:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2013/03/04 14:14:32 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013/03/04 14:14:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013/03/04 14:14:29 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgentc.exe [2013/03/04 14:14:29 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgentc.exe [2013/03/04 14:14:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll [2013/03/04 14:14:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll [2013/03/04 14:14:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2013/03/04 14:14:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2013/03/04 14:14:19 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013/03/04 14:14:19 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2013/03/04 14:14:19 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe [2013/03/04 14:14:18 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll [2013/03/04 14:14:18 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnathlp.dll [2013/03/04 14:14:18 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe [2013/03/04 14:14:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhupnp.dll [2013/03/04 14:14:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnhpast.dll [2013/03/04 14:14:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhupnp.dll [2013/03/04 14:14:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnhpast.dll [2013/03/04 14:14:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnlobby.dll [2013/03/04 14:14:18 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnaddr.dll [2013/03/04 14:14:18 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnlobby.dll [2013/03/04 14:14:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnaddr.dll [2013/03/04 14:14:07 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013/03/04 14:14:07 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013/03/04 14:14:06 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2013/03/04 14:14:06 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2013/03/04 14:14:06 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013/03/04 14:14:06 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013/03/04 14:14:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll [2013/03/04 14:14:06 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll [2013/03/04 13:38:52 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2013/03/04 13:38:18 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Paint.NET [2013/03/04 12:41:25 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\uTorrent [2013/03/04 12:40:14 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\BitTorrent [2013/03/04 12:19:49 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Avira [2013/03/04 12:11:05 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Macromedia [2013/03/04 12:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013/03/04 12:01:25 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/03/04 12:01:25 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/03/04 12:01:25 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/03/04 12:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013/03/04 12:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013/03/04 11:57:55 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Desktop\fav programme [2013/03/04 11:46:48 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Mozilla [2013/03/04 11:46:48 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Mozilla [2013/03/04 11:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013/03/04 11:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013/03/04 11:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/03/04 11:29:33 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\Documents\ASUS [2013/03/04 11:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS [2013/03/04 11:08:08 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\ASUS WebStorage [2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Searches [2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Contacts [2013/03/04 11:07:24 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013/03/04 11:06:38 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Adobe [2013/03/04 11:06:26 | 000,000,000 | ---D | C] -- C:\ProgramData\FolderView [2013/03/04 11:04:29 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\VirtualStore [2013/03/04 11:04:18 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Packages [2013/03/04 11:04:15 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\ASUS [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Vorlagen [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\AppData\Local\Verlauf [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\AppData\Local\Temporary Internet Files [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Startmenü [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\SendTo [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Recent [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Netzwerkumgebung [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Lokale Einstellungen [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Documents\Eigene Videos [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Documents\Eigene Musik [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Eigene Dateien [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Documents\Eigene Bilder [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Druckumgebung [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Cookies [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\AppData\Local\Anwendungsdaten [2013/03/04 11:03:59 | 000,000,000 | -HSD | C] -- C:\Users\juerg_000\Anwendungsdaten [2013/03/04 11:03:58 | 000,000,000 | --SD | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Videos [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Saved Games [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Pictures [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Music [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Links [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Favorites [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Downloads [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Documents [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\Desktop [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013/03/04 11:03:58 | 000,000,000 | R--D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2013/03/04 11:03:58 | 000,000,000 | -H-D | C] -- C:\Users\juerg_000\AppData [2013/03/04 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Temp [2013/03/04 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Local\Microsoft [2013/03/04 11:03:58 | 000,000,000 | ---D | C] -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance ========== Files - Modified Within 30 Days ========== [2013/03/05 11:15:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\juerg_000\Desktop\OTL.exe [2013/03/05 11:08:46 | 000,000,401 | ---- | M] () -- C:\Users\juerg_000\AppData\Roaming\sp_data.sys [2013/03/05 11:06:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/05 03:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/04 23:15:08 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013/03/04 23:14:43 | 3338,391,552 | -HS- | M] () -- C:\hiberfil.sys [2013/03/04 16:43:21 | 004,568,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/03/04 16:43:21 | 000,790,022 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2013/03/04 16:43:21 | 000,785,550 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013/03/04 16:43:21 | 000,780,976 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2013/03/04 16:43:21 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/03/04 16:43:21 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/03/04 16:43:21 | 000,158,586 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013/03/04 16:43:21 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/03/04 16:43:21 | 000,155,084 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2013/03/04 16:43:21 | 000,152,608 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2013/03/04 16:43:21 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/03/04 16:41:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2013/03/04 12:00:21 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/03/04 12:00:21 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013/03/04 12:00:21 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013/02/15 18:51:48 | 009,808,492 | ---- | M] () -- C:\Users\juerg_000\Desktop\Anlagen Jürgen Haberzett.pdf [2013/02/07 00:06:14 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/07 00:06:14 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/03 15:09:00 | 000,009,075 | ---- | M] () -- C:\Users\juerg_000\Desktop\to do or think of (or not anymore;).odt ========== Files Created - No Company Name ========== [2013/03/04 18:50:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013/03/04 16:57:49 | 000,009,075 | ---- | C] () -- C:\Users\juerg_000\Desktop\to do or think of (or not anymore;).odt [2013/03/04 16:45:18 | 009,808,492 | ---- | C] () -- C:\Users\juerg_000\Desktop\Anlagen Jürgen Haberzett.pdf [2013/03/04 16:41:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2013/03/04 14:23:37 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013/03/04 14:18:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/04 13:39:42 | 000,001,302 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2013/03/04 11:46:41 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/03/04 11:08:00 | 000,000,401 | ---- | C] () -- C:\Users\juerg_000\AppData\Roaming\sp_data.sys [2013/03/04 11:06:38 | 000,001,444 | ---- | C] () -- C:\Users\juerg_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013/01/08 02:22:28 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012/11/20 11:01:21 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012/11/20 11:00:59 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/11/20 11:00:54 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012/08/17 01:52:29 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe [2012/08/17 01:52:28 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd [2012/07/26 09:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012/07/26 09:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012/07/26 08:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012/07/26 02:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012/07/25 21:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012/07/25 21:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012/06/02 15:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/01/10 00:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/01/10 00:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 05/03/2013 11:16:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\juerg_000\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
3.89 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 54.65% Memory free
7.39 Gb Paging File | 5.42 Gb Available in Paging File | 73.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 128.35 Gb Free Space | 68.89% Space Free | Partition Type: NTFS
Drive D: | 258.15 Gb Total Space | 258.03 Gb Free Space | 99.95% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: juerg_000 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B3CACB-AE81-4952-88AD-2F9A6AAF1C2C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{171A8D83-DE4E-467A-858B-CF9262C2033F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1DD7A109-AA81-4605-81F5-757B10A4A942}" = rport=137 | protocol=17 | dir=out | app=system |
"{2A9F92BC-BC08-47AB-A0BA-D1B7D607E11B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32AD0ED7-6020-4B5B-94E2-DF23637048B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{365E73B6-EAF5-40CD-B80B-94736574301A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{380AE527-6E53-4141-A57E-D7B6D66B47E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{4ADEBB8E-4DAB-4D33-9299-DA2609F8EE1B}" = rport=445 | protocol=6 | dir=out | app=system |
"{593C6697-A1E5-4459-BC31-AA072A5B80D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6AE593F5-D13B-4371-A496-8EA0E2CA964C}" = lport=137 | protocol=17 | dir=in | app=system |
"{7E4C71B7-50B0-49FB-A9EB-F47F1955B785}" = rport=138 | protocol=17 | dir=out | app=system |
"{8746CAB6-9CFC-44A6-9847-48761CFA3318}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8E6A0F74-98CE-43F8-9D09-D4573CB9AB6C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{991A54D4-39C6-46BC-B84A-8A3FD27F2E94}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9BC61B2C-868E-4BD4-9339-7C7527E7C567}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A8BDD9E4-36C9-428A-A7EC-28BECDFD6F5A}" = lport=138 | protocol=17 | dir=in | app=system |
"{AA7900C5-27B6-4F11-A532-0D0A90E49159}" = lport=445 | protocol=6 | dir=in | app=system |
"{B42565A7-D24A-4A2C-A0E0-BFE2E24890E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D4BD7778-E439-4A3C-A875-056035527348}" = lport=139 | protocol=6 | dir=in | app=system |
"{EA296D4F-F717-4AD7-9D7A-4E1AD319132A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ECAB1CF0-995C-4810-8AB4-8AEA7817A8B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0101C7F2-27FF-44BD-9C20-F3661EC351B2}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{0316779F-9120-436F-9697-C8CAE00ABB4F}" = dir=out | name=fresh paint |
"{07D088F5-0DE1-4936-9C51-E18FEC45D90A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0FA1BEBF-1D69-4431-9597-2C77A39B631B}" = protocol=6 | dir=out | app=system |
"{17F605DA-83DD-4418-912A-666D62F36140}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{18A23013-6DE7-4529-9E49-4B69B9B3A3C7}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{1BB53BB9-9C39-4D0C-B092-3BD764320193}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1D7876A6-B641-4B7C-9751-16B651392115}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{2385AB9F-471A-4F81-8A03-72C9FDD292B4}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{28B55B69-8861-4957-B834-D78D96440926}" = dir=in | name=skype |
"{2DF4F3C0-F263-475D-BEE0-FAB18BCBC44E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2F0FC495-FC8B-4F0E-B4D3-6FE3C63B4523}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{311AAF25-6FA9-49D3-A26A-FDABAA901DE6}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3D32ACCB-9242-49EF-B10F-7EDC84A1CE1A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{426C781B-8732-4CF9-BEF0-6C49C59987F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49ECF422-BBDD-4135-BF16-35E1C3F5CDCC}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{5243CE6A-49C0-45A8-A96A-1D60A95A6F9E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{59D1251B-F7B0-4002-9533-67D4E3F32DA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D2DA09A-38C7-43FB-B3B4-84C7E7B235AF}" = protocol=6 | dir=in | app=c:\users\juerg_000\appdata\roaming\utorrent\utorrent.exe |
"{5DEEDAB3-D39D-4494-BFE3-ACDAFC614631}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{64C35042-3087-4371-A832-F80C2568091F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65D8CB08-9F33-4C96-81F1-A484912979CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{66F92256-6BCE-442A-A599-976AA735F60A}" = dir=out | name=taptiles |
"{77F63092-00A9-432C-A949-4D28CE3CCF1E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7C836E75-49A0-42FD-BBBF-0EFB2E20121A}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7E968864-3F53-4805-B18F-BA4D6CE3F226}" = protocol=17 | dir=in | app=c:\users\juerg_000\appdata\roaming\utorrent\utorrent.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8094E3E9-6767-453A-B33E-448BDB8CAC4B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{81AF5E57-FB24-4213-81A4-73D3F42929BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89477E4A-807C-4213-9B20-1A2093F417C5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8FB06FA1-66B6-4A2B-9900-A9C7EC4ED927}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{8FEEE7F3-3E43-42B1-AFC5-8C37B0C77520}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{99E19A73-8E57-4B15-84D8-91182892DF90}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{9C64FBDE-E582-4A0D-8A7A-786073DB463A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9DE533CB-D42F-4891-BE96-6956D4B97C35}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0BEB4B6-6138-4E07-BE57-BFE0E95B8169}" = dir=out | name=windows_ie_ac_001 |
"{A60C517B-B392-4EBC-ABF4-3BCFAB10AACD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{AD97A3AC-A81F-4BF9-8463-3C83949A79B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF244168-5CAD-4AE8-AA0F-CF7078A00C3F}" = dir=out | name=wordament |
"{B1892C4A-3338-4F67-98EC-7B83127CB920}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{B6BAA601-0FEE-4859-8113-E1CCCA171C5E}" = dir=out | name=skype |
"{C36D5AF6-C0BF-46EE-99C4-B51388B91752}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{C9BB49B8-95C5-4055-B4B9-69A3FBCA4E8A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CFBDE754-F8E2-41AE-9831-85456D7B1270}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D7E89D3A-4AAD-4931-B64D-66A149FE6386}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D7FA004F-15EA-40B9-BF88-1C5E17B93623}" = dir=out | name=adera |
"{DFF40C64-5898-4605-82C6-023481B9B0AD}" = dir=out | name=microsoft solitaire collection |
"{E2F9527E-5BC6-4A14-B824-59E5FC46BC68}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EB6DEE6B-E0A2-4AF6-85D8-97706E4296B0}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{F0C8D715-119A-4B96-863D-99518AF92B1F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{F22BD3BC-15A5-4871-AB6A-D39888B39859}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{F3A05029-E637-4FF3-A5E0-127163E18237}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FAFA0F3D-BD79-4EAF-8A45-DCE966E22D14}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FB27EE7C-6A8C-43A1-A31A-F9D870CE64A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCF3071B-D02B-486D-B30E-1F1A7B0EEB91}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69CC4B1E-0ADB-48E7-83D5-B45DA8CD1320}" = Alcor Micro USB Card Reader
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"Mozilla Firefox 19.0.1 (x86 en-US)" = Mozilla Firefox 19.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3435455976-2761992232-2573730619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04/03/2013 15:04:21 | Computer Name = raxfei | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\juerg_000\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Error - 04/03/2013 17:06:45 | Computer Name = raxfei | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo“
ist folgender Fehler aufgetreten: -2144927151. Weitere Informationen finden Sie
im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error - 04/03/2013 17:15:31 | Computer Name = raxfei | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: viaaud.exe, Version: 10.11.0.0, Zeitstempel:
0x5052c7d5 Name des fehlerhaften Moduls: viaaud.exe, Version: 10.11.0.0, Zeitstempel:
0x5052c7d5 Ausnahmecode: 0xc0000417 Fehleroffset: 0x00000000001619c4 ID des fehlerhaften
Prozesses: 0x778 Startzeit der fehlerhaften Anwendung: 0x01ce191d6720e51f Pfad der
fehlerhaften Anwendung: C:\Program Files\VIA\VIAAUD\viaaud.exe Pfad des fehlerhaften
Moduls: C:\Program Files\VIA\VIAAUD\viaaud.exe Berichtskennung: a5090dc6-8510-11e2-be78-08606e95712a
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 04/03/2013 18:21:50 | Computer Name = raxfei | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McHlp32.exe, Version: 11.6.434.0,
Zeitstempel: 0x5050b31e Name des fehlerhaften Moduls: Flash.ocx, Version: 11.6.602.167,
Zeitstempel: 0x510d5c95 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001fbd53 ID des fehlerhaften
Prozesses: 0x17b8 Startzeit der fehlerhaften Anwendung: 0x01ce1926aa5e2a0e Pfad der
fehlerhaften Anwendung: C:\PROGRA~2\McAfee\MSC\McHlp32.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx Berichtskennung: e8a37561-8519-11e2-be7a-08606e95712a
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 04/03/2013 18:21:50 | Computer Name = raxfei | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McHlp32.exe, Version: 11.6.434.0,
Zeitstempel: 0x5050b31e Name des fehlerhaften Moduls: Flash.ocx, Version: 11.6.602.167,
Zeitstempel: 0x510d5c95 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001fbd53 ID des fehlerhaften
Prozesses: 0x12cc Startzeit der fehlerhaften Anwendung: 0x01ce1926a8139f6c Pfad der
fehlerhaften Anwendung: C:\PROGRA~2\McAfee\MSC\McHlp32.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx Berichtskennung: e8a34e51-8519-11e2-be7a-08606e95712a
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 04/03/2013 19:04:43 | Computer Name = raxfei | Source = ESENT | ID = 455
Description = SettingSyncHost (3948) {7D57AE84-A6ED-4955-AF07-FD0A5C21A3C7}: Fehler
-1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Users\juerg_000\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.
Error - 04/03/2013 19:24:13 | Computer Name = raxfei | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Bei der Aktivierung der App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“
ist folgender Fehler aufgetreten: -2144927152. Weitere Informationen finden Sie
im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
Error - 04/03/2013 19:28:16 | Computer Name = raxfei | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = Die App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“
wurde nicht innerhalb der vorgesehenen Zeit gestartet.
Error - 05/03/2013 06:11:11 | Computer Name = raxfei | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: McHlp32.exe, Version: 11.6.434.0,
Zeitstempel: 0x5050b31e Name des fehlerhaften Moduls: Flash.ocx, Version: 11.6.602.167,
Zeitstempel: 0x510d5c95 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001fbd53 ID des fehlerhaften
Prozesses: 0x1848 Startzeit der fehlerhaften Anwendung: 0x01ce1989c222015f Pfad der
fehlerhaften Anwendung: C:\PROGRA~2\McAfee\MSC\McHlp32.exe Pfad des fehlerhaften
Moduls: C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx Berichtskennung: 00f89726-857d-11e2-be7a-08606e95712a
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
[ System Events ]
Error - 04/03/2013 15:23:52 | Computer Name = raxfei | Source = DCOM | ID = 10010
Description =
Error - 04/03/2013 15:24:22 | Computer Name = raxfei | Source = DCOM | ID = 10010
Description =
Error - 04/03/2013 15:24:52 | Computer Name = raxfei | Source = DCOM | ID = 10010
Description =
Error - 04/03/2013 15:25:22 | Computer Name = raxfei | Source = DCOM | ID = 10010
Description =
Error - 04/03/2013 17:09:40 | Computer Name = raxfei | Source = DCOM | ID = 10010
Description =
Error - 04/03/2013 17:09:51 | Computer Name = raxfei | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee McShield" wurde aufgrund folgenden Fehlers nicht
gestartet: %%109
Error - 04/03/2013 17:56:08 | Computer Name = raxfei | Source = Application Popup | ID = 877
Description =
Error - 04/03/2013 17:57:04 | Computer Name = raxfei | Source = WMPNetworkSvc | ID = 866314
Description =
Error - 04/03/2013 17:57:04 | Computer Name = raxfei | Source = WMPNetworkSvc | ID = 866314
Description =
< End of report >
|
|
05.03.2013, 11:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | startfenster.com Windows 8 vcl player download Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.03.2013, 19:48
| #11 |
| | startfenster.com Windows 8 vcl player download Servus, jo merci nochmal zwischendrin  Eset hab ich jetzt 2mal angefangen und bleibt jedesmal bei 7% hängen...ka warum... Malewarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.05.12 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16484 juerg_000 :: *** [Administrator] 05/03/2013 18:14:29 mbam-log-2013-03-05 (18-14-29).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 203834 Laufzeit: 6 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
06.03.2013, 11:03
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | startfenster.com Windows 8 vcl player download Bei ESET bitte etwas mehr Geduld!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.03.2013, 13:56
| #13 |
| | startfenster.com Windows 8 vcl player download Okay. Hab beide nochmal gemacht... Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.06.08 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16484 juerg_000 :: *** [Administrator] 06/03/2013 13:46:02 mbam-log-2013-03-06 (13-46-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 202762 Laufzeit: 3 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=78bd57eb5561fc49aa513fb4280c1272
# engine=13311
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-06 12:43:07
# local_time=2013-03-06 01:43:07 (+0100, Mitteleuropäische Zeit)
# country="United Kingdom"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 96 18363 182632 11139 0
# compatibility_mode=5122 16777213 100 79 182310 70571353 0 0
# compatibility_mode=5893 16776574 100 94 8193 22079898 0 0
# scanned=67274
# found=0
# cleaned=0
# scan_time=3038
|
|
06.03.2013, 14:14
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | startfenster.com Windows 8 vcl player download Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.03.2013, 14:30
| #15 |
| | startfenster.com Windows 8 vcl player download Ja, cool. Merci für die Tipps; werd mich da mal reinarbeiten. Ansonsten läuft er wieder (würd ich mal subjektiv sagen) - keine fremden Seiten und keine ungewünschten Suchmaschinen öffnen sich ungewollt. |
|
| Themen zu startfenster.com Windows 8 vcl player download |
| adobe, adobe flash player, adobe reader xi, appdata, avg, browser, datei, dateien, defender, desktop, download, explorer, firefox, flash player, gelöscht, internet, internet browser, internet explorer, löschen, malwarebytes, microsoft, mozilla, ordner, problem, registrierungsdatenbank, roaming, software, vcl player, windows |
Linear-Darstellung
