| |
| |||||||
Log-Analyse und Auswertung: PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
31.03.2013, 14:36
| #1 |
| |  PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht Hallo, ich habe seit zwei Wochen einen neuen Rechner. Beim Einrichten (Updates einspielen, Virenscanner einrichten, Software installieren) muss ich mir was eingefangen haben. Der MS Internet Explorer reagiert nicht mehr. Er lässt sich starten, reagiert aber nicht, wenn man eine URL eingibt und die meisten Menüpunkte sind ausgegraut. Firefox funktioniert. Es wird jedoch immer lästige Werbung von CouponCompagnion eingeblendet. Siehe Anhang. Meine Recherche via Google hat ergeben, dass es sich dabei um ein Plug-In handeln soll. Ich habe jedoch kein entsprechendes Plug-In oder installierte Software gefunden. Daraufhin habe ich einen Scan mit Malwarebytes durchgeführt der PUP.InstallBrain gefunden hat. Hier die Logs der jeweiligen Tools, die man ausführen soll: Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:23 on 30/03/2013 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Gmer: Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-30 17:40:53
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002a ST1000LM024_HN-M101MBB rev.2AR10002 931,51GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\***\AppData\Local\Temp\uwloipoc.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\windows\System32\win32k.sys!W32pServiceTable fffff960001af000 7 bytes [00, 51, 83, 01, 00, 4B, F2]
.text C:\windows\System32\win32k.sys!W32pServiceTable + 8 fffff960001af008 7 bytes [01, A3, C1, FF, 00, 50, DC]
---- Threads - GMER 2.1 ----
Thread C:\windows\System32\svchost.exe [1000:5544] 000007fe5928d438
Thread C:\windows\System32\svchost.exe [1000:5552] 000007fe59284140
Thread C:\windows\System32\svchost.exe [1000:6072] 000007fe660a3fd0
Thread C:\windows\system32\svchost.exe [128:2556] 000007fe5f901824
Thread C:\windows\system32\svchost.exe [128:3396] 000007fe5dce51dc
Thread C:\windows\system32\svchost.exe [128:3404] 000007fe5e771470
Thread C:\windows\system32\svchost.exe [128:3388] 000007fe5e771470
Thread C:\windows\system32\svchost.exe [128:3128] 000007fe617e5c38
Thread C:\windows\system32\svchost.exe [128:7296] 000007fe657810f0
Thread C:\windows\system32\svchost.exe [128:7268] 000007fe62be16b0
Thread C:\windows\system32\svchost.exe [512:4352] 000007fe5de058dc
Thread C:\windows\System32\svchost.exe [1080:1360] 000007fe63635d98
Thread C:\windows\System32\svchost.exe [1080:1072] 000007fe6141ba10
Thread C:\windows\System32\svchost.exe [1080:3216] 000007fe61402af4
Thread C:\windows\System32\svchost.exe [1080:2728] 000007fe66f53c90
Thread C:\windows\System32\svchost.exe [1080:5296] 000007fe62421d44
Thread C:\windows\System32\svchost.exe [1080:1104] 000007fe624222c4
Thread C:\windows\System32\svchost.exe [1080:4328] 000007fe660a3fd0
Thread C:\windows\System32\svchost.exe [1080:5576] 000007fe660a3fd0
Thread C:\windows\System32\svchost.exe [1080:3020] 000007fe660a3fd0
Thread C:\windows\System32\svchost.exe [1080:5804] 000007fe660a3fd0
Thread C:\windows\System32\svchost.exe [1080:4520] 000007fe660a3fd0
Thread C:\windows\System32\svchost.exe [1080:1312] 000007fe660a3fd0
Thread C:\windows\System32\svchost.exe [1080:3716] 000007fe660a3fd0
Thread C:\windows\System32\svchost.exe [1080:2972] 000007fe586f2b68
Thread C:\windows\System32\svchost.exe [1080:6696] 000007fe4ecd16f8
Thread C:\windows\System32\svchost.exe [1080:4244] 000007fe660a3fd0
Thread C:\windows\System32\svchost.exe [1080:912] 000007fe4c60a2b0
Thread C:\windows\System32\svchost.exe [1080:3628] 000007fe624225b4
Thread C:\windows\System32\svchost.exe [1080:1416] 000007fe61419830
Thread C:\windows\System32\svchost.exe [1080:6976] 000007fe67eeb364
Thread C:\windows\system32\svchost.exe [1492:2888] 000007fe5ed724e8
Thread C:\windows\system32\svchost.exe [1492:2892] 000007fe5eb51544
Thread C:\windows\system32\svchost.exe [1492:2896] 000007fe5eaa55dc
Thread C:\windows\system32\svchost.exe [1492:3232] 000007fe5d904910
Thread C:\windows\system32\svchost.exe [1492:2684] 000007fe5d901044
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:1408] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:376] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:1512] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:1640] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:320] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:1700] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:1820] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:1828] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:1836] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:1816] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:1956] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:1932] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2028] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2052] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2056] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2060] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2064] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2068] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2072] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2076] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2080] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2084] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2088] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2092] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2096] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2100] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2104] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2108] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2112] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2116] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2120] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2124] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2128] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2132] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2136] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2140] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2144] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2148] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2152] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2156] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2160] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2164] 000007fe612c4858
Thread C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1940:2168] 000007fe612c5aec
Thread C:\windows\system32\csrss.exe [7560:3348] fffff960008d15e8
Thread C:\windows\system32\csrss.exe [7560:1280] fffff960008d15e8
Thread C:\windows\Explorer.EXE [6820:4056] 000007fe63796208
Thread C:\windows\Explorer.EXE [6820:3648] 000007fe5c2633c0
Thread C:\windows\Explorer.EXE [6820:6348] 000007fe5b296980
Thread C:\windows\Explorer.EXE [6820:6504] 000007fe67525990
Thread C:\windows\Explorer.EXE [6820:3480] 000007fe5c2633c0
Thread C:\windows\Explorer.EXE [6820:5892] 000007fe6327ba00
Thread C:\windows\Explorer.EXE [6820:8092] 000007fe5c2633c0
Thread C:\windows\Explorer.EXE [6820:2436] 000007fe5c2633c0
Thread C:\windows\Explorer.EXE [6820:684] 000007fe630e1f34
Thread C:\windows\Explorer.EXE [6820:7396] 000007fe622b85a0
Thread C:\windows\Explorer.EXE [6820:3560] 000007fe65141130
Thread C:\windows\Explorer.EXE [6820:3376] 000007fe698501ec
Thread C:\windows\Explorer.EXE [6820:2652] 000007fe5f391e70
Thread C:\windows\Explorer.EXE [6820:4788] 000007fe5f391c00
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.28.12 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16519 *** :: *** [Administrator] 28.03.2013 23:04:54 mbam-log-2013-03-28 (23-04-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 501814 Laufzeit: 1 Stunde(n), 10 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\PROGRAMDATA\IBUPDATERSERVICE (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 1 C:\PROGRAMDATA\IBUPDATERSERVICE\REPOSITORY.XML (PUP.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Henry |
|
02.04.2013, 12:21
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
02.04.2013, 12:56
| #3 |
| | PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht Hallo cosinus,
__________________hier noch der Scan von Malwarbytes nach Verschiebung in Quarantäne. Weitere Logs hab ich nicht. Die OTL Logs hatte ich anghängt, da der Post die max. Länge erreicht hatte. Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.30.05 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16519 Thomas :: *** [Administrator] 30.03.2013 17:41:40 mbam-log-2013-03-30 (17-41-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 485454 Laufzeit: 55 Minute(n), 1 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) |
|
02.04.2013, 13:00
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.04.2013, 13:43
| #5 |
| | PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht Hallo, hier die Log Files. MBAR: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.02.05
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
*** :: *** [administrator]
02.04.2013 14:17:41
mbar-log-2013-04-02 (14-17-41).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 8487
Time elapsed: 7 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-02 14:23:10
-----------------------------
14:23:10.199 OS Version: Windows x64 6.2.9200
14:23:10.199 Number of processors: 4 586 0x1001
14:23:10.200 ComputerName: *** UserName: ***
14:23:10.276 Initialze error 1
14:24:24.195 AVAST engine defs: 13040200
14:24:31.200 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002a
14:24:31.202 Disk 0 Vendor: ST1000LM024_HN-M101MBB 2AR10002 Size: 953869MB BusType: 11
14:24:31.231 Disk 0 MBR read successfully
14:24:31.233 Disk 0 MBR scan
14:24:31.238 Disk 0 unknown MBR code
14:24:31.241 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
14:24:31.248 Disk 0 scanning C:\windows\system32\drivers
14:24:31.252 Service scanning
14:24:31.850 Modules scanning
14:24:31.855 Disk 0 trace - called modules:
14:24:31.868 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
14:24:31.873 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80086d4060]
14:24:31.880 3 CLASSPNP.SYS[fffff88001e608aa] -> nt!IofCallDriver -> [0xfffffa80081ea8a0]
14:24:31.888 5 amd_xata.sys[fffff880013ca634] -> nt!IofCallDriver -> \Device\0000002a[0xfffffa80086ab7f0]
14:24:31.895 AVAST engine scan C:\windows
14:24:31.902 AVAST engine scan C:\windows\system32
14:24:31.909 AVAST engine scan C:\windows\system32\drivers
14:24:31.917 AVAST engine scan C:\Users\***
14:24:31.923 AVAST engine scan C:\ProgramData
14:24:31.929 Scan finished successfully
14:24:50.472 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
14:24:50.480 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Code:
ATTFilter 14:30:41.0152 4712 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:30:41.0152 4712 UEFI system
14:30:41.0255 4712 ============================================================
14:30:41.0255 4712 Current date / time: 2013/04/02 14:30:41.0255
14:30:41.0255 4712 SystemInfo:
14:30:41.0255 4712
14:30:41.0255 4712 OS Version: 6.2.9200 ServicePack: 0.0
14:30:41.0255 4712 Product type: Workstation
14:30:41.0255 4712 ComputerName: ***
14:30:41.0255 4712 UserName: ***
14:30:41.0255 4712 Windows directory: C:\windows
14:30:41.0255 4712 System windows directory: C:\windows
14:30:41.0255 4712 Running under WOW64
14:30:41.0255 4712 Processor architecture: Intel x64
14:30:41.0255 4712 Number of processors: 4
14:30:41.0255 4712 Page size: 0x1000
14:30:41.0255 4712 Boot type: Normal boot
14:30:41.0255 4712 ============================================================
14:30:42.0516 4712 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:30:42.0556 4712 ============================================================
14:30:42.0556 4712 \Device\Harddisk0\DR0:
14:30:42.0557 4712 GPT partitions:
14:30:42.0557 4712 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {1117289E-4A9E-4D22-8DB2-B33FBCC8339B}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xF9800
14:30:42.0557 4712 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {957BCF6A-8A07-4E62-B0E3-1972EDBAEEFF}, Name: EFI system partition, StartLBA 0xFA000, BlocksNum 0x96000
14:30:42.0557 4712 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EE752E5E-3D03-420B-85FC-0366D4415763}, Name: Microsoft reserved partition, StartLBA 0x190000, BlocksNum 0x40000
14:30:42.0557 4712 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {93E768F3-8307-43B9-BCFA-99F20DDB6B7A}, Name: Basic data partition, StartLBA 0x1D0000, BlocksNum 0x70C6E58F
14:30:42.0557 4712 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5ABD6D7D-3420-48EE-A4E1-07DD4C277986}, Name: Basic data partition, StartLBA 0x70E3E58F, BlocksNum 0x36C8800
14:30:42.0557 4712 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {5E878A9D-DE8F-46DA-4173-636C65706975}, Name: Basic data partition, StartLBA 0x74506D8F, BlocksNum 0x200000
14:30:42.0557 4712 MBR partitions:
14:30:42.0557 4712 ============================================================
14:30:42.0633 4712 C: <-> \Device\Harddisk0\DR0\Partition4
14:30:42.0634 4712 ============================================================
14:30:42.0634 4712 Initialize success
14:30:42.0634 4712 ============================================================
14:31:44.0052 3268 ============================================================
14:31:44.0052 3268 Scan started
14:31:44.0052 3268 Mode: Manual; SigCheck; TDLFS;
14:31:44.0052 3268 ============================================================
14:31:44.0912 3268 ================ Scan system memory ========================
14:31:44.0912 3268 System memory - ok
14:31:44.0913 3268 ================ Scan services =============================
14:31:45.0138 3268 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\windows\System32\drivers\1394ohci.sys
14:31:45.0209 3268 1394ohci - ok
14:31:45.0216 3268 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\windows\system32\drivers\3ware.sys
14:31:45.0231 3268 3ware - ok
14:31:45.0323 3268 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
14:31:45.0346 3268 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
14:31:45.0497 3268 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
14:31:45.0515 3268 ACDaemon - ok
14:31:45.0556 3268 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\windows\system32\drivers\ACPI.sys
14:31:45.0579 3268 ACPI - ok
14:31:45.0612 3268 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\windows\system32\Drivers\acpiex.sys
14:31:45.0625 3268 acpiex - ok
14:31:45.0647 3268 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\windows\System32\drivers\acpipagr.sys
14:31:45.0671 3268 acpipagr - ok
14:31:45.0676 3268 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\windows\System32\drivers\acpipmi.sys
14:31:45.0725 3268 AcpiPmi - ok
14:31:45.0730 3268 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\windows\System32\drivers\acpitime.sys
14:31:45.0801 3268 acpitime - ok
14:31:45.0921 3268 [ C4B1D322567F73BB5A687F907EA25507 ] AdobeActiveFileMonitor11.0 C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
14:31:45.0933 3268 AdobeActiveFileMonitor11.0 - ok
14:31:46.0030 3268 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:31:46.0038 3268 AdobeARMservice - ok
14:31:46.0191 3268 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:31:46.0204 3268 AdobeFlashPlayerUpdateSvc - ok
14:31:46.0248 3268 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\windows\system32\drivers\adp94xx.sys
14:31:46.0273 3268 adp94xx - ok
14:31:46.0319 3268 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\windows\system32\drivers\adpahci.sys
14:31:46.0340 3268 adpahci - ok
14:31:46.0399 3268 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\windows\system32\drivers\adpu320.sys
14:31:46.0415 3268 adpu320 - ok
14:31:46.0451 3268 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\windows\System32\aelupsvc.dll
14:31:46.0484 3268 AeLookupSvc - ok
14:31:46.0597 3268 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\windows\syswow64\drivers\Afc.sys
14:31:46.0605 3268 Afc - ok
14:31:46.0639 3268 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\windows\system32\drivers\afd.sys
14:31:46.0683 3268 AFD - ok
14:31:46.0708 3268 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\windows\system32\drivers\agp440.sys
14:31:46.0721 3268 agp440 - ok
14:31:46.0751 3268 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\windows\System32\alg.exe
14:31:46.0811 3268 ALG - ok
14:31:46.0904 3268 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\windows\system32\AUInstallAgent.dll
14:31:46.0943 3268 AllUserInstallAgent - ok
14:31:46.0984 3268 [ A7DF7C4C3FC3645A0C4EFD811339DC19 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
14:31:47.0032 3268 AMD External Events Utility - ok
14:31:47.0109 3268 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\windows\System32\drivers\amdk8.sys
14:31:47.0139 3268 AmdK8 - ok
14:31:47.0337 3268 [ C4DF1D3A6D617A69404973DF4FFBEFC2 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
14:31:47.0521 3268 amdkmdag - ok
14:31:47.0589 3268 [ 7E039BD9D3A659D0F4193BF25F319F8A ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
14:31:47.0638 3268 amdkmdap - ok
14:31:47.0674 3268 [ 02CF5AD93538CCE63EB09364EDD3DCF9 ] amdkmpfd C:\windows\system32\drivers\amdkmpfd.sys
14:31:47.0682 3268 amdkmpfd - ok
14:31:47.0715 3268 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\windows\System32\drivers\amdppm.sys
14:31:47.0740 3268 AmdPPM - ok
14:31:47.0768 3268 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\windows\system32\drivers\amdsata.sys
14:31:47.0783 3268 amdsata - ok
14:31:47.0795 3268 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
14:31:47.0813 3268 amdsbs - ok
14:31:47.0819 3268 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\windows\system32\drivers\amdxata.sys
14:31:47.0832 3268 amdxata - ok
14:31:47.0865 3268 [ E907C9355E822799B0A7D06110CE683A ] amd_sata C:\windows\system32\drivers\amd_sata.sys
14:31:47.0873 3268 amd_sata - ok
14:31:47.0894 3268 [ 15FD758D7E1B9887262D7101509AE892 ] amd_xata C:\windows\system32\drivers\amd_xata.sys
14:31:47.0902 3268 amd_xata - ok
14:31:47.0908 3268 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\windows\system32\drivers\appid.sys
14:31:48.0006 3268 AppID - ok
14:31:48.0040 3268 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\windows\System32\appidsvc.dll
14:31:48.0075 3268 AppIDSvc - ok
14:31:48.0094 3268 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\windows\System32\appinfo.dll
14:31:48.0119 3268 Appinfo - ok
14:31:48.0153 3268 [ 44695679881DEB85CAD7C249B151066E ] APXACC C:\windows\system32\DRIVERS\appexDrv.sys
14:31:48.0164 3268 APXACC - ok
14:31:48.0197 3268 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\windows\system32\drivers\arc.sys
14:31:48.0212 3268 arc - ok
14:31:48.0219 3268 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\windows\system32\drivers\arcsas.sys
14:31:48.0233 3268 arcsas - ok
14:31:48.0239 3268 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
14:31:48.0266 3268 AsyncMac - ok
14:31:48.0272 3268 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\windows\system32\drivers\atapi.sys
14:31:48.0285 3268 atapi - ok
14:31:48.0316 3268 [ AFF895D6FFA43B058ABFF27964083BBC ] AthBTPort C:\windows\system32\DRIVERS\btath_flt.sys
14:31:48.0325 3268 AthBTPort - ok
14:31:48.0398 3268 [ 3283A0D40B330B930CD4596D0231D15F ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
14:31:48.0421 3268 AtherosSvc - ok
14:31:48.0708 3268 [ 221F28472FB210E2D4A7B4488BC798F9 ] athr C:\windows\system32\DRIVERS\athw8x.sys
14:31:48.0924 3268 athr - ok
14:31:48.0954 3268 [ 87DAD8D354E312DB16636DC71EB39E5E ] AtiHDAudioService C:\windows\system32\drivers\AtihdW86.sys
14:31:48.0985 3268 AtiHDAudioService - ok
14:31:49.0015 3268 [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\windows\System32\AudioEndpointBuilder.dll
14:31:49.0096 3268 AudioEndpointBuilder - ok
14:31:49.0127 3268 [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv C:\windows\System32\Audiosrv.dll
14:31:49.0162 3268 Audiosrv - ok
14:31:49.0186 3268 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\windows\System32\AxInstSV.dll
14:31:49.0278 3268 AxInstSV - ok
14:31:49.0318 3268 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
14:31:49.0344 3268 b06bdrv - ok
14:31:49.0364 3268 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\windows\System32\drivers\BasicDisplay.sys
14:31:49.0452 3268 BasicDisplay - ok
14:31:49.0465 3268 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\windows\System32\drivers\BasicRender.sys
14:31:49.0493 3268 BasicRender - ok
14:31:49.0530 3268 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\windows\System32\bdesvc.dll
14:31:49.0567 3268 BDESVC - ok
14:31:49.0623 3268 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\windows\system32\drivers\Beep.sys
14:31:49.0669 3268 Beep - ok
14:31:49.0704 3268 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\windows\System32\bfe.dll
14:31:49.0744 3268 BFE - ok
14:31:49.0789 3268 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\windows\System32\qmgr.dll
14:31:49.0851 3268 BITS - ok
14:31:49.0898 3268 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\windows\system32\DRIVERS\bowser.sys
14:31:49.0943 3268 bowser - ok
14:31:49.0991 3268 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\windows\System32\bisrv.dll
14:31:50.0055 3268 BrokerInfrastructure - ok
14:31:50.0155 3268 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\windows\System32\browser.dll
14:31:50.0195 3268 Browser - ok
14:31:50.0222 3268 [ 71EAE55AB4E8195E254C34DC2E13A15F ] BTATH_A2DP C:\windows\system32\drivers\btath_a2dp.sys
14:31:50.0235 3268 BTATH_A2DP - ok
14:31:50.0242 3268 [ 86F9298BD580818EDFE84306F2681F3F ] btath_avdt C:\windows\system32\drivers\btath_avdt.sys
14:31:50.0251 3268 btath_avdt - ok
14:31:50.0282 3268 [ D5418AF1B9AC86D89C045026EFBD5FB7 ] BTATH_BUS C:\windows\System32\drivers\btath_bus.sys
14:31:50.0290 3268 BTATH_BUS - ok
14:31:50.0305 3268 [ DDA454A4D6F88C91ED931E7C7C524015 ] BTATH_HCRP C:\windows\System32\drivers\btath_hcrp.sys
14:31:50.0317 3268 BTATH_HCRP - ok
14:31:50.0327 3268 [ BE7BB6D1353E0434317C037C7DA9CD25 ] BTATH_HID C:\windows\system32\DRIVERS\btath_hid.sys
14:31:50.0338 3268 BTATH_HID - ok
14:31:50.0344 3268 [ 785C38070043BEEE9E9D591DE4067244 ] BTATH_LWFLT C:\windows\system32\DRIVERS\btath_lwflt.sys
14:31:50.0353 3268 BTATH_LWFLT - ok
14:31:50.0360 3268 [ 9B58A32D0C39910361225995FA546776 ] BTATH_RCP C:\windows\System32\drivers\btath_rcp.sys
14:31:50.0370 3268 BTATH_RCP - ok
14:31:50.0406 3268 [ 7E82C4E6D383B81522EE57F1916D8BDA ] BtFilter C:\windows\system32\DRIVERS\btfilter.sys
14:31:50.0425 3268 BtFilter - ok
14:31:50.0443 3268 [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg C:\windows\System32\drivers\BthAvrcpTg.sys
14:31:50.0475 3268 BthAvrcpTg - ok
14:31:50.0496 3268 [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum C:\windows\System32\drivers\BthEnum.sys
14:31:50.0593 3268 BthEnum - ok
14:31:50.0625 3268 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\windows\System32\drivers\bthhfenum.sys
14:31:50.0699 3268 BthHFEnum - ok
14:31:50.0720 3268 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\windows\System32\drivers\BthHFHid.sys
14:31:50.0752 3268 bthhfhid - ok
14:31:50.0783 3268 [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum C:\windows\system32\DRIVERS\BthLEEnum.sys
14:31:50.0822 3268 BthLEEnum - ok
14:31:50.0845 3268 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\windows\System32\drivers\bthmodem.sys
14:31:50.0894 3268 BTHMODEM - ok
14:31:50.0930 3268 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
14:31:50.0988 3268 BthPan - ok
14:31:51.0036 3268 [ B2FD839F9AF51B8580C02B89AC6C6C89 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
14:31:51.0075 3268 BTHPORT - ok
14:31:51.0111 3268 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\windows\system32\bthserv.dll
14:31:51.0125 3268 bthserv - ok
14:31:51.0174 3268 [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
14:31:51.0198 3268 BTHUSB - ok
14:31:51.0231 3268 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
14:31:51.0264 3268 cdfs - ok
14:31:51.0271 3268 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\windows\System32\drivers\cdrom.sys
14:31:51.0309 3268 cdrom - ok
14:31:51.0326 3268 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\windows\System32\certprop.dll
14:31:51.0368 3268 CertPropSvc - ok
14:31:51.0382 3268 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\windows\System32\drivers\circlass.sys
14:31:51.0422 3268 circlass - ok
14:31:51.0502 3268 [ 93C7703442C7CBD4053FC7DE07D9C896 ] ClassicShellService C:\Program Files\Classic Shell\ClassicShellService.exe
14:31:51.0507 3268 ClassicShellService ( UnsignedFile.Multi.Generic ) - warning
14:31:51.0507 3268 ClassicShellService - detected UnsignedFile.Multi.Generic (1)
14:31:51.0582 3268 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\windows\system32\drivers\CLFS.sys
14:31:51.0603 3268 CLFS - ok
14:31:51.0638 3268 [ 075CCE75090786F124573A788C8656E6 ] CLVirtualDrive C:\windows\system32\DRIVERS\CLVirtualDrive.sys
14:31:51.0648 3268 CLVirtualDrive - ok
14:31:51.0653 3268 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\windows\System32\drivers\CmBatt.sys
14:31:51.0681 3268 CmBatt - ok
14:31:51.0741 3268 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\windows\system32\Drivers\cng.sys
14:31:51.0769 3268 CNG - ok
14:31:51.0777 3268 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\windows\System32\drivers\CompositeBus.sys
14:31:51.0815 3268 CompositeBus - ok
14:31:51.0822 3268 COMSysApp - ok
14:31:51.0828 3268 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\windows\system32\drivers\condrv.sys
14:31:51.0867 3268 condrv - ok
14:31:51.0902 3268 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\windows\system32\cryptsvc.dll
14:31:51.0933 3268 CryptSvc - ok
14:31:51.0959 3268 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\windows\system32\drivers\dam.sys
14:31:51.0972 3268 dam - ok
14:31:52.0012 3268 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\windows\system32\rpcss.dll
14:31:52.0054 3268 DcomLaunch - ok
14:31:52.0088 3268 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\windows\System32\defragsvc.dll
14:31:52.0138 3268 defragsvc - ok
14:31:52.0175 3268 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\windows\system32\das.dll
14:31:52.0210 3268 DeviceAssociationService - ok
14:31:52.0243 3268 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\windows\system32\umpnpmgr.dll
14:31:52.0260 3268 DeviceInstall - ok
14:31:52.0314 3268 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\windows\system32\Drivers\dfsc.sys
14:31:52.0341 3268 Dfsc - ok
14:31:52.0372 3268 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\windows\system32\dhcpcore.dll
14:31:52.0408 3268 Dhcp - ok
14:31:52.0415 3268 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\windows\system32\drivers\discache.sys
14:31:52.0437 3268 discache - ok
14:31:52.0475 3268 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\windows\system32\drivers\disk.sys
14:31:52.0489 3268 disk - ok
14:31:52.0508 3268 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\windows\System32\drivers\dmvsc.sys
14:31:52.0537 3268 dmvsc - ok
14:31:52.0567 3268 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\windows\System32\dnsrslvr.dll
14:31:52.0612 3268 Dnscache - ok
14:31:52.0645 3268 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\windows\System32\dot3svc.dll
14:31:52.0694 3268 dot3svc - ok
14:31:52.0755 3268 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\windows\system32\dps.dll
14:31:52.0777 3268 DPS - ok
14:31:52.0810 3268 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\windows\system32\drivers\drmkaud.sys
14:31:52.0842 3268 drmkaud - ok
14:31:52.0865 3268 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\windows\System32\DeviceSetupManager.dll
14:31:52.0974 3268 DsmSvc - ok
14:31:53.0026 3268 [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
14:31:53.0075 3268 DXGKrnl - ok
14:31:53.0106 3268 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\windows\System32\eapsvc.dll
14:31:53.0134 3268 Eaphost - ok
14:31:53.0302 3268 [ E6649F1F23937411DF9BB02964C2A332 ] Easy Launcher C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
14:31:53.0337 3268 Easy Launcher - ok
14:31:53.0423 3268 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\windows\system32\drivers\evbda.sys
14:31:53.0516 3268 ebdrv - ok
14:31:53.0549 3268 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\windows\System32\lsass.exe
14:31:53.0570 3268 EFS - ok
14:31:53.0591 3268 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\windows\system32\drivers\EhStorClass.sys
14:31:53.0605 3268 EhStorClass - ok
14:31:53.0622 3268 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\windows\system32\drivers\EhStorTcgDrv.sys
14:31:53.0637 3268 EhStorTcgDrv - ok
14:31:53.0642 3268 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\windows\System32\drivers\errdev.sys
14:31:53.0660 3268 ErrDev - ok
14:31:53.0704 3268 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\windows\system32\es.dll
14:31:53.0803 3268 EventSystem - ok
14:31:53.0822 3268 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\windows\system32\drivers\exfat.sys
14:31:53.0854 3268 exfat - ok
14:31:53.0871 3268 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\windows\system32\drivers\fastfat.sys
14:31:53.0888 3268 fastfat - ok
14:31:53.0929 3268 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\windows\system32\fxssvc.exe
14:31:53.0959 3268 Fax - ok
14:31:53.0965 3268 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\windows\System32\drivers\fdc.sys
14:31:53.0997 3268 fdc - ok
14:31:54.0053 3268 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\windows\system32\fdPHost.dll
14:31:54.0216 3268 fdPHost - ok
14:31:54.0221 3268 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\windows\system32\fdrespub.dll
14:31:54.0253 3268 FDResPub - ok
14:31:54.0278 3268 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\windows\system32\fhsvc.dll
14:31:54.0318 3268 fhsvc - ok
14:31:54.0337 3268 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
14:31:54.0351 3268 FileInfo - ok
14:31:54.0373 3268 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\windows\system32\drivers\filetrace.sys
14:31:54.0407 3268 Filetrace - ok
14:31:54.0424 3268 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\windows\System32\drivers\flpydisk.sys
14:31:54.0448 3268 flpydisk - ok
14:31:54.0458 3268 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\windows\system32\drivers\fltmgr.sys
14:31:54.0479 3268 FltMgr - ok
14:31:54.0531 3268 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\windows\system32\FntCache.dll
14:31:54.0588 3268 FontCache - ok
14:31:54.0728 3268 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:31:54.0739 3268 FontCache3.0.0.0 - ok
14:31:54.0756 3268 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\windows\system32\drivers\FsDepends.sys
14:31:54.0769 3268 FsDepends - ok
14:31:54.0819 3268 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
14:31:54.0832 3268 Fs_Rec - ok
14:31:54.0862 3268 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
14:31:54.0886 3268 fvevol - ok
14:31:54.0916 3268 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\windows\System32\drivers\fxppm.sys
14:31:54.0943 3268 FxPPM - ok
14:31:55.0018 3268 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
14:31:55.0031 3268 gagp30kx - ok
14:31:55.0062 3268 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\windows\System32\drivers\vmgencounter.sys
14:31:55.0089 3268 gencounter - ok
14:31:55.0119 3268 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\windows\system32\Drivers\msgpioclx.sys
14:31:55.0134 3268 GPIOClx0101 - ok
14:31:55.0213 3268 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\windows\System32\gpsvc.dll
14:31:55.0264 3268 gpsvc - ok
14:31:55.0297 3268 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
14:31:55.0374 3268 HdAudAddService - ok
14:31:55.0403 3268 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\windows\System32\drivers\HDAudBus.sys
14:31:55.0451 3268 HDAudBus - ok
14:31:55.0487 3268 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\windows\System32\drivers\HidBatt.sys
14:31:55.0500 3268 HidBatt - ok
14:31:55.0506 3268 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\windows\System32\drivers\hidbth.sys
14:31:55.0582 3268 HidBth - ok
14:31:55.0613 3268 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\windows\System32\drivers\hidi2c.sys
14:31:55.0664 3268 hidi2c - ok
14:31:55.0680 3268 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\windows\System32\drivers\hidir.sys
14:31:55.0708 3268 HidIr - ok
14:31:55.0746 3268 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\windows\system32\hidserv.dll
14:31:55.0772 3268 hidserv - ok
14:31:55.0806 3268 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\windows\System32\drivers\hidusb.sys
14:31:55.0844 3268 HidUsb - ok
14:31:55.0905 3268 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\windows\system32\kmsvc.dll
14:31:55.0931 3268 hkmsvc - ok
14:31:55.0966 3268 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\windows\system32\ListSvc.dll
14:31:56.0008 3268 HomeGroupListener - ok
14:31:56.0073 3268 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\windows\system32\provsvc.dll
14:31:56.0110 3268 HomeGroupProvider - ok
14:31:56.0125 3268 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
14:31:56.0139 3268 HpSAMD - ok
14:31:56.0179 3268 [ 29CB98187BB5711F7759540976D295FC ] HTTP C:\windows\system32\drivers\HTTP.sys
14:31:56.0253 3268 HTTP - ok
14:31:56.0284 3268 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
14:31:56.0296 3268 hwpolicy - ok
14:31:56.0312 3268 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\windows\System32\drivers\hyperkbd.sys
14:31:56.0336 3268 hyperkbd - ok
14:31:56.0341 3268 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\windows\system32\DRIVERS\HyperVideo.sys
14:31:56.0354 3268 HyperVideo - ok
14:31:56.0361 3268 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\windows\System32\drivers\i8042prt.sys
14:31:56.0382 3268 i8042prt - ok
14:31:56.0402 3268 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
14:31:56.0425 3268 iaStorV - ok
14:31:56.0434 3268 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\windows\system32\drivers\iirsp.sys
14:31:56.0448 3268 iirsp - ok
14:31:56.0488 3268 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\windows\System32\ikeext.dll
14:31:56.0516 3268 IKEEXT - ok
14:31:56.0657 3268 [ 5C20DBF6A00AF50C7CB74DB233E03AF0 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
14:31:56.0738 3268 IntcAzAudAddService - ok
14:31:56.0756 3268 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\windows\system32\drivers\intelide.sys
14:31:56.0769 3268 intelide - ok
14:31:56.0800 3268 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\windows\System32\drivers\intelppm.sys
14:31:56.0828 3268 intelppm - ok
14:31:56.0846 3268 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
14:31:56.0879 3268 IpFilterDriver - ok
14:31:56.0924 3268 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\windows\System32\iphlpsvc.dll
14:31:56.0979 3268 iphlpsvc - ok
14:31:56.0986 3268 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\windows\System32\drivers\IPMIDrv.sys
14:31:57.0018 3268 IPMIDRV - ok
14:31:57.0037 3268 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\windows\system32\drivers\ipnat.sys
14:31:57.0111 3268 IPNAT - ok
14:31:57.0126 3268 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\windows\system32\drivers\irenum.sys
14:31:57.0154 3268 IRENUM - ok
14:31:57.0160 3268 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\windows\system32\drivers\isapnp.sys
14:31:57.0172 3268 isapnp - ok
14:31:57.0210 3268 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\windows\System32\drivers\msiscsi.sys
14:31:57.0229 3268 iScsiPrt - ok
14:31:57.0261 3268 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\windows\System32\drivers\kbdclass.sys
14:31:57.0274 3268 kbdclass - ok
14:31:57.0296 3268 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\windows\System32\drivers\kbdhid.sys
14:31:57.0322 3268 kbdhid - ok
14:31:57.0327 3268 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\windows\system32\DRIVERS\kdnic.sys
14:31:57.0358 3268 kdnic - ok
14:31:57.0376 3268 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\windows\system32\lsass.exe
14:31:57.0390 3268 KeyIso - ok
14:31:57.0429 3268 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
14:31:57.0443 3268 KSecDD - ok
14:31:57.0472 3268 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
14:31:57.0488 3268 KSecPkg - ok
14:31:57.0550 3268 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
14:31:57.0563 3268 ksthunk - ok
14:31:57.0598 3268 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\windows\system32\msdtckrm.dll
14:31:57.0625 3268 KtmRm - ok
14:31:57.0657 3268 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\windows\system32\srvsvc.dll
14:31:57.0731 3268 LanmanServer - ok
14:31:57.0759 3268 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
14:31:57.0777 3268 LanmanWorkstation - ok
14:31:57.0795 3268 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
14:31:57.0828 3268 lltdio - ok
14:31:57.0861 3268 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\windows\System32\lltdsvc.dll
14:31:57.0888 3268 lltdsvc - ok
14:31:57.0907 3268 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\windows\System32\lmhsvc.dll
14:31:57.0941 3268 lmhosts - ok
14:31:58.0007 3268 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
14:31:58.0022 3268 LSI_SAS - ok
14:31:58.0028 3268 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
14:31:58.0043 3268 LSI_SAS2 - ok
14:31:58.0049 3268 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
14:31:58.0064 3268 LSI_SCSI - ok
14:31:58.0080 3268 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\windows\system32\drivers\lsi_sss.sys
14:31:58.0094 3268 LSI_SSS - ok
14:31:58.0121 3268 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\windows\System32\lsm.dll
14:31:58.0176 3268 LSM - ok
14:31:58.0195 3268 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\windows\system32\drivers\luafv.sys
14:31:58.0217 3268 luafv - ok
14:31:58.0223 3268 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\windows\system32\drivers\megasas.sys
14:31:58.0237 3268 megasas - ok
14:31:58.0256 3268 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
14:31:58.0277 3268 MegaSR - ok
14:31:58.0316 3268 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\windows\system32\mmcss.dll
14:31:58.0345 3268 MMCSS - ok
14:31:58.0350 3268 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\windows\system32\drivers\modem.sys
14:31:58.0375 3268 Modem - ok
14:31:58.0410 3268 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor C:\windows\system32\DRIVERS\monitor.sys
14:31:58.0458 3268 monitor - ok
14:31:58.0473 3268 [ 618446B98C79776654340CE27C73485E ] mouclass C:\windows\System32\drivers\mouclass.sys
14:31:58.0487 3268 mouclass - ok
14:31:58.0494 3268 [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid C:\windows\System32\drivers\mouhid.sys
14:31:58.0524 3268 mouhid - ok
14:31:58.0530 3268 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\windows\system32\drivers\mountmgr.sys
14:31:58.0544 3268 mountmgr - ok
14:31:58.0572 3268 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:31:58.0583 3268 MozillaMaintenance - ok
14:31:58.0642 3268 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
14:31:58.0683 3268 mpsdrv - ok
14:31:58.0723 3268 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\windows\system32\mpssvc.dll
14:31:58.0763 3268 MpsSvc - ok
14:31:58.0809 3268 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
14:31:58.0844 3268 MRxDAV - ok
14:31:58.0873 3268 [ 93179D48066918323628CB016D8C94DC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
14:31:58.0915 3268 mrxsmb - ok
14:31:58.0932 3268 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
14:31:58.0947 3268 mrxsmb10 - ok
14:31:58.0963 3268 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
14:31:58.0987 3268 mrxsmb20 - ok
14:31:59.0025 3268 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\windows\system32\DRIVERS\bridge.sys
14:31:59.0054 3268 MsBridge - ok
14:31:59.0112 3268 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\windows\System32\msdtc.exe
14:31:59.0134 3268 MSDTC - ok
14:31:59.0144 3268 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\windows\system32\drivers\Msfs.sys
14:31:59.0165 3268 Msfs - ok
14:31:59.0187 3268 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\windows\System32\drivers\msgpiowin32.sys
14:31:59.0200 3268 msgpiowin32 - ok
14:31:59.0218 3268 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
14:31:59.0230 3268 mshidkmdf - ok
14:31:59.0278 3268 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\windows\System32\drivers\mshidumdf.sys
14:31:59.0290 3268 mshidumdf - ok
14:31:59.0308 3268 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\windows\system32\drivers\msisadrv.sys
14:31:59.0320 3268 msisadrv - ok
14:31:59.0353 3268 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\windows\system32\iscsiexe.dll
14:31:59.0376 3268 MSiSCSI - ok
14:31:59.0382 3268 msiserver - ok
14:31:59.0401 3268 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
14:31:59.0413 3268 MSKSSRV - ok
14:31:59.0419 3268 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\windows\system32\DRIVERS\mslldp.sys
14:31:59.0433 3268 MsLldp - ok
14:31:59.0437 3268 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
14:31:59.0463 3268 MSPCLOCK - ok
14:31:59.0467 3268 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
14:31:59.0485 3268 MSPQM - ok
14:31:59.0537 3268 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
14:31:59.0559 3268 MsRPC - ok
14:31:59.0567 3268 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\windows\System32\drivers\mssmbios.sys
14:31:59.0580 3268 mssmbios - ok
14:31:59.0599 3268 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
14:31:59.0698 3268 MSTEE - ok
14:31:59.0775 3268 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\windows\System32\drivers\MTConfig.sys
14:31:59.0806 3268 MTConfig - ok
14:31:59.0854 3268 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\windows\system32\Drivers\mup.sys
14:31:59.0868 3268 Mup - ok
14:31:59.0872 3268 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\windows\system32\drivers\mvumis.sys
14:31:59.0887 3268 mvumis - ok
14:31:59.0909 3268 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\windows\system32\qagentRT.dll
14:31:59.0944 3268 napagent - ok
14:31:59.0973 3268 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
14:32:00.0040 3268 NativeWifiP - ok
14:32:00.0066 3268 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\windows\System32\ncasvc.dll
14:32:00.0097 3268 NcaSvc - ok
14:32:00.0115 3268 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\windows\System32\NcdAutoSetup.dll
14:32:00.0149 3268 NcdAutoSetup - ok
14:32:00.0239 3268 [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS C:\windows\system32\drivers\ndis.sys
14:32:00.0276 3268 NDIS - ok
14:32:00.0313 3268 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
14:32:00.0385 3268 NdisCap - ok
14:32:00.0391 3268 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\windows\system32\DRIVERS\NdisImPlatform.sys
14:32:00.0414 3268 NdisImPlatform - ok
14:32:00.0442 3268 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
14:32:00.0479 3268 NdisTapi - ok
14:32:00.0497 3268 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
14:32:00.0510 3268 Ndisuio - ok
14:32:00.0517 3268 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
14:32:00.0546 3268 NdisWan - ok
14:32:00.0552 3268 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\windows\system32\DRIVERS\ndiswan.sys
14:32:00.0570 3268 NDISWANLEGACY - ok
14:32:00.0594 3268 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
14:32:00.0606 3268 NDProxy - ok
14:32:00.0627 3268 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\windows\system32\drivers\Ndu.sys
14:32:00.0653 3268 Ndu - ok
14:32:00.0659 3268 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
14:32:00.0687 3268 NetBIOS - ok
14:32:00.0697 3268 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
14:32:00.0755 3268 NetBT - ok
14:32:00.0771 3268 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\windows\system32\lsass.exe
14:32:00.0785 3268 Netlogon - ok
14:32:00.0819 3268 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\windows\System32\netman.dll
14:32:00.0852 3268 Netman - ok
14:32:00.0887 3268 [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm C:\windows\System32\netprofmsvc.dll
14:32:00.0961 3268 netprofm - ok
14:32:01.0021 3268 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:32:01.0035 3268 NetTcpPortSharing - ok
14:32:01.0066 3268 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
14:32:01.0079 3268 nfrd960 - ok
14:32:01.0151 3268 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\windows\System32\nlasvc.dll
14:32:01.0183 3268 NlaSvc - ok
14:32:01.0196 3268 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\windows\system32\drivers\Npfs.sys
14:32:01.0221 3268 Npfs - ok
14:32:01.0227 3268 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\windows\System32\drivers\npsvctrig.sys
14:32:01.0259 3268 npsvctrig - ok
14:32:01.0312 3268 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\windows\system32\nsisvc.dll
14:32:01.0341 3268 nsi - ok
14:32:01.0347 3268 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
14:32:01.0374 3268 nsiproxy - ok
14:32:01.0427 3268 [ 76929F4A69E425911A63B407E26C2589 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
14:32:01.0486 3268 Ntfs - ok
14:32:01.0511 3268 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\windows\system32\drivers\Null.sys
14:32:01.0533 3268 Null - ok
14:32:01.0767 3268 [ F648FE6BCE0AAD9E5EA63C8BE9AD90E3 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
14:32:02.0015 3268 nvlddmkm - ok
14:32:02.0039 3268 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\windows\system32\drivers\nvraid.sys
14:32:02.0055 3268 nvraid - ok
14:32:02.0062 3268 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\windows\system32\drivers\nvstor.sys
14:32:02.0078 3268 nvstor - ok
14:32:02.0085 3268 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
14:32:02.0101 3268 nv_agp - ok
14:32:02.0262 3268 [ B659DAD6C3D1860C7FCEB94FC2FE165C ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
14:32:02.0305 3268 OfficeSvc - ok
14:32:02.0407 3268 [ 86AEE55550B6FBF4EBAFBCF084B2B00D ] OpLclSrv C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
14:32:02.0413 3268 OpLclSrv ( UnsignedFile.Multi.Generic ) - warning
14:32:02.0413 3268 OpLclSrv - detected UnsignedFile.Multi.Generic (1)
14:32:02.0499 3268 [ 11E0B35479C895888BA3D7F619DCFFF3 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:32:02.0512 3268 ose64 - ok
14:32:02.0551 3268 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\windows\system32\pnrpsvc.dll
14:32:02.0595 3268 p2pimsvc - ok
14:32:02.0658 3268 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\windows\system32\p2psvc.dll
14:32:02.0685 3268 p2psvc - ok
14:32:02.0719 3268 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\windows\System32\drivers\parport.sys
14:32:02.0733 3268 Parport - ok
14:32:02.0767 3268 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\windows\system32\drivers\partmgr.sys
14:32:02.0781 3268 partmgr - ok
14:32:02.0841 3268 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\windows\System32\pcasvc.dll
14:32:02.0888 3268 PcaSvc - ok
14:32:02.0903 3268 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\windows\system32\drivers\pci.sys
14:32:02.0921 3268 pci - ok
14:32:02.0936 3268 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\windows\system32\drivers\pciide.sys
14:32:02.0948 3268 pciide - ok
14:32:02.0964 3268 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
14:32:02.0982 3268 pcmcia - ok
14:32:02.0988 3268 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\windows\system32\drivers\pcw.sys
14:32:03.0001 3268 pcw - ok
14:32:03.0039 3268 [ AECC24430301DBC6A76916E3029B6B83 ] pdc C:\windows\system32\drivers\pdc.sys
14:32:03.0052 3268 pdc - ok
14:32:03.0115 3268 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\windows\system32\drivers\peauth.sys
14:32:03.0143 3268 PEAUTH - ok
14:32:03.0209 3268 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\windows\SysWow64\perfhost.exe
14:32:03.0238 3268 PerfHost - ok
14:32:03.0300 3268 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\windows\system32\pla.dll
14:32:03.0356 3268 pla - ok
14:32:03.0392 3268 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\windows\system32\umpnpmgr.dll
14:32:03.0408 3268 PlugPlay - ok
14:32:03.0421 3268 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
14:32:03.0448 3268 PNRPAutoReg - ok
14:32:03.0483 3268 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\windows\system32\pnrpsvc.dll
14:32:03.0501 3268 PNRPsvc - ok
14:32:03.0546 3268 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
14:32:03.0628 3268 PolicyAgent - ok
14:32:03.0661 3268 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\windows\system32\umpo.dll
14:32:03.0691 3268 Power - ok
14:32:03.0723 3268 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
14:32:03.0817 3268 PptpMiniport - ok
14:32:03.0916 3268 [ CC0B8655E4B2A5BBB215CDA8FC3BE4DE ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
14:32:03.0987 3268 PrintNotify - ok
14:32:04.0014 3268 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\windows\System32\drivers\processr.sys
14:32:04.0036 3268 Processor - ok
14:32:04.0100 3268 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\windows\system32\profsvc.dll
14:32:04.0118 3268 ProfSvc - ok
14:32:04.0132 3268 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\windows\system32\DRIVERS\pacer.sys
14:32:04.0161 3268 Psched - ok
14:32:04.0185 3268 [ 07D57B890DD5693A6AB660CBAE8F91B4 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
14:32:04.0193 3268 PxHlpa64 - ok
14:32:04.0243 3268 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\windows\system32\qwave.dll
14:32:04.0262 3268 QWAVE - ok
14:32:04.0296 3268 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
14:32:04.0326 3268 QWAVEdrv - ok
14:32:04.0359 3268 [ 194ED3C117525613E701FF257882303E ] RadioHIDMini C:\windows\System32\drivers\RadioHIDMini.sys
14:32:04.0366 3268 RadioHIDMini - ok
14:32:04.0371 3268 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
14:32:04.0437 3268 RasAcd - ok
14:32:04.0472 3268 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
14:32:04.0488 3268 RasAgileVpn - ok
14:32:04.0520 3268 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\windows\System32\rasauto.dll
14:32:04.0539 3268 RasAuto - ok
14:32:04.0554 3268 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
14:32:04.0587 3268 Rasl2tp - ok
14:32:04.0611 3268 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\windows\System32\rasmans.dll
14:32:04.0634 3268 RasMan - ok
14:32:04.0641 3268 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
14:32:04.0658 3268 RasPppoe - ok
14:32:04.0664 3268 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
14:32:04.0696 3268 RasSstp - ok
14:32:04.0716 3268 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
14:32:04.0745 3268 rdbss - ok
14:32:04.0753 3268 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\windows\System32\drivers\rdpbus.sys
14:32:04.0788 3268 rdpbus - ok
14:32:04.0806 3268 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
14:32:04.0835 3268 RDPDR - ok
14:32:04.0925 3268 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
14:32:04.0937 3268 RdpVideoMiniport - ok
14:32:04.0969 3268 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
14:32:04.0999 3268 RDPWD - ok
14:32:05.0016 3268 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
14:32:05.0033 3268 rdyboost - ok
14:32:05.0116 3268 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\windows\System32\mprdim.dll
14:32:05.0148 3268 RemoteAccess - ok
14:32:05.0174 3268 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\windows\system32\regsvc.dll
14:32:05.0215 3268 RemoteRegistry - ok
14:32:05.0372 3268 [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
14:32:05.0421 3268 RFCOMM - ok
14:32:05.0477 3268 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
14:32:05.0504 3268 RpcEptMapper - ok
14:32:05.0537 3268 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\windows\system32\locator.exe
14:32:05.0551 3268 RpcLocator - ok
14:32:05.0591 3268 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\windows\system32\rpcss.dll
14:32:05.0616 3268 RpcSs - ok
14:32:05.0649 3268 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
14:32:05.0678 3268 rspndr - ok
14:32:05.0751 3268 [ 8EB6DCEB7473C232D8BC9A886E3183AC ] RSUSBVSTOR C:\windows\System32\Drivers\RtsUVStor.sys
14:32:05.0764 3268 RSUSBVSTOR - ok
14:32:05.0790 3268 [ 34DA0D14F5C3F1883A331AFB975AB434 ] RTL8168 C:\windows\system32\DRIVERS\Rt630x64.sys
14:32:05.0810 3268 RTL8168 - ok
14:32:05.0834 3268 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\windows\System32\drivers\vms3cap.sys
14:32:05.0860 3268 s3cap - ok
14:32:05.0918 3268 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\windows\system32\lsass.exe
14:32:05.0932 3268 SamSs - ok
14:32:05.0968 3268 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
14:32:05.0982 3268 sbp2port - ok
14:32:06.0012 3268 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\windows\System32\SCardSvr.dll
14:32:06.0050 3268 SCardSvr - ok
14:32:06.0113 3268 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
14:32:06.0145 3268 scfilter - ok
14:32:06.0186 3268 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\windows\system32\schedsvc.dll
14:32:06.0231 3268 Schedule - ok
14:32:06.0302 3268 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\windows\System32\certprop.dll
14:32:06.0320 3268 SCPolicySvc - ok
14:32:06.0344 3268 [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus C:\windows\System32\drivers\sdbus.sys
14:32:06.0360 3268 sdbus - ok
14:32:06.0383 3268 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\windows\System32\SDRSVC.dll
14:32:06.0430 3268 SDRSVC - ok
14:32:06.0452 3268 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\windows\System32\drivers\sdstor.sys
14:32:06.0465 3268 sdstor - ok
14:32:06.0503 3268 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
14:32:06.0515 3268 secdrv - ok
14:32:06.0589 3268 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\windows\system32\seclogon.dll
14:32:06.0614 3268 seclogon - ok
14:32:06.0628 3268 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\windows\System32\sens.dll
14:32:06.0651 3268 SENS - ok
14:32:06.0674 3268 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\windows\system32\sensrsvc.dll
14:32:06.0739 3268 SensrSvc - ok
14:32:06.0762 3268 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\windows\system32\drivers\SerCx.sys
14:32:06.0784 3268 SerCx - ok
14:32:06.0790 3268 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\windows\System32\drivers\serenum.sys
14:32:06.0814 3268 Serenum - ok
14:32:06.0822 3268 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\windows\System32\drivers\serial.sys
14:32:06.0847 3268 Serial - ok
14:32:06.0853 3268 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\windows\System32\drivers\sermouse.sys
14:32:06.0868 3268 sermouse - ok
14:32:06.0906 3268 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\windows\system32\sessenv.dll
14:32:06.0941 3268 SessionEnv - ok
14:32:06.0946 3268 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\windows\System32\drivers\sfloppy.sys
14:32:06.0971 3268 sfloppy - ok
14:32:07.0018 3268 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\windows\System32\ipnathlp.dll
14:32:07.0092 3268 SharedAccess - ok
14:32:07.0141 3268 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\windows\System32\shsvcs.dll
14:32:07.0207 3268 ShellHWDetection - ok
14:32:07.0231 3268 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
14:32:07.0244 3268 SiSRaid2 - ok
14:32:07.0265 3268 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
14:32:07.0279 3268 SiSRaid4 - ok
14:32:07.0299 3268 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\windows\System32\snmptrap.exe
14:32:07.0318 3268 SNMPTRAP - ok
14:32:07.0340 3268 [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport C:\windows\system32\drivers\spaceport.sys
14:32:07.0359 3268 spaceport - ok
14:32:07.0394 3268 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\windows\system32\drivers\SpbCx.sys
14:32:07.0417 3268 SpbCx - ok
14:32:07.0459 3268 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\windows\System32\spoolsv.exe
14:32:07.0499 3268 Spooler - ok
14:32:07.0601 3268 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\windows\system32\sppsvc.exe
14:32:07.0699 3268 sppsvc - ok
14:32:07.0721 3268 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\windows\system32\DRIVERS\srv.sys
14:32:07.0747 3268 srv - ok
14:32:07.0791 3268 [ 9912FDF63EC78E1977083E20DEAE4889 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
14:32:07.0823 3268 srv2 - ok
14:32:07.0845 3268 [ FD8B4F201B681C555A4AF41922C52557 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
14:32:07.0868 3268 srvnet - ok
14:32:07.0911 3268 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
14:32:07.0980 3268 SSDPSRV - ok
14:32:08.0004 3268 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\windows\system32\sstpsvc.dll
14:32:08.0022 3268 SstpSvc - ok
14:32:08.0050 3268 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\windows\system32\drivers\stexstor.sys
14:32:08.0062 3268 stexstor - ok
14:32:08.0098 3268 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\windows\System32\wiaservc.dll
14:32:08.0149 3268 stisvc - ok
14:32:08.0154 3268 [ C588BBD37B432CE3204E5765B459E6B2 ] storahci C:\windows\system32\drivers\storahci.sys
14:32:08.0168 3268 storahci - ok
14:32:08.0186 3268 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\windows\system32\DRIVERS\vmstorfl.sys
14:32:08.0199 3268 storflt - ok
14:32:08.0231 3268 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\windows\system32\storsvc.dll
14:32:08.0264 3268 StorSvc - ok
14:32:08.0276 3268 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\windows\system32\drivers\storvsc.sys
14:32:08.0288 3268 storvsc - ok
14:32:08.0300 3268 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\windows\system32\svsvc.dll
14:32:08.0333 3268 svsvc - ok
14:32:08.0352 3268 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\windows\System32\drivers\swenum.sys
14:32:08.0364 3268 swenum - ok
14:32:08.0384 3268 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\windows\System32\swprv.dll
14:32:08.0428 3268 swprv - ok
14:32:08.0477 3268 SWUpdateService - ok
14:32:08.0567 3268 [ EEEFA1A758C2866A2FF27025ECAFAE1D ] SynoDrService C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe
14:32:08.0576 3268 SynoDrService ( UnsignedFile.Multi.Generic ) - warning
14:32:08.0576 3268 SynoDrService - detected UnsignedFile.Multi.Generic (1)
14:32:08.0613 3268 [ D068E3E8AA9951D1E051E20300260E7B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
14:32:08.0632 3268 SynTP - ok
14:32:08.0679 3268 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\windows\system32\sysmain.dll
14:32:08.0714 3268 SysMain - ok
14:32:08.0750 3268 [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\windows\System32\SystemEventsBrokerServer.dll
14:32:08.0792 3268 SystemEventsBroker - ok
14:32:08.0806 3268 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\windows\System32\TabSvc.dll
14:32:08.0843 3268 TabletInputService - ok
14:32:08.0860 3268 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\windows\System32\tapisrv.dll
14:32:08.0888 3268 TapiSrv - ok
14:32:08.0958 3268 [ F4F78B7F39BD56BD0BFE4C4399398F6F ] Tcpip C:\windows\system32\drivers\tcpip.sys
14:32:09.0025 3268 Tcpip - ok
14:32:09.0058 3268 [ F4F78B7F39BD56BD0BFE4C4399398F6F ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
14:32:09.0126 3268 TCPIP6 - ok
14:32:09.0162 3268 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
14:32:09.0178 3268 tcpipreg - ok
14:32:09.0187 3268 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\windows\system32\DRIVERS\tdx.sys
14:32:09.0202 3268 tdx - ok
14:32:09.0221 3268 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\windows\System32\drivers\terminpt.sys
14:32:09.0234 3268 terminpt - ok
14:32:09.0276 3268 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\windows\System32\termsrv.dll
14:32:09.0315 3268 TermService - ok
14:32:09.0337 3268 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\windows\system32\themeservice.dll
14:32:09.0408 3268 Themes - ok
14:32:09.0443 3268 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\windows\system32\mmcss.dll
14:32:09.0457 3268 THREADORDER - ok
14:32:09.0481 3268 [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker C:\windows\System32\TimeBrokerServer.dll
14:32:09.0507 3268 TimeBroker - ok
14:32:09.0579 3268 [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM C:\windows\system32\drivers\tpm.sys
14:32:09.0594 3268 TPM - ok
14:32:09.0624 3268 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\windows\System32\trkwks.dll
14:32:09.0652 3268 TrkWks - ok
14:32:09.0752 3268 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
14:32:09.0772 3268 TrustedInstaller - ok
14:32:09.0803 3268 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
14:32:09.0823 3268 TsUsbFlt - ok
14:32:09.0828 3268 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\windows\System32\drivers\TsUsbGD.sys
14:32:09.0852 3268 TsUsbGD - ok
14:32:09.0876 3268 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
14:32:09.0910 3268 tunnel - ok
14:32:09.0932 3268 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\windows\system32\drivers\uagp35.sys
14:32:09.0945 3268 uagp35 - ok
14:32:09.0951 3268 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\windows\System32\drivers\uaspstor.sys
14:32:09.0965 3268 UASPStor - ok
14:32:09.0997 3268 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\windows\System32\drivers\ucx01000.sys
14:32:10.0014 3268 UCX01000 - ok
14:32:10.0032 3268 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\windows\system32\DRIVERS\udfs.sys
14:32:10.0056 3268 udfs - ok
14:32:10.0095 3268 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\windows\system32\UI0Detect.exe
14:32:10.0114 3268 UI0Detect - ok
14:32:10.0120 3268 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
14:32:10.0134 3268 uliagpkx - ok
14:32:10.0140 3268 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\windows\System32\drivers\umbus.sys
14:32:10.0165 3268 umbus - ok
14:32:10.0170 3268 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\windows\System32\drivers\umpass.sys
14:32:10.0220 3268 UmPass - ok
14:32:10.0241 3268 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\windows\System32\umrdp.dll
14:32:10.0272 3268 UmRdpService - ok
14:32:10.0297 3268 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\windows\System32\upnphost.dll
14:32:10.0332 3268 upnphost - ok
14:32:10.0388 3268 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\windows\System32\drivers\usbccgp.sys
14:32:10.0420 3268 usbccgp - ok
14:32:10.0437 3268 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\windows\System32\drivers\usbcir.sys
14:32:10.0479 3268 usbcir - ok
14:32:10.0506 3268 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\windows\System32\drivers\usbehci.sys
14:32:10.0520 3268 usbehci - ok
14:32:10.0548 3268 [ 4875DC63E548812C75D4FDEF84970C89 ] usbfilter C:\windows\system32\DRIVERS\usbfilter.sys
14:32:10.0556 3268 usbfilter - ok
14:32:10.0586 3268 [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub C:\windows\System32\drivers\usbhub.sys
14:32:10.0611 3268 usbhub - ok
14:32:10.0651 3268 [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3 C:\windows\System32\drivers\UsbHub3.sys
14:32:10.0672 3268 USBHUB3 - ok
14:32:10.0690 3268 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\windows\System32\drivers\usbohci.sys
14:32:10.0702 3268 usbohci - ok
14:32:10.0723 3268 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\windows\System32\drivers\usbprint.sys
14:32:10.0759 3268 usbprint - ok
14:32:10.0824 3268 [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
14:32:10.0866 3268 usbscan - ok
14:32:10.0958 3268 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\windows\System32\drivers\USBSTOR.SYS
14:32:10.0973 3268 USBSTOR - ok
14:32:11.0005 3268 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\windows\System32\drivers\usbuhci.sys
14:32:11.0040 3268 usbuhci - ok
14:32:11.0105 3268 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
14:32:11.0129 3268 usbvideo - ok
14:32:11.0150 3268 [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI C:\windows\System32\drivers\USBXHCI.SYS
14:32:11.0171 3268 USBXHCI - ok
14:32:11.0188 3268 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\windows\system32\lsass.exe
14:32:11.0202 3268 VaultSvc - ok
14:32:11.0222 3268 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
14:32:11.0235 3268 vdrvroot - ok
14:32:11.0265 3268 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\windows\System32\vds.exe
14:32:11.0303 3268 vds - ok
14:32:11.0309 3268 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\windows\system32\drivers\VerifierExt.sys
14:32:11.0324 3268 VerifierExt - ok
14:32:11.0357 3268 [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp C:\windows\System32\drivers\vhdmp.sys
14:32:11.0381 3268 vhdmp - ok
14:32:11.0403 3268 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\windows\system32\drivers\viaide.sys
14:32:11.0415 3268 viaide - ok
14:32:11.0480 3268 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\windows\system32\drivers\vmbus.sys
14:32:11.0494 3268 vmbus - ok
14:32:11.0500 3268 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\windows\System32\drivers\VMBusHID.sys
14:32:11.0518 3268 VMBusHID - ok
14:32:11.0553 3268 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\windows\System32\ICSvc.dll
14:32:11.0582 3268 vmicheartbeat - ok
14:32:11.0589 3268 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\windows\System32\ICSvc.dll
14:32:11.0607 3268 vmickvpexchange - ok
14:32:11.0615 3268 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\windows\System32\ICSvc.dll
14:32:11.0632 3268 vmicrdv - ok
14:32:11.0640 3268 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\windows\System32\ICSvc.dll
14:32:11.0657 3268 vmicshutdown - ok
14:32:11.0665 3268 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\windows\System32\ICSvc.dll
14:32:11.0682 3268 vmictimesync - ok
14:32:11.0689 3268 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\windows\System32\ICSvc.dll
14:32:11.0706 3268 vmicvss - ok
14:32:11.0725 3268 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\windows\system32\drivers\volmgr.sys
14:32:11.0739 3268 volmgr - ok
14:32:11.0797 3268 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
14:32:11.0819 3268 volmgrx - ok
14:32:11.0828 3268 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\windows\system32\drivers\volsnap.sys
14:32:11.0848 3268 volsnap - ok
14:32:11.0862 3268 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\windows\System32\drivers\vpci.sys
14:32:11.0875 3268 vpci - ok
14:32:11.0882 3268 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
14:32:11.0898 3268 vsmraid - ok
14:32:11.0943 3268 [ EA658570314042C914964FC72AB50E6B ] VSS C:\windows\system32\vssvc.exe
14:32:11.0985 3268 VSS - ok
14:32:12.0006 3268 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\windows\system32\drivers\vstxraid.sys
14:32:12.0025 3268 VSTXRAID - ok
14:32:12.0032 3268 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\windows\System32\drivers\vwifibus.sys
14:32:12.0044 3268 vwifibus - ok
14:32:12.0050 3268 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
14:32:12.0087 3268 vwififlt - ok
14:32:12.0092 3268 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
14:32:12.0113 3268 vwifimp - ok
14:32:12.0122 3268 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\windows\system32\w32time.dll
14:32:12.0157 3268 W32Time - ok
14:32:12.0171 3268 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\windows\System32\drivers\wacompen.sys
14:32:12.0193 3268 WacomPen - ok
14:32:12.0226 3268 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
14:32:12.0245 3268 Wanarp - ok
14:32:12.0250 3268 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
14:32:12.0263 3268 Wanarpv6 - ok
14:32:12.0312 3268 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\windows\system32\wbengine.exe
14:32:12.0393 3268 wbengine - ok
14:32:12.0411 3268 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
14:32:12.0430 3268 WbioSrvc - ok
14:32:12.0439 3268 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\windows\System32\wcmsvc.dll
14:32:12.0457 3268 Wcmsvc - ok
14:32:12.0498 3268 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\windows\System32\wcncsvc.dll
14:32:12.0581 3268 wcncsvc - ok
14:32:12.0618 3268 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
14:32:12.0645 3268 WcsPlugInService - ok
14:32:12.0676 3268 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\windows\system32\drivers\wd.sys
14:32:12.0688 3268 Wd - ok
14:32:12.0758 3268 [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot C:\windows\system32\drivers\WdBoot.sys
14:32:12.0771 3268 WdBoot - ok
14:32:12.0807 3268 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
14:32:12.0834 3268 Wdf01000 - ok
14:32:12.0861 3268 [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter C:\windows\system32\drivers\WdFilter.sys
14:32:12.0877 3268 WdFilter - ok
14:32:12.0929 3268 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\windows\system32\wdi.dll
14:32:12.0952 3268 WdiServiceHost - ok
14:32:12.0957 3268 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\windows\system32\wdi.dll
14:32:12.0982 3268 WdiSystemHost - ok
14:32:13.0016 3268 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\windows\System32\webclnt.dll
14:32:13.0035 3268 WebClient - ok
14:32:13.0055 3268 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\windows\system32\wecsvc.dll
14:32:13.0074 3268 Wecsvc - ok
14:32:13.0097 3268 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\windows\System32\wercplsupport.dll
14:32:13.0164 3268 wercplsupport - ok
14:32:13.0191 3268 [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc C:\windows\System32\WerSvc.dll
14:32:13.0231 3268 WerSvc - ok
14:32:13.0257 3268 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\windows\system32\DRIVERS\wfplwfs.sys
14:32:13.0272 3268 WFPLWFS - ok
14:32:13.0300 3268 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\windows\System32\wiarpc.dll
14:32:13.0327 3268 WiaRpc - ok
14:32:13.0347 3268 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\windows\system32\drivers\wimmount.sys
14:32:13.0359 3268 WIMMount - ok
14:32:13.0394 3268 WinDefend - ok
14:32:13.0434 3268 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\windows\system32\winhttp.dll
14:32:13.0463 3268 WinHttpAutoProxySvc - ok
14:32:13.0511 3268 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
14:32:13.0528 3268 Winmgmt - ok
14:32:13.0602 3268 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\windows\system32\WsmSvc.dll
14:32:13.0666 3268 WinRM - ok
14:32:13.0718 3268 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\windows\System32\wlansvc.dll
14:32:13.0750 3268 WlanSvc - ok
14:32:13.0820 3268 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\windows\system32\wlidsvc.dll
14:32:13.0882 3268 wlidsvc - ok
14:32:13.0912 3268 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\windows\System32\drivers\wmiacpi.sys
14:32:13.0924 3268 WmiAcpi - ok
14:32:13.0957 3268 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
14:32:14.0029 3268 wmiApSrv - ok
14:32:14.0054 3268 WMPNetworkSvc - ok
14:32:14.0070 3268 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\windows\system32\DRIVERS\wpcfltr.sys
14:32:14.0109 3268 wpcfltr - ok
14:32:14.0138 3268 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\windows\System32\wpcsvc.dll
14:32:14.0153 3268 WPCSvc - ok
14:32:14.0181 3268 [ 39D8AB837F91B729D12D32ED81E2062F ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
14:32:14.0204 3268 WPDBusEnum - ok
14:32:14.0220 3268 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\windows\system32\drivers\WpdUpFltr.sys
14:32:14.0306 3268 WpdUpFltr - ok
14:32:14.0331 3268 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
14:32:14.0350 3268 ws2ifsl - ok
14:32:14.0451 3268 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\windows\System32\wscsvc.dll
14:32:14.0502 3268 wscsvc - ok
14:32:14.0523 3268 [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice C:\windows\System32\drivers\WSDPrint.sys
14:32:14.0560 3268 WSDPrintDevice - ok
14:32:14.0565 3268 WSearch - ok
14:32:14.0650 3268 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\windows\System32\WSService.dll
14:32:14.0731 3268 WSService - ok
14:32:14.0807 3268 [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv C:\windows\system32\wuaueng.dll
14:32:14.0876 3268 wuauserv - ok
14:32:14.0904 3268 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
14:32:14.0933 3268 WudfPf - ok
14:32:14.0948 3268 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\System32\drivers\WUDFRd.sys
14:32:14.0978 3268 WUDFRd - ok
14:32:14.0986 3268 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFSensorLP C:\windows\system32\DRIVERS\WUDFRd.sys
14:32:15.0001 3268 WUDFSensorLP - ok
14:32:15.0030 3268 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
14:32:15.0047 3268 wudfsvc - ok
14:32:15.0053 3268 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\windows\system32\DRIVERS\WUDFRd.sys
14:32:15.0069 3268 WUDFWpdFs - ok
14:32:15.0110 3268 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\windows\System32\wwansvc.dll
14:32:15.0142 3268 WwanSvc - ok
14:32:15.0237 3268 [ 86B8B1F5C1189D68B07666784BE882FE ] ZAtheros Bt and Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
14:32:15.0245 3268 ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - warning
14:32:15.0245 3268 ZAtheros Bt and Wlan Coex Agent - detected UnsignedFile.Multi.Generic (1)
14:32:15.0262 3268 ================ Scan global ===============================
14:32:15.0294 3268 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\windows\system32\basesrv.dll
14:32:15.0312 3268 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\windows\system32\winsrv.dll
14:32:15.0388 3268 [ BD7C6949984D19AAA609896B675E7357 ] C:\windows\system32\sxssrv.dll
14:32:15.0420 3268 [ 8F226143046435C75C033B0C52E90FFE ] C:\windows\system32\services.exe
14:32:15.0425 3268 [Global] - ok
14:32:15.0426 3268 ================ Scan MBR ==================================
14:32:15.0436 3268 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
14:32:15.0592 3268 \Device\Harddisk0\DR0 - ok
14:32:15.0592 3268 ================ Scan VBR ==================================
14:32:15.0621 3268 [ 630E2D1F401236784BC140226BCB2F4F ] \Device\Harddisk0\DR0\Partition1
14:32:15.0623 3268 \Device\Harddisk0\DR0\Partition1 - ok
14:32:15.0641 3268 [ BC60738F8BF44F3EC5A6B0FA5F3408B1 ] \Device\Harddisk0\DR0\Partition2
14:32:15.0642 3268 \Device\Harddisk0\DR0\Partition2 - ok
14:32:15.0653 3268 [ 663CA238A02DC52CEFCD54E72F6C3856 ] \Device\Harddisk0\DR0\Partition3
14:32:15.0654 3268 \Device\Harddisk0\DR0\Partition3 - ok
14:32:15.0660 3268 [ AC422AE82896FAA61AE6BC23EFABFDCA ] \Device\Harddisk0\DR0\Partition4
14:32:15.0662 3268 \Device\Harddisk0\DR0\Partition4 - ok
14:32:15.0690 3268 [ 7AF45DC8636B9A6445243C9A35E1FDC4 ] \Device\Harddisk0\DR0\Partition5
14:32:15.0691 3268 \Device\Harddisk0\DR0\Partition5 - ok
14:32:15.0703 3268 [ CB576672099CB7660FDE0C1E4F9B9443 ] \Device\Harddisk0\DR0\Partition6
14:32:15.0705 3268 \Device\Harddisk0\DR0\Partition6 - ok
14:32:15.0705 3268 ============================================================
14:32:15.0705 3268 Scan finished
14:32:15.0705 3268 ============================================================
14:32:15.0720 9008 Detected object count: 4
14:32:15.0720 9008 Actual detected object count: 4
14:35:56.0287 9008 ClassicShellService ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:56.0287 9008 ClassicShellService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:35:56.0288 9008 OpLclSrv ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:56.0288 9008 OpLclSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:35:56.0290 9008 SynoDrService ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:56.0290 9008 SynoDrService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:35:56.0292 9008 ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - skipped by user
14:35:56.0292 9008 ZAtheros Bt and Wlan Coex Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:36:08.0504 1528 Deinitialize success
|
|
02.04.2013, 13:47
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ --> PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht |
|
02.04.2013, 14:57
| #7 |
| | PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht Hallo, hier die Logs: JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.9 (04.01.2013:1)
OS: Windows 8 x64
Ran by *** on 02.04.2013 at 15:07:41,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3374548980-1992312967-476797461-1001\software\microsoft\internet explorer\main\\Start Page
~~~ Registry Keys
Failed to delete: [Registry Key] hkey_local_machine\software\classes\appid\bho.dll
Failed to delete: [Registry Key] hkey_local_machine\software\classes\scripthost.tool
Failed to delete: [Registry Key] hkey_local_machine\software\classes\scripthost.tool.1
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Failed to delete: [Registry Key] "hkey_local_machine\software\pip"
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] "C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\4ml5e9vo.default\extensions\jid1-JcGokIiQyjoBAQ@jetpack.xpi"
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\4ml5e9vo.default\minidumps [5 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.04.2013 at 15:12:10,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 02/04/2013 um 15:16:38 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\Software\PIP
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16519
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\4ml5e9vo.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [951 octets] - [02/04/2013 15:16:38]
########## EOF - C:\AdwCleaner[S1].txt - [1010 octets] ##########
Code:
ATTFilter OTL Extras logfile created on: 02.04.2013 15:27:06 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,46 Gb Total Physical Memory | 5,70 Gb Available Physical Memory | 76,43% Memory free
8,59 Gb Paging File | 6,63 Gb Available in Paging File | 77,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 902,22 Gb Total Space | 802,50 Gb Free Space | 88,95% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3374548980-1992312967-476797461-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\***\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\***\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01A75911-1539-44BC-B8AF-569125F285E9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{122B4AA9-CF05-4349-A1FA-767A7FAB11C0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21ABC8EB-CBD1-4A44-8422-97240A37D7DD}" = rport=139 | protocol=6 | dir=out | app=system |
"{28FC2F8A-47E6-4E83-8F97-4E854D423FE9}" = lport=137 | protocol=17 | dir=in | app=system |
"{387D7A80-D8B1-44BB-A1E1-84D20994E5AF}" = lport=445 | protocol=6 | dir=in | app=system |
"{4896E1E6-A392-4154-8EBA-E1F9D9A3976E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{51A0AD81-8B53-41BF-9217-C49E8705C40F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{5BA80548-7C37-494D-9BA0-D499177FB15B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F8DC2CD-34BB-4A2F-AD60-3B6DD2AA5D10}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{66445E74-8233-4626-8E22-D133247BE8AA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{685B8462-4E25-4254-9103-959C1A793E90}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71D99D3E-5F03-484B-BCCD-80D8759F5774}" = rport=137 | protocol=17 | dir=out | app=system |
"{7238F2B8-0634-4C4C-8FE3-DA892202E483}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{769A528E-38C4-4A8C-B282-8952325DF1ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{941DA681-F998-4AC3-90F7-8F65D39887A4}" = lport=138 | protocol=17 | dir=in | app=system |
"{BA39ACAA-E98E-4B25-8D37-C487C244D42A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEDC0319-2067-4196-B3AA-62012D162AE9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D09C0CB3-F48F-413A-88D1-AFC2D4ED4AE5}" = lport=139 | protocol=6 | dir=in | app=system |
"{D475F957-ACD4-4D2B-9369-9C8199A7B57B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DCF5DFFF-FD8E-45A4-9A35-7E9103EE795D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DF4D8242-759A-483E-8C8D-0D44F9F398FF}" = rport=445 | protocol=6 | dir=out | app=system |
"{E6252925-F454-43CA-AF62-8119C69EF2B0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC02C1E1-724F-4A52-838F-7E6F7613DAB4}" = rport=138 | protocol=17 | dir=out | app=system |
"{F4E8DE8B-5E1A-4B05-B45A-D39A45544F90}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067B9AB9-0D5A-48BA-AFBF-85C9080902B1}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{0A9632C1-9D34-40CE-99D5-A453AF05506F}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{0AD16014-6E07-4E28-A3F7-11FA53A767BA}" = dir=in | name=evernote touch |
"{0E66A91C-ABDF-45F4-B993-8D4CF8A583DC}" = dir=out | name=s gallery |
"{0F06B874-7D42-4AC5-970D-7B67BF26508F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{14BD6741-3EEB-4C1D-BB57-1DC2DB1CA66E}" = dir=out | name=netzwelt |
"{15C9793E-24E4-48DF-BE33-4642D0EEB485}" = dir=out | name=chip |
"{1940FDB9-3B21-4851-86C1-E778144175DE}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{1A80AB85-6C98-4A3E-BD3B-7704A0CEE32F}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{1AE3F6EF-480C-4289-85DF-25986AEB0C40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{233137B4-5329-4D2E-8E93-06B126DD047F}" = dir=out | name=netzkino |
"{28C07F09-A9DD-40D9-A655-BA408C570425}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{29329CA1-0FA4-4774-82BA-E7285C743C66}" = dir=in | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{2947A0A3-BF9D-4B11-87D5-B8B61A64EB6B}" = dir=out | name=fresh paint |
"{2C700389-D95B-4DF4-B112-4A4AE802D91B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2CD581BE-3F95-4DEB-9CBD-FE7E58869324}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{2DF92384-08E9-4332-931B-5B2827140193}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{2E6677C0-D3EE-43FB-B8CA-71890C10DBE3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{32628743-8E84-4483-A869-B72621F34936}" = protocol=6 | dir=out | app=system |
"{3527937C-390C-4A85-9F88-02C207A54F52}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{3895273D-47CE-4304-AF57-84C4A8B0E995}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{3CE99D5D-6F85-4C53-A4D4-7131C102BB7D}" = dir=out | name=ebay |
"{3FC4C251-5A85-45CF-9834-1F72091B775D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3FFCA624-F7E7-465A-A7FC-BE0981D6E358}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{42589C04-979F-466C-9BAD-97373043D1F5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{44E06DB6-2E48-4C81-81B7-3DA10487757A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{46B19B5F-3D2D-47CC-998B-B2E8A4B65BA4}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{47B65A25-7228-4E6A-B452-53C4B3114852}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{487F3CD8-C89E-4C46-A23B-9D13A43B6EB3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{4D9F5EF7-C2EA-4C1B-AF3A-9C915249EFA7}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{4E5316EA-237F-4EBB-8ED3-66F7088F95E4}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{530D661A-FD49-49AB-8C8C-D59293002617}" = dir=out | name=microsoft minesweeper |
"{5719579F-13B0-4B00-B05C-114DFA01B3AE}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{5D35706B-2609-4A46-BAC4-9B13E6A373F4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{5FB861D6-BF77-4324-B4EA-491323AC919B}" = dir=out | name=taptiles |
"{69EEF5B2-E1C5-4B3D-AA4C-01DA84FEECBF}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{6D800AFF-6226-46AB-8F2B-D570DCE9D4CD}" = dir=out | name=prosieben |
"{6F8D6F2C-A419-43F7-8908-2FC8F64DB2E5}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8133D8C5-A69E-4734-9230-84DA7FD069D3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{819E2797-D1D9-4F35-819E-16500B884CB1}" = dir=out | name=evernote touch |
"{8511B7C6-CD2C-4355-914A-4C873D3A4E0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A9D1F33-DF63-4552-A75B-16681EE23740}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{8B1168BE-9845-4B37-AE03-D15FB0D61D05}" = dir=out | name=microsoft mahjong |
"{8F9E8849-5BFD-4DE1-93D7-A248A36B2185}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{93228BCD-2E7E-49B6-8589-F81E7A7A2CE4}" = dir=out | name=youtube player |
"{9E705776-2705-4DEF-89CF-57846B3919B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A37258D2-BC3B-4AC9-B86B-91BA86C1EF8E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A506DA3D-B2AC-434D-9CF9-95D4AC1EBDBD}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A63A5D10-DB81-433A-9E06-78DD680E1D49}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{ADA0740F-4A58-46E9-A840-F482E062E0A6}" = dir=out | name=shark dash |
"{ADF106CC-0D23-4198-9BAC-BD79418347B3}" = dir=out | name=@{3574gindasoft.to-dos_1.0.13.2_neutral__vhpcp2ef0a8kc?ms-resource://3574gindasoft.to-dos/resources/manifest_appname} |
"{AF626C8A-7607-4ACD-95D4-AD8EC8CAFF4F}" = dir=out | name=bubblebreaker |
"{B2B4D86B-66A0-4D3B-A0BF-1A3C9FAD92F7}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{B651C349-EED7-4A1C-A40A-3F5CC7CFF0F9}" = dir=out | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{B757B36B-5BC4-472B-B3E9-703335010A8C}" = dir=in | name=ebay |
"{B800C1CD-3D1E-46C3-9610-13FBD1D75CE6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBC37BB3-E760-408E-A689-D27AA2C16F40}" = dir=out | name=das örtliche |
"{BBC730AE-06D2-4795-83BA-39F3F4228036}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{BE0822D1-8B13-410E-A999-A93250B21C68}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C39368FD-347B-4BE4-AE6E-AB11C5201526}" = dir=out | name=s camera |
"{CA239BD3-5E10-4AA1-81C2-17467DC106FD}" = dir=out | name=focus online |
"{CA690778-6399-451E-8D0D-A100698697CF}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{D206E118-CE6D-4812-A5AA-AB7BE1EE9BBB}" = dir=out | name=bild tablet |
"{D27916CC-342C-4AB8-8BAA-23D5205D902B}" = dir=out | name=s player |
"{D7E6F18A-E1B9-44A6-B252-948CA9401286}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DCE529DB-08B6-450D-BE80-C22BE8741A1C}" = dir=out | name=wetter.com |
"{E561A1F2-F3B8-4906-972A-66FF13A285A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E73AE0EB-E4F2-40F9-8F21-856AB31F92B1}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EA433010-3551-41CF-9242-186068FAF638}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{ED6AA138-D510-45FE-8A8D-45EBF5562A1A}" = dir=out | name=@{12199asparion.asparionclock_1.2.1.2_neutral__f89vgcf3qm37t?ms-resource://12199asparion.asparionclock/resources/spackagename} |
"{F07017E1-3CD0-4364-A061-26364E0A1039}" = dir=out | name=kicker |
"{F12F7E6D-0121-4B4F-96FF-3955DAC0C365}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F3F83FB1-84B5-4B0A-9504-143B066085F8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F4B6650A-662D-4081-8811-12B22A715724}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{F591FA2B-4D4D-42A1-84F4-1B8D5002BCC9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F59D8D64-CE2E-4B93-8711-A8288F9A86D9}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{F6639B46-F444-488C-AC34-FC67355E80A8}" = dir=out | name=windows_ie_ac_001 |
"{FB0E41B0-DB86-45CB-BD5B-E479B3E18A99}" = dir=out | name=post mobil |
"{FF38CD7B-06D8-4119-8713-415E8F01E706}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FF9C73E6-32BD-4A59-8EA2-91556D402583}" = dir=out | name=amazon |
"TCP Query User{0D8610D6-AAD2-44EF-B05C-20069E5BCE59}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"TCP Query User{19A210B9-0286-4D3C-832F-02ABB5723EC4}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{29EA067E-BCFA-46CE-89B8-35F437044CD5}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{F003FBBB-8243-4ABD-9C57-AE47415AF386}C:\program files (x86)\mymdb\mymdb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mymdb\mymdb.exe |
"TCP Query User{F1C20F24-3F51-4FC6-BD9D-471A3AB0CDD3}D:\utilities\nicsetup\nicsettingtool.exe" = protocol=6 | dir=in | app=d:\utilities\nicsetup\nicsettingtool.exe |
"UDP Query User{2F066D6E-829F-4C3B-AAB4-817A83882FEF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{36771F06-7ECB-4392-BCB5-DEAB175B457D}D:\utilities\nicsetup\nicsettingtool.exe" = protocol=17 | dir=in | app=d:\utilities\nicsetup\nicsettingtool.exe |
"UDP Query User{55030E44-6CDD-468F-A4A6-9D5A299A9B62}C:\program files (x86)\mymdb\mymdb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mymdb\mymdb.exe |
"UDP Query User{7697132B-6112-450D-9602-CD4D63D29692}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe |
"UDP Query User{96940970-244D-4090-9B82-15DF2AC1CB0D}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{201E2DCC-84A2-9F20-AD87-32FD03A7C969}" = AMD Accelerated Video Transcoding
"{22B32087-797D-4A1B-AFA7-072C87580ADC}" = Help Desk
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{39648D75-C1D7-4590-8A83-0A160AF3FFA3}" = S Agent
"{403A4E7A-D239-04D8-6A3D-31DD203C018D}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8EC7C961-2CD2-49DC-8F39-75E9CD20BB19}" = Support Center
"{90150000-007E-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-008C-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-1000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{A9B6B59B-3C59-81E2-A517-68A0F32417B1}" = ccc-utility64
"{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}" = Classic Shell
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream
"{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}" = Quick Starter
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"ProPlusRetail - de-de" = Microsoft Office Professional Plus 2013 - de-de
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02F04AFA-243D-4E6A-9556-60F8D2539547}" = Support Center FAQ
"{05C46639-FA99-C2E8-0780-1C366346823F}" = CCC Help Russian
"{099DE9EF-2781-4A72-BD0F-53AAC78A93B2}" = OKI Network Setting
"{0F55DD09-15EC-4F5D-B517-94852884AEF5}" = OKI Configuration Tool
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1158C13B-D0B9-A541-867C-FB99C5EBD7FD}" = CCC Help Turkish
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery
"{148C8BF9-E1B4-445D-AC67-2CABAE63949A}" = Epson Event Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19EBFE26-52D1-2178-8971-50049FEAFC05}" = CCC Help Czech
"{1A2B5D7E-5F21-20C5-DA35-565905A87BC0}" = Catalyst Control Center Localization All
"{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack
"{26527F2C-36CF-651E-E746-FED423A57A22}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27B47E17-4A33-9AE3-57A1-46E84BA15BFE}" = AMD VISION Engine Control Center
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2CA86624-3491-4B2D-B64E-01D2D25AA732}" = OKI PDF Print Direct
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{3051AA98-6F3E-BCFB-A4C7-F91957C180E8}" = CCC Help Swedish
"{31E0BA52-F814-567B-2A5A-8B05470EE5AB}" = CCC Help Chinese Standard
"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common
"{3797DC2D-9BB2-3B7F-6D57-CAFA0ED55B93}" = CCC Help Norwegian
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{465914BD-324C-4442-A9F6-E9347AB38EB8}" = OKI LPR-Dienstprogramm
"{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{57EC0BAF-E65F-4758-A6AB-586535C870A2}" = Windows Live Essentials
"{5D729200-F340-4A74-A1E9-32387CDC63EF}" = OKI Color Correct Utility
"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{6354A676-1CFF-4D9E-5E5C-657C23DBE70E}" = CCC Help Chinese Traditional
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{66792BEC-2401-4DEC-AD4E-BEBFD9EF7F8D}" = SW Update
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{6B04D545-989C-C47B-26C0-95E3BBED3F67}" = CCC Help Korean
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732C3E29-1317-2308-B3A2-1580F2233A06}" = CCC Help Portuguese
"{741ECBB6-1A0B-42F1-A7BF-76222734A63A}" = Movie Maker
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live
"{7ADDFC82-A48F-1A4F-C88C-37FBF42D16CC}" = CCC Help Spanish
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{81B590E9-6B10-D8EA-CB78-4CC3C0B2912A}" = CCC Help Danish
"{86CAC8DE-288A-410D-A4A4-0190060E69AE}" = Raccolta foto
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}" = Settings
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator 3
"{8F93941C-2ECF-40C6-A0AC-D0BE40E7911E}" = OKI PS Gamma Adjuster
"{92D194E7-AEF9-4A9E-8620-8F3AE712E3F7}" = Snagit 10.0.2
"{9427081E-AC7E-49D4-964F-E2E27C7175BF}" = OKI Alert Info
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A344F95E-E51A-450C-8F84-C940BF61903E}" = OKI Color Swatch-Dienstprogramm
"{A6012018-BAC5-7025-0A6E-68089078E28C}" = CCC Help German
"{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B4A3C072-87AF-4937-880D-3D7997111C0D}" = Document Capture Pro
"{B6829511-95BB-46FC-9030-957D54B8EFE2}" = Windows Live UX Platform Language Pack
"{B78203BF-CF9C-4163-B6C3-B70A27A646EE}" = 8GadgetPack
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{C2AF5B41-26BA-4382-BCDB-FDD0676DEE48}" = Catalyst Control Center - Branding
"{C7588111-1A12-4EFE-8CA0-DA4344480D92}" = User Guide
"{C7BCF2EA-4AE1-4AF0-9EAB-2252015C4DF2}" = OKI Storage Manager
"{C8244493-32A4-4275-8145-D16FFE1D8E36}" = OKI User Setting
"{CA916C6B-E156-D1BE-C402-3E99DEEF64BB}" = CCC Help Italian
"{CE1836A8-3F2B-49BD-8395-93DD414068D2}" = AllSharePlayLink
"{CF4C4339-EDED-EF55-597C-93881BB9C6B9}" = CCC Help Greek
"{D1D8F3B0-C6AA-EFBB-3EF2-97FACEEA9AE4}" = CCC Help English
"{D4C35A8B-B4DD-17C6-C590-19402C893C06}" = CCC Help Polish
"{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
"{D4E9C626-14A8-4AEB-92F3-BE65EC4CFAEF}" = OKI Device Setting
"{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DB47F17E-07C2-BADD-3F2D-BCB6411E6467}" = CCC Help Japanese
"{DC2CB432-D3B9-4F81-8ACB-7775FD5202E5}" = Photo Common
"{DE7829EB-8B43-400C-B964-F27AFDCBD29B}" = NetzwerkDiagnose
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E0643038-117C-4DF4-140E-6C168586F2D3}" = Catalyst Control Center InstallProxy
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E9C6A81F-076B-FECC-627B-51F9AAD5C768}" = CCC Help French
"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials
"{EEC36C08-E98A-DBE7-7151-232751AD0788}" = CCC Help Finnish
"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3FA5546-02CD-D45D-C2E3-1C5B5D8E8497}" = CCC Help Thai
"{F581C83F-4CFD-76AF-29C9-0D48AF07BEE9}" = CCC Help Hungarian
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FB46F473-333E-4A06-A777-31C54188593E}" = ArcSoft MediaImpression 2
"{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
"AllemeinePassworte" = Alle meine Passworte 2.70
"Diablo III" = Diablo III
"Epson Perfection V370 Photo Useg" = Epson Benutzerhandbuch Epson Perfection V370 Photo
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.6.0.2
"Free YouTube Download_is1" = Free YouTube Download version 3.2.1.320
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyMDb_0" = MyMDb 3.6
"SopCast" = SopCast 3.8.2
"Speed Test Analysis" = Speed Test Analysis
"Synology Assistant" = Synology Assistant (remove only)
"WinLiveSuite" = Windows Live
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3374548980-1992312967-476797461-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BB108A893815B64BF41C4574C3324FB7371AA244" = Atheros Outlook Addin 2010
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.03.2013 19:28:24 | Computer Name = *** | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\COMPUTER_BILD_Download_Manager_fuer_cdburnerxp-pro.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 22.03.2013 19:28:26 | Computer Name = *** | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\COMPUTER_BILD_Download_Manager_fuer_cdburnerxp-pro.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 22.03.2013 19:28:29 | Computer Name = *** | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\COMPUTER_BILD_Download_Manager_fuer_cdburnerxp-pro.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 22.03.2013 19:31:52 | Computer Name = *** | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\COMPUTER_BILD_Download_Manager_fuer_cdburnerxp-pro.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 22.03.2013 19:51:20 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GuaranaAgent.exe, Version: 2.1.8.0,
Zeitstempel: 0x512dd2cc Name des fehlerhaften Moduls: GuaranaAgent.exe, Version:
2.1.8.0, Zeitstempel: 0x512dd2cc Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000021ebd1
ID
des fehlerhaften Prozesses: 0x11d4 Startzeit der fehlerhaften Anwendung: 0x01ce274fc498bcd0
Pfad
der fehlerhaften Anwendung: C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
Berichtskennung:
64629529-934b-11e2-be91-2089841b7b5a Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 22.03.2013 20:51:31 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GuaranaAgent.exe, Version: 2.1.8.0,
Zeitstempel: 0x512dd2cc Name des fehlerhaften Moduls: GuaranaAgent.exe, Version:
2.1.8.0, Zeitstempel: 0x512dd2cc Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000021ebd1
ID
des fehlerhaften Prozesses: 0x30 Startzeit der fehlerhaften Anwendung: 0x01ce27582bad29c5
Pfad
der fehlerhaften Anwendung: C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
Berichtskennung:
cd239ddf-9353-11e2-be91-2089841b7b5a Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 23.03.2013 04:34:00 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GuaranaAgent.exe, Version: 2.1.8.0,
Zeitstempel: 0x512dd2cc Name des fehlerhaften Moduls: GuaranaAgent.exe, Version:
2.1.8.0, Zeitstempel: 0x512dd2cc Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000021ebd1
ID
des fehlerhaften Prozesses: 0xaf0 Startzeit der fehlerhaften Anwendung: 0x01ce2798c442d514
Pfad
der fehlerhaften Anwendung: C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
Berichtskennung:
686c8563-9394-11e2-be91-2089841b7b5a Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 23.03.2013 04:53:46 | Computer Name = *** | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\COMPUTER_BILD_Download_Manager_fuer_cdburnerxp-pro.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 23.03.2013 05:34:07 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: GuaranaAgent.exe, Version: 2.1.8.0,
Zeitstempel: 0x512dd2cc Name des fehlerhaften Moduls: GuaranaAgent.exe, Version:
2.1.8.0, Zeitstempel: 0x512dd2cc Ausnahmecode: 0x40000015 Fehleroffset: 0x000000000021ebd1
ID
des fehlerhaften Prozesses: 0x1524 Startzeit der fehlerhaften Anwendung: 0x01ce27a12ed4fc96
Pfad
der fehlerhaften Anwendung: C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
Berichtskennung:
cee45ff3-939c-11e2-be91-2089841b7b5a Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 23.03.2013 15:01:21 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_InstallShield, Version:
16.0.0.400, Zeitstempel: 0x4ab84bb7 Name des fehlerhaften Moduls: ISSetup.dll, Version:
16.0.0.400, Zeitstempel: 0x4ab84b70 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000a7a6f
ID
des fehlerhaften Prozesses: 0xf4c Startzeit der fehlerhaften Anwendung: 0x01ce27f8ccf0364d
Pfad
der fehlerhaften Anwendung: c:\_okidata_temp\setup.exe Pfad des fehlerhaften Moduls:
c:\_okidata_temp\ISSetup.dll Berichtskennung: 0c44c368-93ec-11e2-be91-2089841b7b5a
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
[ System Events ]
Error - 24.03.2013 11:45:21 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet:
%%2147500037
Error - 24.03.2013 11:46:07 | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst SWUpdateService erreicht.
Error - 24.03.2013 11:55:42 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "PDF Architect Service" wurde mit folgendem Fehler beendet:
%%2147500037
Error - 24.03.2013 20:12:15 | Computer Name = *** | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?03.?2013 um 00:13:20 unerwartet heruntergefahren.
Error - 24.03.2013 20:11:20 | Computer Name = *** | Source = Microsoft-Windows-Kernel-Boot | ID = 29
Description =
Error - 26.03.2013 14:27:15 | Computer Name = *** | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 28.03.2013 13:01:52 | Computer Name = *** | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 29.03.2013 03:46:19 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
Error - 29.03.2013 03:46:19 | Computer Name = *** | Source = DCOM | ID = 10010
Description =
Error - 29.03.2013 10:29:56 | Computer Name = *** | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
< End of report >
|
|
02.04.2013, 15:00
| #8 |
| | PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht Und noch OTL - Teil1: Code:
ATTFilter OTL logfile created on: 02.04.2013 15:27:06 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16519) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,46 Gb Total Physical Memory | 5,70 Gb Available Physical Memory | 76,43% Memory free 8,59 Gb Paging File | 6,63 Gb Available in Paging File | 77,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 902,22 Gb Total Space | 802,50 Gb Free Space | 88,95% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Samsung Electronics CO., LTD.) PRC - C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Samsung Electronics CO., LTD.) PRC - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe () PRC - C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Samsung Electronics CO., LTD.) PRC - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe (TechSmith Corporation) PRC - C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe (TechSmith Corporation) PRC - C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe (TechSmith Corporation) PRC - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll () MOD - C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll () MOD - C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll () MOD - C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll () MOD - C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll () ========== Services (SafeList) ========== SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (ClassicShellService) -- C:\Program Files\Classic Shell\ClassicShellService.exe (IvoSoft) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (OpLclSrv) -- C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe (Oki Data Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SWUpdateService) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe (Samsung Electronics CO., LTD.) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Qualcomm Atheros Commnucations) SRV - (ZAtheros Bt and Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (Easy Launcher) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Samsung Electronics CO., LTD.) SRV - (AdobeActiveFileMonitor11.0) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (SynoDrService) -- C:\Program Files (x86)\Synology Data Replicator 3\SynoDrServicex64.exe () SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) ========== Driver Services (SafeList) ========== DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_HID) -- C:\Windows\SysNative\Drivers\btath_hid.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\Drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\Drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Corel Corporation) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (RadioHIDMini) -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\Drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink) DRV:64bit: - (APXACC) -- C:\Windows\SysNative\Drivers\appexDrv.sys (AppEx Networks Corporation) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\Drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\Drivers\RtsUVStor.sys (Realtek Semiconductor Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{2E2D0395-9309-4FFF-BD1C-9D5F2637E469}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE:64bit: - HKLM\..\SearchScopes\{71588120-FC17-4463-B07D-2C71FE6E057B}: "URL" = hxxp://go.findrsearch.com/search/web?q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{2E2D0395-9309-4FFF-BD1C-9D5F2637E469}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3374548980-1992312967-476797461-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com IE - HKU\S-1-5-21-3374548980-1992312967-476797461-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3374548980-1992312967-476797461-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3374548980-1992312967-476797461-1001\..\SearchScopes\{71588120-FC17-4463-B07D-2C71FE6E057B}: "URL" = hxxp://go.findrsearch.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-3374548980-1992312967-476797461-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: speedtestanalysis%40SpeedAnalysis.com:1.0.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.23 00:31:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.23 00:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.04.02 15:11:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4ml5e9vo.default\Extensions [2013.03.23 01:30:59 | 000,000,000 | ---D | M] (Speed Test Analysis) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4ml5e9vo.default\Extensions\speedtestanalysis@SpeedAnalysis.com [2013.03.23 13:26:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\4ml5e9vo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.23 17:38:21 | 000,000,564 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\4ml5e9vo.default\searchplugins\findr.xml [2013.03.23 00:31:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.07 16:30:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation) O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Speed Test Analysis) - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dll (SpeedAnalysis.com) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (ClassicIE9BHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) O3:64bit: - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3374548980-1992312967-476797461-1001\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [BtTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros) O4:64bit: - HKLM..\Run: [BtvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-3374548980-1992312967-476797461-1001..\Run: [Lync] C:\Program Files\Microsoft Office 15\root\office15\lync.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-3374548980-1992312967-476797461-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe (IvoSoft) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B458FFC-0728-4C35-B44B-88D56222CAED}: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{541E390E-C732-4FE2-A746-A5411DFE7F96}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.02 15:24:07 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.04.02 15:02:23 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013.04.02 15:02:14 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.02 14:59:08 | 000,550,909 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.04.02 14:30:13 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.04.02 14:21:10 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.04.02 14:08:27 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar-1.01.0.1022 [2013.04.02 11:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2013.04.01 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live [2013.03.30 18:13:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.03.28 18:32:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OkiData [2013.03.28 16:16:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics [2013.03.26 00:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.03.26 00:24:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.26 00:24:39 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2013.03.26 00:24:39 | 000,782,240 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll [2013.03.26 00:24:39 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013.03.26 00:24:29 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.03.26 00:24:29 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013.03.26 00:24:29 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.26 00:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.25 00:56:35 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\RocketLifeNetwork [2013.03.25 00:56:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Visan [2013.03.25 00:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan [2013.03.25 00:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect [2013.03.25 00:49:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PDF Architect [2013.03.24 18:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyMDb [2013.03.24 18:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyMDb [2013.03.24 13:25:35 | 000,000,000 | ---D | C] -- C:\sources [2013.03.24 10:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\irene.ch [2013.03.24 10:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\irene.ch [2013.03.23 21:00:02 | 000,591,032 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OkDrtPrn.exe [2013.03.23 21:00:02 | 000,004,096 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\okComDLL.dll [2013.03.23 21:00:02 | 000,004,096 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\fxComDLL.dll [2013.03.23 21:00:02 | 000,004,096 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\efComDLL.dll [2013.03.23 21:00:01 | 000,265,216 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OkDrtPrn.dll [2013.03.23 20:59:54 | 000,029,696 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\oklprmon.dll [2013.03.23 20:59:53 | 000,125,440 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\oklchapp.dll [2013.03.23 20:59:53 | 000,098,304 | ---- | C] (Oki Data Corporation) -- C:\windows\SysWow64\oklpinst.dll [2013.03.23 20:59:53 | 000,045,056 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\oklprrsc.dll [2013.03.23 20:58:36 | 000,120,320 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\opnetext.dll [2013.03.23 20:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Okidata [2013.03.23 20:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Okidata [2013.03.23 20:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Okidata [2013.03.23 20:57:22 | 000,158,208 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OPXMN075.DLL [2013.03.23 20:56:38 | 000,027,648 | ---- | C] (Oki Data Corporation) -- C:\windows\SysNative\OKLMON64.DLL [2013.03.23 20:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Synology [2013.03.23 20:54:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology Data Replicator 3 [2013.03.23 20:54:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology [2013.03.23 20:53:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synology [2013.03.23 20:48:49 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\0990 Software [2013.03.23 20:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect [2013.03.23 20:40:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ArcSoft [2013.03.23 18:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression 2 [2013.03.23 18:07:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\ArcSoft [2013.03.23 18:06:01 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\windows\SysWow64\drivers\afc.sys [2013.03.23 18:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft [2013.03.23 18:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft [2013.03.23 18:02:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ArcSoft [2013.03.23 18:01:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield [2013.03.23 18:00:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ABBYY [2013.03.23 18:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint [2013.03.23 17:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY FineReader 9.0 Sprint [2013.03.23 17:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY [2013.03.23 17:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY [2013.03.23 17:53:54 | 000,330,336 | ---- | C] (Mirko Böer) -- C:\windows\AmPUn.EXE [2013.03.23 17:53:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alle meine Passworte [2013.03.23 17:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmP [2013.03.23 17:52:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Epson [2013.03.23 17:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast [2013.03.23 17:52:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast [2013.03.23 17:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast [2013.03.23 17:51:52 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Snagit [2013.03.23 17:51:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software [2013.03.23 17:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software [2013.03.23 17:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit 10 [2013.03.23 17:50:51 | 000,281,088 | ---- | C] (Seiko Epson Corporation) -- C:\windows\SysNative\esxuindd.dll [2013.03.23 17:50:51 | 000,262,144 | ---- | C] (Seiko Epson Corporation) -- C:\windows\SysWow64\esintdd.dll [2013.03.23 17:50:51 | 000,132,560 | ---- | C] (Seiko Epson Corporation) -- C:\windows\SysNative\esdevapp.exe [2013.03.23 17:50:51 | 000,093,184 | ---- | C] (Seiko Epson Corporation.) -- C:\windows\SysNative\esxw2_dd.dll [2013.03.23 17:50:51 | 000,013,824 | ---- | C] (Seiko Epson Corporation) -- C:\windows\SysNative\esxcdev.dll [2013.03.23 17:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2013.03.23 17:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TechSmith [2013.03.23 17:50:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2013.03.23 17:50:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TechSmith [2013.03.23 17:50:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith [2013.03.23 17:43:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.03.23 17:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.23 17:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.23 17:43:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013.03.23 17:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.23 17:43:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013.03.23 17:43:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2013.03.23 17:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2013.03.23 17:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.03.23 17:39:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR [2013.03.23 17:39:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.23 17:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.23 17:39:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.03.23 17:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013.03.23 17:38:01 | 001,070,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCTL.OCX [2013.03.23 17:38:01 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCT2.OCX [2013.03.23 17:38:01 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSMAPI32.OCX [2013.03.23 17:38:01 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\windows\SysNative\pdfcmon.dll [2013.03.23 17:37:59 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCMCDE.DLL [2013.03.23 17:37:59 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\VB6DE.DLL [2013.03.23 17:37:59 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCC2DE.DLL [2013.03.23 17:37:59 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSMPIDE.DLL [2013.03.23 17:37:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2013.03.23 17:33:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.03.23 17:31:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla [2013.03.23 17:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2013.03.23 17:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2013.03.23 17:21:40 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Command and Conquer Generals Zero Hour Data [2013.03.23 17:20:45 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\*** [2013.03.23 17:20:32 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\*** [2013.03.23 17:20:21 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\*** [2013.03.23 17:20:11 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\*** [2013.03.23 17:19:33 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\*** [2013.03.23 17:18:56 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\*** [2013.03.23 17:14:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Diablo III [2013.03.23 17:12:22 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\*** [2013.03.23 15:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [2013.03.23 15:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III [2013.03.23 15:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2013.03.23 15:39:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2013.03.23 15:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2013.03.23 15:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games [2013.03.23 15:19:39 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\*** [2013.03.23 15:19:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Command & Conquer 3 Tiberium Wars Demo [2013.03.23 15:19:27 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Turbo Lister Backup [2013.03.23 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Command and Conquer Generals Data [2013.03.23 15:17:04 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Benutzerdefinierte Office-Vorlagen [2013.03.23 15:07:54 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Westwood [2013.03.23 15:07:19 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Command & Conquer Generäle Stunde Null Data [2013.03.23 14:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games [2013.03.23 14:46:43 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Games [2013.03.23 14:40:24 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll [2013.03.23 14:40:24 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll [2013.03.23 14:40:23 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll [2013.03.23 14:40:23 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll [2013.03.23 14:40:18 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll [2013.03.23 14:40:17 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll [2013.03.23 14:40:17 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll [2013.03.23 14:40:17 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll [2013.03.23 14:40:17 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll [2013.03.23 14:40:17 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll [2013.03.23 14:40:16 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll [2013.03.23 14:40:16 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll [2013.03.23 14:40:16 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll [2013.03.23 14:40:15 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll [2013.03.23 14:40:15 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll [2013.03.23 14:40:15 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll [2013.03.23 14:40:14 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll [2013.03.23 14:40:14 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll [2013.03.23 14:40:14 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll [2013.03.23 14:40:14 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll [2013.03.23 14:40:13 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll [2013.03.23 14:40:13 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll [2013.03.23 13:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2013.03.23 13:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2013.03.23 13:16:12 | 000,000,000 | ---D | C] -- C:\tmp [2013.03.23 02:34:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2013.03.23 02:29:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\assembly [2013.03.23 02:29:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps [2013.03.23 02:29:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Deployment [2013.03.23 02:29:07 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Outlook-Dateien [2013.03.23 02:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2013.03.23 01:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.03.23 01:56:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 [2013.03.23 01:55:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Clipboarder [2013.03.23 01:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15 [2013.03.23 01:41:28 | 001,085,344 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll [2013.03.23 01:41:28 | 000,963,488 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll [2013.03.23 01:41:28 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2013.03.23 01:41:21 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2013.03.23 01:41:21 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2013.03.23 01:41:21 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2013.03.23 01:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.23 01:36:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2013.03.23 01:30:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SpeedTestAnalysis [2013.03.23 01:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Speed Test Analysis [2013.03.23 01:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP [2013.03.23 01:26:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2013.03.23 01:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.23 01:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2013.03.23 01:22:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sidebar7 [2013.03.23 01:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8GadgetPack [2013.03.23 01:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Skip Metro Suite [2013.03.23 01:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell [2013.03.23 01:12:57 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell [2013.03.23 00:31:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2013.03.23 00:31:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2013.03.23 00:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.03.23 00:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.03.23 00:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.22 23:42:57 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Display.dll [2013.03.22 23:42:57 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Display.dll [2013.03.22 23:42:57 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevDispItemProvider.dll [2013.03.22 23:42:57 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevDispItemProvider.dll [2013.03.22 23:42:57 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDKURD.DLL [2013.03.22 23:42:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDKURD.DLL [2013.03.22 23:42:56 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSShared.dll [2013.03.22 23:42:56 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WSShared.dll [2013.03.22 23:42:55 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.dll [2013.03.22 23:42:55 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll [2013.03.22 23:42:55 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll [2013.03.22 23:42:55 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll [2013.03.22 23:42:53 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dskquota.dll [2013.03.22 23:42:53 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dskquota.dll [2013.03.22 23:42:43 | 000,396,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hal.dll [2013.03.22 23:42:26 | 003,554,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll [2013.03.22 23:42:24 | 002,116,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll [2013.03.22 23:42:20 | 002,206,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmcore.dll [2013.03.22 23:42:19 | 002,380,944 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe [2013.03.22 23:42:19 | 002,115,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe [2013.03.22 23:42:19 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Immersive.dll [2013.03.22 23:42:18 | 001,610,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll [2013.03.22 23:42:18 | 001,265,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll [2013.03.22 23:42:18 | 001,226,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Immersive.dll [2013.03.22 23:42:18 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\StructuredQuery.dll [2013.03.22 23:42:17 | 000,793,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfplat.dll [2013.03.22 23:42:16 | 001,841,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dwmcore.dll [2013.03.22 23:42:16 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SHCore.dll [2013.03.22 23:42:15 | 001,403,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi [2013.03.22 23:42:15 | 000,612,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfplat.dll [2013.03.22 23:42:15 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe [2013.03.22 23:42:14 | 000,561,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfmp4srcsnk.dll [2013.03.22 23:42:14 | 000,517,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe [2013.03.22 23:42:14 | 000,441,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys [2013.03.22 23:42:13 | 000,286,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys [2013.03.22 23:42:13 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Storage.Compression.dll [2013.03.22 23:42:12 | 001,045,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usercpl.dll [2013.03.22 23:42:12 | 000,503,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ci.dll [2013.03.22 23:42:12 | 000,336,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys [2013.03.22 23:42:11 | 002,764,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll [2013.03.22 23:42:10 | 000,962,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\usercpl.dll [2013.03.22 23:42:10 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfmp4srcsnk.dll [2013.03.22 23:42:10 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2013.03.22 23:42:10 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2013.03.22 23:42:10 | 000,058,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dam.sys [2013.03.22 23:42:09 | 001,267,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe [2013.03.22 23:42:09 | 001,217,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi [2013.03.22 23:42:09 | 001,093,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe [2013.03.22 23:42:09 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SpaceControl.dll [2013.03.22 23:42:09 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SHCore.dll [2013.03.22 23:42:09 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Storage.Compression.dll [2013.03.22 23:42:09 | 000,056,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdstor.sys [2013.03.22 23:42:09 | 000,033,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\battc.sys [2013.03.22 23:42:08 | 001,636,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMALFXGFXDSP.dll [2013.03.22 23:42:08 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\input.dll [2013.03.22 23:42:08 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\input.dll [2013.03.22 23:42:08 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2013.03.22 23:42:07 | 000,745,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll [2013.03.22 23:42:07 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll [2013.03.22 23:42:07 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PCPKsp.dll [2013.03.22 23:42:07 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\microsoft-windows-pdc.dll [2013.03.22 23:42:06 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll [2013.03.22 23:42:05 | 000,757,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FirewallAPI.dll [2013.03.22 23:42:05 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll [2013.03.22 23:42:05 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll [2013.03.22 23:42:05 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppxSip.dll [2013.03.22 23:42:05 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AppxSip.dll [2013.03.22 23:42:04 | 001,836,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll [2013.03.22 23:42:04 | 000,370,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SysFxUI.dll [2013.03.22 23:42:04 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssphtb.dll [2013.03.22 23:42:04 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchFilterHost.exe [2013.03.22 23:42:04 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icfupgd.dll [2013.03.22 23:42:04 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssitlb.dll [2013.03.22 23:42:04 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssitlb.dll [2013.03.22 23:42:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msscntrs.dll [2013.03.22 23:42:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PCPKsp.dll [2013.03.22 23:42:04 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\BdeUISrv.exe [2013.03.22 23:42:03 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys [2013.03.22 23:42:03 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssprxy.dll [2013.03.22 23:42:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msscntrs.dll [2013.03.22 23:42:03 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wfapigp.dll [2013.03.22 23:42:03 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wfapigp.dll [2013.03.22 23:42:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msshooks.dll [2013.03.22 23:42:03 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msshooks.dll [2013.03.22 23:42:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kbdhebl3.dll [2013.03.22 23:42:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\kbdhebl3.dll [2013.03.22 23:41:54 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentServer.dll [2013.03.22 23:41:53 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentExtensions.dll [2013.03.22 23:41:53 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SystemEventsBrokerServer.dll [2013.03.22 23:41:53 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TimeBrokerServer.dll [2013.03.22 23:41:44 | 001,096,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmpmde.dll [2013.03.22 23:41:43 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll [2013.03.22 23:41:43 | 001,145,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winmde.dll [2013.03.22 23:41:42 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storagewmi.dll [2013.03.22 23:41:42 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Taskmgr.exe [2013.03.22 23:41:42 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Taskmgr.exe [2013.03.22 23:41:42 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WebcamUi.dll [2013.03.22 23:41:42 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\winmde.dll [2013.03.22 23:41:42 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WebcamUi.dll [2013.03.22 23:41:42 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UserLanguagesCpl.dll [2013.03.22 23:41:42 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usbmon.dll [2013.03.22 23:41:41 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\storagewmi.dll [2013.03.22 23:41:41 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe [2013.03.22 23:41:41 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe [2013.03.22 23:41:41 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UserLanguagesCpl.dll [2013.03.22 23:41:41 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpnapps.dll [2013.03.22 23:41:41 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wpnapps.dll [2013.03.22 23:41:41 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe [2013.03.22 23:41:41 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll [2013.03.22 23:41:41 | 000,027,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rdpvideominiport.sys [2013.03.22 23:41:40 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll [2013.03.22 23:41:40 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll [2013.03.22 23:41:40 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL [2013.03.22 23:41:40 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL [2013.03.22 23:41:40 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll [2013.03.22 23:41:40 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsutil.dll [2013.03.22 23:41:40 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storewuauth.dll [2013.03.22 23:41:40 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vds_ps.dll [2013.03.22 23:41:40 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\vds_ps.dll [2013.03.22 23:41:40 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rfxvmt.dll [2013.03.22 23:41:40 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vdsldr.exe [2013.03.22 23:41:34 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sppwinob.dll [2013.03.22 23:41:15 | 011,459,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\glcndFilter.dll [2013.03.22 23:41:13 | 008,552,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\glcndFilter.dll [2013.03.22 23:41:11 | 001,526,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfcore.dll [2013.03.22 23:41:11 | 001,451,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfcore.dll [2013.03.22 23:41:11 | 000,976,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2013.03.22 23:41:10 | 001,566,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ole32.dll [2013.03.22 23:41:10 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll [2013.03.22 23:41:09 | 000,490,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEng.dll [2013.03.22 23:41:09 | 000,447,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioSes.dll [2013.03.22 23:41:08 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\windows\HelpPane.exe [2013.03.22 23:41:08 | 000,767,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll [2013.03.22 23:41:08 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drvstore.dll [2013.03.22 23:41:08 | 000,253,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\audiodg.exe [2013.03.22 23:41:07 | 000,549,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\drvstore.dll [2013.03.22 23:41:04 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll [2013.03.22 23:41:04 | 000,522,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AUDIOKSE.dll [2013.03.22 23:41:04 | 000,501,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DevicePairing.dll [2013.03.22 23:41:04 | 000,463,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AUDIOKSE.dll [2013.03.22 23:41:04 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dafWCN.dll [2013.03.22 23:41:03 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanmsm.dll [2013.03.22 23:41:03 | 000,449,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DevicePairing.dll [2013.03.22 23:41:03 | 000,386,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanmsm.dll [2013.03.22 23:41:03 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bthprops.cpl [2013.03.22 23:41:03 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\bthprops.cpl [2013.03.22 23:41:03 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFCaptureEngine.dll [2013.03.22 23:41:02 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll [2013.03.22 23:41:02 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpclip.exe [2013.03.22 23:41:02 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfreadwrite.dll [2013.03.22 23:41:02 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUSettingsProvider.dll [2013.03.22 23:41:02 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll [2013.03.22 23:41:02 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFCaptureEngine.dll [2013.03.22 23:41:02 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll [2013.03.22 23:41:01 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ubpm.dll [2013.03.22 23:41:01 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ubpm.dll [2013.03.22 23:41:01 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfreadwrite.dll [2013.03.22 23:41:01 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe [2013.03.22 23:41:01 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe [2013.03.22 23:41:00 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanapi.dll [2013.03.22 23:41:00 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AudioEndpointBuilder.dll [2013.03.22 23:41:00 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll [2013.03.22 23:41:00 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll [2013.03.22 23:41:00 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe [2013.03.22 23:41:00 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhostex.exe [2013.03.22 23:40:59 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlansec.dll [2013.03.22 23:40:59 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlansec.dll [2013.03.22 23:40:59 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanapi.dll [2013.03.22 23:40:59 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnApi.dll [2013.03.22 23:40:59 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WcnApi.dll [2013.03.22 23:40:58 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\EncDump.dll [2013.03.22 23:40:58 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fdWCN.dll [2013.03.22 23:40:58 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wfdprov.dll [2013.03.22 23:40:58 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnEapPeerProxy.dll [2013.03.22 23:40:58 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WcnEapAuthProxy.dll [2013.03.22 23:40:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wfdprov.dll [2013.03.22 23:40:57 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll [2013.03.22 23:40:57 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll [2013.03.22 23:40:57 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuaext.dll [2013.03.22 23:40:56 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fxppm.sys [2013.03.22 23:40:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlanhlp.dll [2013.03.22 23:40:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlanhlp.dll [2013.03.22 23:40:55 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iscsilog.dll [2013.03.22 23:40:54 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wushareduxresources.dll [2013.03.22 23:38:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.03.22 23:23:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UEFI WinFlash [2013.03.20 23:26:07 | 000,692,568 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.03.20 23:26:07 | 000,078,168 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.20 23:18:30 | 000,000,000 | R--D | C] -- C:\windows\BrowserChoice [2013.03.20 23:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2013.03.20 22:44:08 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\poqexec.exe [2013.03.20 22:44:08 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tssdisai.dll [2013.03.20 22:44:08 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appserverai.dll [2013.03.20 22:44:08 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\poqexec.exe [2013.03.20 22:44:08 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RDWebAI.dll [2013.03.20 22:44:08 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\VmHostAI.dll [2013.03.20 22:44:07 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll [2013.03.20 22:44:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncryptsslp.dll [2013.03.20 22:44:07 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll [2013.03.20 22:44:07 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncryptsslp.dll [2013.03.20 22:43:59 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll [2013.03.20 22:43:59 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\actxprxy.dll [2013.03.20 22:43:58 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll [2013.03.20 22:43:56 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll [2013.03.20 22:43:55 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll [2013.03.20 22:43:55 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pdc.sys [2013.03.20 22:43:23 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2013.03.20 22:42:33 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcr100_clr0400.dll [2013.03.20 22:42:21 | 000,017,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr100_clr0400.dll [2013.03.20 22:40:57 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mmc.exe [2013.03.20 22:40:57 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlidsvc.dll [2013.03.20 22:40:56 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mmc.exe [2013.03.20 22:40:56 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msctf.dll [2013.03.20 22:40:55 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.dll [2013.03.20 22:40:54 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\setupapi.dll [2013.03.20 22:40:54 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsm.dll [2013.03.20 22:40:54 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.dll [2013.03.20 22:40:54 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Media.dll [2013.03.20 22:40:54 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys [2013.03.20 22:40:53 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\samsrv.dll [2013.03.20 22:40:53 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MP4SDECD.DLL [2013.03.20 22:40:53 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys [2013.03.20 22:40:53 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.dll [2013.03.20 22:40:53 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WSDMon.dll [2013.03.20 22:40:53 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetpp.dll [2013.03.20 22:40:53 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpsd.sys [2013.03.20 22:40:53 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wiaacmgr.exe [2013.03.20 22:40:53 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\msgpiowin32.sys [2013.03.20 22:40:52 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MP4SDECD.DLL [2013.03.20 22:40:52 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fsquirt.exe [2013.03.20 22:40:52 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncbservice.dll [2013.03.20 22:40:52 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\httpprxm.dll [2013.03.20 22:40:52 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wiaacmgr.exe [2013.03.20 22:40:52 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adhsvc.dll [2013.03.20 22:40:51 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adhapi.dll [2013.03.20 22:40:51 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\httpprxp.dll [2013.03.20 22:40:51 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\keepaliveprovider.dll [2013.03.20 22:40:47 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\reseteng.dll [2013.03.20 22:40:47 | 000,945,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\resetengmig.dll [2013.03.20 22:40:47 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ReAgent.dll [2013.03.20 22:40:47 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ReAgent.dll [2013.03.20 22:40:47 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sysreset.exe [2013.03.20 22:40:04 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013.03.20 22:40:03 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\uxtheme.dll [2013.03.20 22:40:03 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013.03.20 22:40:03 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013.03.20 22:40:02 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013.03.20 22:40:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2013.03.20 22:40:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2013.03.20 22:40:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2013.03.20 22:40:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2013.03.20 22:40:02 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UXInit.dll [2013.03.20 22:40:02 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2013.03.20 22:40:02 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UXInit.dll [2013.03.20 22:40:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2013.03.20 22:40:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2013.03.20 22:39:44 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.dll [2013.03.20 22:39:41 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll [2013.03.20 22:39:40 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll [2013.03.20 22:39:39 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll [2013.03.20 22:39:39 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\duser.dll [2013.03.20 22:39:39 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlroamextension.dll [2013.03.20 22:39:39 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2013.03.20 22:39:38 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2013.03.20 22:39:38 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WWanAPI.dll [2013.03.20 22:39:38 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netprofmsvc.dll [2013.03.20 22:39:38 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSync.dll [2013.03.20 22:39:38 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBHUB3.SYS [2013.03.20 22:39:38 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wlroamextension.dll [2013.03.20 22:39:38 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WWanAPI.dll [2013.03.20 22:39:38 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSync.dll [2013.03.20 22:39:38 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys [2013.03.20 22:39:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Networking.Connectivity.dll [2013.03.20 22:39:38 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hotspotauth.dll [2013.03.20 22:39:38 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsRasterService.dll [2013.03.20 22:39:38 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mbsmsapi.dll [2013.03.20 22:39:38 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Networking.Connectivity.dll [2013.03.20 22:39:38 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mbsmsapi.dll [2013.03.20 22:39:38 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsRasterService.dll [2013.03.20 22:39:38 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskkill.exe [2013.03.20 22:39:38 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tasklist.exe [2013.03.20 22:39:38 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys [2013.03.20 22:39:38 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthAvrcpTg.sys [2013.03.20 22:39:37 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpd_ci.dll [2013.03.20 22:39:37 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tasklist.exe [2013.03.20 22:39:37 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\taskkill.exe [2013.03.20 22:39:37 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys [2013.03.20 22:39:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidi2c.sys [2013.03.20 22:39:37 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BthhfHid.sys [2013.03.20 22:39:37 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BtaMPM.sys [2013.03.20 22:39:37 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmproxy.dll [2013.03.20 22:39:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nlmsprep.dll [2013.03.20 22:39:11 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GdiPlus.dll [2013.03.20 22:39:11 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\GdiPlus.dll [2013.03.20 22:39:04 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdFilter.sys [2013.03.20 22:39:03 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdBoot.sys [2013.03.20 22:38:58 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MFMediaEngine.dll [2013.03.20 22:38:58 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MFMediaEngine.dll [2013.03.20 22:34:10 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pcadm.dll [2013.03.20 22:34:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pcalua.exe [2013.03.20 22:34:10 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pcaevts.dll [2013.03.20 22:34:08 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll [2013.03.20 22:34:08 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll [2013.03.20 22:34:08 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnathlp.dll [2013.03.20 22:34:08 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnathlp.dll [2013.03.20 22:34:08 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnsvr.exe [2013.03.20 22:34:08 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnsvr.exe [2013.03.20 22:34:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnhupnp.dll [2013.03.20 22:34:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnhpast.dll [2013.03.20 22:34:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnhupnp.dll [2013.03.20 22:34:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnhpast.dll [2013.03.20 22:34:08 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnlobby.dll [2013.03.20 22:34:08 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnaddr.dll [2013.03.20 22:34:08 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnlobby.dll [2013.03.20 22:34:08 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnaddr.dll [2013.03.20 22:34:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml6r.dll [2013.03.20 22:34:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml6r.dll [2013.03.20 22:34:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll [2013.03.20 22:34:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll [2013.03.20 22:32:32 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys [2013.03.20 22:32:04 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe [2013.03.20 22:30:57 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2013.03.20 22:30:57 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2013.03.20 22:30:57 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fontsub.dll [2013.03.20 22:30:57 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\fontsub.dll [2013.03.20 22:30:57 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2013.03.20 22:30:57 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2013.03.20 22:30:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dciman32.dll [2013.03.20 22:30:57 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lpk.dll [2013.03.20 22:29:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\bitcasa [2013.03.20 22:17:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2013.03.20 22:11:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ATI [2013.03.20 22:11:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ATI [2013.03.20 22:11:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\BMExplorer [2013.03.20 22:11:03 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Bluetooth Folder [2013.03.20 22:10:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Power2Go8 [2013.03.20 22:10:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Atheros [2013.03.20 22:10:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe [2013.03.20 22:09:55 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.20 22:09:55 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.20 22:09:54 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2013.03.20 22:09:54 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2013.03.20 22:09:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2013.03.20 22:09:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Samsung [2013.03.20 22:08:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CrashDumps [2013.03.20 22:08:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Synaptics [2013.03.20 22:07:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2013.03.20 22:06:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Packages [2013.03.20 22:06:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2013.03.20 22:06:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2013.03.20 22:06:26 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2013.03.20 22:06:26 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2013.03.20 22:06:26 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2013.03.20 22:06:26 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2013.03.20 22:06:26 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2013.03.20 22:06:26 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2013.03.20 22:06:26 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2013.03.20 22:06:26 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2013.03.20 22:06:26 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2013.03.20 22:06:26 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2013.03.20 22:06:26 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2013.03.20 22:06:26 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.20 22:06:26 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2013.03.20 22:06:26 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2013.03.20 22:06:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2013.03.20 22:06:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2013.03.20 22:06:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ] |
|
02.04.2013, 15:01
| #9 |
| | PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht OTL - Teil 2: Code:
ATTFilter ========== Files - Modified Within 30 Days ========== [2013.04.02 15:27:55 | 001,745,416 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013.04.02 15:27:55 | 000,753,134 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013.04.02 15:27:55 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013.04.02 15:27:55 | 000,155,826 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013.04.02 15:27:55 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013.04.02 15:23:22 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013.04.02 15:20:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.02 15:20:55 | 2116,460,543 | -HS- | M] () -- C:\hiberfil.sys [2013.04.02 15:14:50 | 000,609,993 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.02 15:04:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.04.02 14:59:17 | 000,550,909 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.04.02 14:30:19 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.04.02 14:24:50 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2013.04.02 14:22:40 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.04.02 14:07:29 | 012,894,739 | ---- | M] () -- C:\Users\***\Desktop\mbar-1.01.0.1022.zip [2013.04.02 13:07:39 | 000,035,706 | ---- | M] () -- C:\Users\Public\Documents\P1050479a.pdf [2013.04.02 13:07:14 | 000,033,173 | ---- | M] () -- C:\Users\Public\Documents\P1050489a.pdf [2013.04.02 13:06:40 | 000,033,684 | ---- | M] () -- C:\Users\Public\Documents\P1050488a.pdf [2013.03.31 15:26:43 | 000,025,014 | ---- | M] () -- C:\Users\***\Desktop\OTL.zip [2013.03.31 15:26:34 | 000,015,845 | ---- | M] () -- C:\Users\***\Desktop\Extras.zip [2013.03.30 18:23:49 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.03.30 18:13:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.03.28 23:51:00 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\Support Center.lnk [2013.03.26 00:24:22 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.26 00:24:17 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013.03.26 00:24:17 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013.03.26 00:24:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013.03.26 00:24:15 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2013.03.26 00:24:15 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll [2013.03.25 00:58:04 | 000,001,138 | ---- | M] () -- C:\Users\***\Desktop\SpeedAnalysis.lnk [2013.03.24 20:50:14 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2013.03.24 18:09:08 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\MyMDb.lnk [2013.03.24 13:41:53 | 003,432,888 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.03.24 11:05:46 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf [2013.03.24 10:33:46 | 000,002,657 | ---- | M] () -- C:\Users\Public\Desktop\Netzwerk Diagnose.lnk [2013.03.23 21:02:56 | 000,000,000 | ---- | M] () -- C:\windows\NICSettingTool.INI [2013.03.23 20:54:30 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\Synology Data Replicator 3.lnk [2013.03.23 20:54:02 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Synology Assistant.lnk [2013.03.23 17:53:54 | 000,001,468 | R--- | M] () -- C:\windows\AllemeinePassworte_Uninstall.in [2013.03.23 17:53:54 | 000,000,891 | ---- | M] () -- C:\Users\***\Desktop\Alle meine Passworte.lnk [2013.03.23 17:52:05 | 000,001,001 | ---- | M] () -- C:\Users\***\Desktop\SopCast.lnk [2013.03.23 17:50:55 | 000,002,128 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2013.03.23 17:50:55 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\Snagit 10.lnk [2013.03.23 17:50:51 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2013.03.23 17:43:42 | 000,001,137 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.23 17:31:29 | 000,002,022 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2013.03.23 16:17:54 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2013.03.23 15:21:44 | 000,001,252 | ---- | M] () -- C:\Users\Public\Desktop\Command & Conquer Die ersten 10 Jahre.lnk [2013.03.23 14:20:12 | 000,001,389 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of Might & Magic V - Hammers of Fate.lnk [2013.03.23 14:03:45 | 000,001,373 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of Might and Magic V.lnk [2013.03.23 13:50:47 | 000,000,001 | ---- | M] () -- C:\windows\SysWow64\SI.bin [2013.03.23 02:27:51 | 000,002,505 | ---- | M] () -- C:\Users\***\Desktop\Word 2013.lnk [2013.03.23 02:27:37 | 000,002,501 | ---- | M] () -- C:\Users\***\Desktop\Excel 2013.lnk [2013.03.23 02:27:23 | 000,002,391 | ---- | M] () -- C:\Users\***\Desktop\Outlook 2013.lnk [2013.03.23 01:41:15 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll [2013.03.23 01:41:13 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe [2013.03.23 01:41:13 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe [2013.03.23 01:41:13 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe [2013.03.23 01:41:12 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\npDeployJava1.dll [2013.03.23 01:41:12 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\deployJava1.dll [2013.03.23 01:29:47 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.03.23 01:26:18 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.23 00:31:41 | 000,001,163 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.21 22:55:01 | 000,015,980 | ---- | M] () -- C:\Users\***\Documents\ebay51729.jpg [2013.03.21 22:52:54 | 000,054,918 | ---- | M] () -- C:\Users\***\Documents\782_001.jpg [2013.03.21 22:52:46 | 000,095,777 | ---- | M] () -- C:\Users\***\Documents\787_001.jpg [2013.03.21 22:52:38 | 000,072,155 | ---- | M] () -- C:\Users\***\Documents\130_001.jpg [2013.03.20 23:49:15 | 000,036,507 | ---- | M] () -- C:\Users\***\Documents\20-03-2013 22-49-09.jpg [2013.03.20 23:28:16 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_na_355V4C_P04ABF.mrk [2013.03.20 22:31:54 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Help Desk.lnk [2013.03.20 22:30:21 | 000,000,709 | ---- | M] () -- C:\Users\Public\Desktop\Recovery.lnk [2013.03.20 22:26:34 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\Quick Starter.lnk [2013.03.20 22:26:24 | 000,002,655 | ---- | M] () -- C:\Users\Public\Desktop\AllShare Play.lnk [2013.03.17 21:06:32 | 000,247,632 | ---- | M] () -- C:\Users\***\Documents\42.jpg [2013.03.17 21:06:28 | 000,196,568 | ---- | M] () -- C:\Users\***\Documents\43.jpg [2013.03.17 21:06:21 | 000,244,648 | ---- | M] () -- C:\Users\***\Documents\41.jpg [2013.03.17 11:25:21 | 000,053,246 | ---- | M] () -- C:\Users\***\Documents\***.JPG [2013.03.17 11:14:12 | 000,035,157 | ---- | M] () -- C:\Users\***\Documents\***.JPG [2013.03.17 11:12:50 | 000,038,557 | ---- | M] () -- C:\Users\***\Documents\***.JPG [2013.03.17 11:12:42 | 000,037,799 | ---- | M] () -- C:\Users\***\Documents\***.JPG [2013.03.17 11:12:25 | 000,041,781 | ---- | M] () -- C:\Users\***\Documents\***.JPG [2013.03.13 18:28:22 | 000,037,318 | ---- | M] () -- C:\Users\***\Documents\2130190065812_1.jpg [2013.03.13 18:28:15 | 000,045,718 | ---- | M] () -- C:\Users\***\Documents\2130190065812_0.jpg [2013.03.10 14:40:28 | 000,225,879 | ---- | M] () -- C:\Users\***\Documents\img029.jpg [2013.03.10 10:29:24 | 000,104,622 | ---- | M] () -- C:\Users\***\Documents\86079.jpg [2013.03.10 10:29:13 | 000,043,843 | ---- | M] () -- C:\Users\***\Documents\c3823.JPG [2013.03.09 21:50:47 | 001,616,400 | ---- | M] () -- C:\Users\***\Documents\img028.jpg [2013.03.09 21:44:50 | 000,345,386 | ---- | M] () -- C:\Users\***\Documents\img027.jpg [2013.03.09 16:44:27 | 003,057,560 | ---- | M] () -- C:\Users\***\Documents\***.pdf [2013.03.09 15:50:25 | 008,206,660 | ---- | M] () -- C:\Users\***\Documents\img026.jpg [2013.03.09 15:37:51 | 000,013,618 | ---- | M] () -- C:\Users\***\Documents\***.pdf [2013.03.08 13:18:11 | 000,013,367 | ---- | M] () -- C:\Users\***\Documents\***.pdf [2013.03.06 01:07:25 | 000,692,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013.03.06 01:07:25 | 000,078,168 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.05 08:30:52 | 000,044,894 | ---- | M] () -- C:\Users\***\Documents\***.pdf [2013.03.04 19:36:40 | 000,016,850 | ---- | M] () -- C:\Users\***\Documents\***.pdf [2013.03.04 12:07:00 | 000,051,463 | ---- | M] () -- C:\Users\***\Documents\***.pdf [2013.03.04 11:52:23 | 000,044,858 | ---- | M] () -- C:\Users\***\Documents\***.pdf [2013.03.04 11:34:15 | 000,176,021 | ---- | M] () -- C:\Users\***\Documents\P1050480.JPG [2013.03.04 11:34:14 | 000,161,962 | ---- | M] () -- C:\Users\***\Documents\P1050487.JPG [2013.03.04 11:34:14 | 000,149,543 | ---- | M] () -- C:\Users\***\Documents\P1050489.JPG [2013.03.04 00:22:24 | 001,581,545 | ---- | M] () -- C:\Users\***\Documents\img011.jpg [2013.03.04 00:20:33 | 001,574,130 | ---- | M] () -- C:\Users\***\Documents\img010.jpg [2013.03.04 00:12:22 | 001,559,955 | ---- | M] () -- C:\Users\***\Documents\img009.jpg [2013.03.04 00:11:04 | 001,604,152 | ---- | M] () -- C:\Users\***\Documents\img008.jpg [2013.03.03 16:19:52 | 000,026,604 | ---- | M] () -- C:\Users\***\Documents\***.AmP [2013.03.03 16:14:14 | 000,411,102 | ---- | M] () -- C:\Users\***\Documents\img007.jpg [2013.03.03 16:04:20 | 000,031,882 | ---- | M] () -- C:\Users\***\Documents\***.pdf [1 C:\windows\SysNative\drivers\*.tmp files -> C:\windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.02 15:14:37 | 000,609,993 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.02 14:24:50 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2013.04.02 14:07:05 | 012,894,739 | ---- | C] () -- C:\Users\***\Desktop\mbar-1.01.0.1022.zip [2013.04.02 13:07:39 | 000,035,706 | ---- | C] () -- C:\Users\Public\Documents\P1050479a.pdf [2013.04.02 13:07:14 | 000,033,173 | ---- | C] () -- C:\Users\Public\Documents\P1050489a.pdf [2013.04.02 13:06:40 | 000,033,684 | ---- | C] () -- C:\Users\Public\Documents\P1050488a.pdf [2013.03.31 15:26:43 | 000,025,014 | ---- | C] () -- C:\Users\***\Desktop\OTL.zip [2013.03.31 15:26:34 | 000,015,845 | ---- | C] () -- C:\Users\***\Desktop\Extras.zip [2013.03.30 18:23:49 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.03.28 23:51:00 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\Support Center.lnk [2013.03.28 16:48:40 | 000,501,760 | ---- | C] () -- C:\windows\SysNative\ZSHP1020.EXE [2013.03.28 16:48:40 | 000,192,512 | ---- | C] () -- C:\windows\SysNative\ZLhp1020.DLL [2013.03.25 00:58:04 | 000,001,138 | ---- | C] () -- C:\Users\***\Desktop\SpeedAnalysis.lnk [2013.03.24 20:50:14 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf [2013.03.24 18:09:08 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\MyMDb.lnk [2013.03.24 11:05:46 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf [2013.03.24 10:33:46 | 000,002,657 | ---- | C] () -- C:\Users\Public\Desktop\Netzwerk Diagnose.lnk [2013.03.23 21:02:56 | 000,000,000 | ---- | C] () -- C:\windows\NICSettingTool.INI [2013.03.23 21:00:01 | 000,049,805 | ---- | C] () -- C:\windows\SysNative\OKDRTPRN.chm [2013.03.23 21:00:01 | 000,027,136 | ---- | C] () -- C:\windows\SysNative\OkDPnRes.dll [2013.03.23 20:58:36 | 000,003,838 | ---- | C] () -- C:\windows\SysNative\opnedef.str [2013.03.23 20:58:36 | 000,000,044 | ---- | C] () -- C:\windows\SysNative\opnetext.ver [2013.03.23 20:58:36 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\opnetext.gid [2013.03.23 20:58:36 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\OPNETEXT.GID [2013.03.23 20:54:30 | 000,000,982 | ---- | C] () -- C:\Users\Public\Desktop\Synology Data Replicator 3.lnk [2013.03.23 20:54:02 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Synology Assistant.lnk [2013.03.23 17:53:54 | 000,001,468 | R--- | C] () -- C:\windows\AllemeinePassworte_Uninstall.in [2013.03.23 17:53:54 | 000,000,921 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alle meine Passworte.lnk [2013.03.23 17:53:54 | 000,000,891 | ---- | C] () -- C:\Users\***\Desktop\Alle meine Passworte.lnk [2013.03.23 17:52:05 | 000,001,001 | ---- | C] () -- C:\Users\***\Desktop\SopCast.lnk [2013.03.23 17:50:55 | 000,002,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2013.03.23 17:50:55 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\Snagit 10.lnk [2013.03.23 17:50:51 | 000,065,793 | ---- | C] () -- C:\windows\SysNative\esfwdd.bin [2013.03.23 17:50:51 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2013.03.23 17:43:42 | 000,001,137 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.23 17:31:29 | 000,002,022 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk [2013.03.23 17:25:54 | 000,476,485 | ---- | C] () -- C:\Users\***\Documents\Netz_116_01.jpeg [2013.03.23 17:25:54 | 000,054,918 | ---- | C] () -- C:\Users\***\Documents\782_001.jpg [2013.03.23 17:25:54 | 000,041,781 | ---- | C] () -- C:\Users\***\Documents\***.JPG [2013.03.23 17:25:54 | 000,026,697 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:54 | 000,013,618 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:53 | 000,501,811 | ---- | C] () -- C:\Users\***\Documents\***.JPG [2013.03.23 17:25:53 | 000,487,970 | ---- | C] () -- C:\Users\***\Documents\e2gyqqko.jpg [2013.03.23 17:25:53 | 000,130,309 | ---- | C] () -- C:\Users\***\Documents\20130220_kl_64.jpg [2013.03.23 17:25:53 | 000,128,871 | ---- | C] () -- C:\Users\***\Documents\21ebe48821f617932c6b19f6eb9ec9395.jpg [2013.03.23 17:25:53 | 000,073,289 | ---- | C] () -- C:\Users\***\Documents\***.JPG [2013.03.23 17:25:53 | 000,073,164 | ---- | C] () -- C:\Users\***\Documents\Z26224.jpg [2013.03.23 17:25:53 | 000,059,718 | ---- | C] () -- C:\Users\***\Documents\50.jpg [2013.03.23 17:25:53 | 000,028,105 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:53 | 000,025,409 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:53 | 000,020,985 | ---- | C] () -- C:\Users\***\Documents\***.JPG [2013.03.23 17:25:53 | 000,013,367 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:52 | 000,687,890 | ---- | C] () -- C:\Users\***\Documents\***.JPG [2013.03.23 17:25:52 | 000,269,425 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:52 | 000,196,568 | ---- | C] () -- C:\Users\***\Documents\43.jpg [2013.03.23 17:25:52 | 000,132,772 | ---- | C] () -- C:\Users\***\Documents\27ecfd45bf9cf9fb3bc4161ea598fdc2b.jpg [2013.03.23 17:25:52 | 000,130,749 | ---- | C] () -- C:\Users\***\Documents\3cf1bb4c4e4ee65c0b1424f4a9fe30010.jpg [2013.03.23 17:25:52 | 000,110,537 | ---- | C] () -- C:\Users\***\Documents\5bfdacec4505299e1a9cb8b336401bade.jpg [2013.03.23 17:25:52 | 000,109,902 | ---- | C] () -- C:\Users\***\Documents\612_001.jpg [2013.03.23 17:25:52 | 000,108,393 | ---- | C] () -- C:\Users\***\Documents\729_001.jpg [2013.03.23 17:25:52 | 000,060,989 | ---- | C] () -- C:\Users\***\Documents\$(KGrHqRHJDoE-PBe-SSLBPt6McMKEw~~60_12.JPG [2013.03.23 17:25:52 | 000,058,878 | ---- | C] () -- C:\Users\***\Documents\251_001.jpg [2013.03.23 17:25:52 | 000,045,718 | ---- | C] () -- C:\Users\***\Documents\2130190065812_0.jpg [2013.03.23 17:25:52 | 000,038,557 | ---- | C] () -- C:\Users\***\Documents\$T2eC16R,!)cE9s4PtHh3BRQ3DlTPD!~~60_12.JPG [2013.03.23 17:25:52 | 000,037,846 | ---- | C] () -- C:\Users\***\Documents\$T2eC16Z,!)!E9s2fDPDuBQ-rum6E1w~~60_58.JPG [2013.03.23 17:25:52 | 000,037,282 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:52 | 000,031,882 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:52 | 000,028,105 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:52 | 000,016,204 | ---- | C] () -- C:\Users\***\Documents\$(KGrHqFHJEwFD4QLJhBWBRB(Nthur!~~60_1.JPG [2013.03.23 17:25:51 | 001,561,370 | ---- | C] () -- C:\Users\***\Documents\Epson-Perfection-V37-Produktbroschüre.pdf [2013.03.23 17:25:51 | 000,247,632 | ---- | C] () -- C:\Users\***\Documents\42.jpg [2013.03.23 17:25:51 | 000,244,648 | ---- | C] () -- C:\Users\***\Documents\41.jpg [2013.03.23 17:25:51 | 000,143,305 | ---- | C] () -- C:\Users\***\Documents\545ec4ebefa28a4bac1b3f77f53964aeb.jpg [2013.03.23 17:25:51 | 000,095,777 | ---- | C] () -- C:\Users\***\Documents\787_001.jpg [2013.03.23 17:25:51 | 000,072,155 | ---- | C] () -- C:\Users\***\Documents\130_001.jpg [2013.03.23 17:25:51 | 000,043,843 | ---- | C] () -- C:\Users\***\Documents\c3823.JPG [2013.03.23 17:25:51 | 000,037,093 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:51 | 000,014,324 | ---- | C] () -- C:\Users\***\Documents\$(KGrHqF,!icFDLrhIitNBQ4D2tnFcw~~60_12.JPG [2013.03.23 17:25:48 | 000,140,101 | ---- | C] () -- C:\Users\***\Documents\1f1e07d7fb4234d766aba5cfac387d9e3.jpg [2013.03.23 17:25:48 | 000,064,432 | ---- | C] () -- C:\Users\***\Documents\5080b23e43bcef1148ab0ac4d0efc77d1.jpg [2013.03.23 17:25:48 | 000,044,858 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:48 | 000,035,157 | ---- | C] () -- C:\Users\***\Documents\$T2eC16R,!ykE9s7t)cywBRRICf8n1!~~60_12.JPG [2013.03.23 17:25:47 | 003,106,122 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:47 | 000,131,665 | ---- | C] () -- C:\Users\***\Documents\58bad94a1a6332d9e5f1c85ddb864d912.jpg [2013.03.23 17:25:47 | 000,127,048 | ---- | C] () -- C:\Users\***\Documents\RCFI4hwDiEBX135871332256P5747.jpg [2013.03.23 17:25:47 | 000,070,994 | ---- | C] () -- C:\Users\***\Documents\955_001.jpg [2013.03.23 17:25:47 | 000,053,246 | ---- | C] () -- C:\Users\***\Documents\$T2eC16dHJGIE9nnWrcswBRPNbIn!7Q~~60_12.JPG [2013.03.23 17:25:47 | 000,038,245 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:47 | 000,037,318 | ---- | C] () -- C:\Users\***\Documents\2130190065812_1.jpg [2013.03.23 17:25:46 | 000,142,740 | ---- | C] () -- C:\Users\***\Documents\4b4071695fcd778a7a9ea8d1407661da1.jpg [2013.03.23 17:25:46 | 000,124,833 | ---- | C] () -- C:\Users\***\Documents\1a309a10ee26b8e4b0ad938fca8d1d1ab.jpg [2013.03.23 17:25:46 | 000,104,622 | ---- | C] () -- C:\Users\***\Documents\86079.jpg [2013.03.23 17:25:46 | 000,044,894 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:46 | 000,037,799 | ---- | C] () -- C:\Users\***\Documents\$T2eC16h,!)QE9s3HG-1iBRQ3W,,yhg~~60_12.JPG [2013.03.23 17:25:46 | 000,036,803 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:46 | 000,031,514 | ---- | C] () -- C:\Users\***\Documents\$T2eC16h,!y8E9s2fl8CvBQ4H!oO1eQ~~60_35.JPG [2013.03.23 17:25:46 | 000,028,650 | ---- | C] () -- C:\Users\***\Documents\img726.jpg [2013.03.23 17:25:46 | 000,024,102 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:46 | 000,015,980 | ---- | C] () -- C:\Users\***\Documents\***.jpg [2013.03.23 17:25:42 | 000,051,463 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 17:25:42 | 000,025,337 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 16:46:53 | 000,014,272 | ---- | C] () -- C:\Users\***\Documents\AZG3200126600_19E_2008.pdf [2013.03.23 16:46:53 | 000,010,759 | ---- | C] () -- C:\Users\***\Documents\AZG3200126600_1E_2009.pdf [2013.03.23 16:46:53 | 000,007,598 | ---- | C] () -- C:\Users\***\Documents\AZG3200126600_20E_2008.pdf [2013.03.23 15:39:16 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2013.03.23 15:21:44 | 000,001,252 | ---- | C] () -- C:\Users\Public\Desktop\Command & Conquer Die ersten 10 Jahre.lnk [2013.03.23 15:19:39 | 000,226,704 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:19:39 | 000,226,506 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:19:39 | 000,205,563 | ---- | C] () -- C:\Users\***\Documents\File0003.PDF [2013.03.23 15:19:39 | 000,063,141 | ---- | C] () -- C:\Users\***\Documents\File0001.PDF [2013.03.23 15:19:38 | 000,222,876 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:19:38 | 000,033,792 | ---- | C] () -- C:\Users\***\Documents\Normal_TG.dot [2013.03.23 15:19:37 | 000,026,112 | ---- | C] () -- C:\Users\***\Documents\Sammlung.dot [2013.03.23 15:19:37 | 000,000,196 | ---- | C] () -- C:\Users\***\Documents\***.rtf [2013.03.23 15:19:36 | 000,637,946 | ---- | C] () -- C:\Users\***\Documents\004.jpg [2013.03.23 15:19:36 | 000,033,280 | ---- | C] () -- C:\Users\***\Documents\***.dot [2013.03.23 15:19:36 | 000,019,968 | ---- | C] () -- C:\Users\***\Documents\Normal_bk.dot [2013.03.23 15:19:36 | 000,015,543 | ---- | C] () -- C:\Users\***\Documents\Normal.dotm [2013.03.23 15:19:35 | 000,173,766 | ---- | C] () -- C:\Users\***\Documents\28-12-2012 13-10-37.jpg [2013.03.23 15:19:35 | 000,102,141 | ---- | C] () -- C:\Users\***\Documents\File0002.PDF [2013.03.23 15:19:35 | 000,034,304 | ---- | C] () -- C:\Users\***\Documents\Normal11.dot [2013.03.23 15:19:35 | 000,031,739 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:07:19 | 000,176,021 | ---- | C] () -- C:\Users\***\Documents\P1050480.JPG [2013.03.23 15:07:19 | 000,044,306 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:07:19 | 000,042,807 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:07:18 | 001,697,699 | ---- | C] () -- C:\Users\***\Documents\img003.jpg [2013.03.23 15:07:18 | 001,604,152 | ---- | C] () -- C:\Users\***\Documents\img008.jpg [2013.03.23 15:07:18 | 001,482,100 | ---- | C] () -- C:\Users\***\Documents\img005.jpg [2013.03.23 15:07:18 | 000,439,921 | ---- | C] () -- C:\Users\***\Documents\13-01-2013 23-11-05.jpg [2013.03.23 15:07:18 | 000,328,714 | ---- | C] () -- C:\Users\***\Documents\P1050202.JPG [2013.03.23 15:07:18 | 000,146,272 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:07:18 | 000,059,446 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:07:18 | 000,026,468 | ---- | C] () -- C:\Users\***\Documents\***.bak [2013.03.23 15:07:18 | 000,015,980 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:07:18 | 000,007,131 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:07:17 | 001,698,055 | ---- | C] () -- C:\Users\***\Documents\img002.jpg [2013.03.23 15:07:17 | 001,636,276 | ---- | C] () -- C:\Users\***\Documents\img006.jpg [2013.03.23 15:07:17 | 000,345,386 | ---- | C] () -- C:\Users\***\Documents\img027.jpg [2013.03.23 15:07:17 | 000,322,624 | ---- | C] () -- C:\Users\***\Documents\P1050201.JPG [2013.03.23 15:07:17 | 000,044,686 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:07:17 | 000,033,370 | ---- | C] () -- C:\Users\***\Documents\01-03-2013 00-29-56.jpg [2013.03.23 15:07:17 | 000,030,873 | ---- | C] () -- C:\Users\***\Documents\20-02-2013 23-57-13.jpg [2013.03.23 15:07:17 | 000,026,604 | ---- | C] () -- C:\Users\***\Documents\***.AmP [2013.03.23 15:07:17 | 000,017,742 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:07:15 | 001,728,005 | ---- | C] () -- C:\Users\***\Documents\img004.jpg [2013.03.23 15:07:15 | 000,146,269 | ---- | C] () -- C:\Users\***\Documents\P1050198.JPG [2013.03.23 15:07:15 | 000,036,507 | ---- | C] () -- C:\Users\***\Documents\20-03-2013 22-49-09.jpg [2013.03.23 15:07:14 | 001,581,545 | ---- | C] () -- C:\Users\***\Documents\img011.jpg [2013.03.23 15:07:14 | 001,574,130 | ---- | C] () -- C:\Users\***\Documents\img010.jpg [2013.03.23 15:07:14 | 001,559,955 | ---- | C] () -- C:\Users\***\Documents\img009.jpg [2013.03.23 15:07:14 | 000,584,614 | ---- | C] () -- C:\Users\***\Documents\13-01-2013 22-53-27.jpg [2013.03.23 15:07:14 | 000,411,102 | ---- | C] () -- C:\Users\***\Documents\img007.jpg [2013.03.23 15:07:14 | 000,225,879 | ---- | C] () -- C:\Users\***\Documents\img029.jpg [2013.03.23 15:07:14 | 000,149,543 | ---- | C] () -- C:\Users\***\Documents\P1050489.JPG [2013.03.23 15:07:14 | 000,146,381 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:07:14 | 000,119,183 | ---- | C] () -- C:\Users\***\Documents\Technische Daten.pdf [2013.03.23 15:07:14 | 000,041,849 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:07:14 | 000,016,850 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:07:13 | 003,057,560 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 15:07:13 | 000,161,962 | ---- | C] () -- C:\Users\***\Documents\P1050487.JPG [2013.03.23 15:07:12 | 008,206,660 | ---- | C] () -- C:\Users\***\Documents\img026.jpg [2013.03.23 15:07:12 | 001,616,400 | ---- | C] () -- C:\Users\***\Documents\img028.jpg [2013.03.23 15:07:12 | 000,473,463 | ---- | C] () -- C:\Users\***\Documents\13-01-2013 23-01-35.jpg [2013.03.23 15:07:12 | 000,057,485 | ---- | C] () -- C:\Users\***\Documents\17-02-2013 22-23-19.jpg [2013.03.23 15:07:11 | 000,053,195 | ---- | C] () -- C:\Users\***\Documents\***.pdf [2013.03.23 14:20:12 | 000,001,389 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of Might & Magic V - Hammers of Fate.lnk [2013.03.23 14:03:45 | 000,001,373 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of Might and Magic V.lnk [2013.03.23 13:50:47 | 000,000,001 | ---- | C] () -- C:\windows\SysWow64\SI.bin [2013.03.23 02:27:51 | 000,002,505 | ---- | C] () -- C:\Users\***\Desktop\Word 2013.lnk [2013.03.23 02:27:37 | 000,002,501 | ---- | C] () -- C:\Users\***\Desktop\Excel 2013.lnk [2013.03.23 02:27:23 | 000,002,391 | ---- | C] () -- C:\Users\***\Desktop\Outlook 2013.lnk [2013.03.23 01:35:54 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.23 01:32:42 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013.03.23 01:29:47 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.03.23 01:29:47 | 000,001,911 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2013.03.23 01:26:18 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.03.23 00:47:07 | 003,432,888 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT [2013.03.23 00:31:40 | 000,001,163 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.23 00:31:38 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.20 23:29:36 | 000,001,202 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk [2013.03.20 23:28:39 | 000,002,143 | R-S- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Choice.lnk [2013.03.20 23:28:16 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_na_355V4C_P04ABF.mrk [2013.03.20 22:40:54 | 000,386,577 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml [2013.03.20 22:32:04 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml [2013.03.20 22:31:52 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Help Desk.lnk [2013.03.20 22:30:21 | 000,000,709 | ---- | C] () -- C:\Users\Public\Desktop\Recovery.lnk [2013.03.20 22:26:33 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Quick Starter.lnk [2013.03.20 22:26:24 | 000,002,655 | ---- | C] () -- C:\Users\Public\Desktop\AllShare Play.lnk [2013.03.20 22:09:30 | 000,001,450 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.01.03 05:32:41 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2013.01.03 05:16:08 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2013.01.03 04:24:10 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll [2012.09.12 10:51:54 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2012.09.12 10:51:54 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2012.05.10 09:35:16 | 000,029,184 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll [2011.09.12 12:06:18 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2013.03.23 14:40:11 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
02.04.2013, 15:20
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.04.2013, 19:00
| #11 |
| | PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht Hallo, hier die Log files: Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.02.08 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16519 Thomas :: *** [Administrator] 02.04.2013 16:34:27 mbam-log-2013-04-02 (16-34-27).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211705 Laufzeit: 2 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=dd9e66f4cd15a446b29f3723ab4c8af5
# engine=13531
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-02 04:16:24
# local_time=2013-04-02 06:16:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776573 100 94 11001 5508483 0 0
# scanned=307957
# found=0
# cleaned=0
# scan_time=5275
|
|
02.04.2013, 19:49
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht Erstell dir mal ein neues Profil und teste => Firefox-Profile erstellen und löschen | Hilfe zu Firefox
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.04.2013, 21:56
| #13 |
| | PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht Hallo, mit dem neuen Profil ist die Werbung verschwunden. |
|
03.04.2013, 13:16
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht Dann benötigst du neue Browserprofile
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu PUP.InstallBrain, CouponCompagnion in Firefox und Internet Explorer funktioniert nicht |
| administrator, autostart, csrss.exe, dateien, explorer, explorer funktioniert nicht, explorer reagiert nicht, explorer.exe, firefox, gelöscht, google, harddisk, internet, internet explorer, malwarebytes, microsoft, neue, office, plug-in, pup.installbrain gefunden, scan, software, spielen, starten, svchost.exe, system, system32, temp, updates, werbung, win32k.sys |
Linear-Darstellung
