| |
| |||||||
Log-Analyse und Auswertung: BSOD-Maustreiber oder doch Virus?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.04.2013, 13:21
| #1 |
 |  BSOD-Maustreiber oder doch Virus? Hallo aus Wien, darf ich mich mit folgendem Problem an Sie wenden? Gegen Jahreswechsel 2012/13 hab ich mir einen neuen Laptop zugelegt, Windows 8 war vorinstalliert, 64 bit Version. Prozessor ist AMD E1-1200 APU, Grafikkarte Radeon HD, Arbeitsspeicher 4GB. Von Anfang an verwende ich statt des touchpad eine Microsoft wireless 2000 mouse. Schon kurz nach Inbetriebnahme sind die ersten bluescreens aufgetreten. Ich hatte den Eindruck, die Abstürze sind immer bei Betätigen der Maus erfolgt. Da habe ich bemerkt, daß im Gerätemanager ein 2006-er Treiber , der offenbar allgemein für x beliebige Mäuse installiert ist, angezeigt war. Ich habe mir den aktuellen Treiber von Microsoft für wireless 2000 installiert, und danach war das Problem behoben. Seit ein paar Tagen treten wieder bluescreens auf, und diesmal weiß ich nicht weiter. Immer noch habe ich den Eindruck, daß die crashes nach Mauseinsätzen auftreten. Wie kann ich systematisch weiter vorgehen, um den Fehler - oder doch einen Virus - zu finden? Herzlichen Dank im voraus und Grüße aus Ö Christoph PS minidumps sind noch alle vorhanden |
|
24.04.2013, 15:26
| #2 |
| /// TB-Ausbilder   | BSOD-Maustreiber oder doch Virus? Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Wir kümmern uns in diesem Teil des Forum ausschließlich um die Bereinigung von Malware (Viren, Trojaner, Rootkits, Malware, Adware, etc.). Gerne können wir uns deinen Rechner ansehen. Da es sich um Windows 8 handelt, stehen uns leider nicht alle Tools zur Verfügung. Ggf. passen die Anleitungen nicht zu 100% für Windows 8. Wenn dies so ist, so kannst du mir gerne Bescheid geben. Mal schaun, ob wir was finden: Schritt 1 Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
Code:
ATTFilter activex
msconfig
CREATERESTOREPOINT
Schritt 2 Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
Schritt 3 Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Bitte poste mit deiner nächsten Antwort
|
|
24.04.2013, 16:15
| #3 |
| | BSOD-Maustreiber oder doch Virus? Erst einmal herzlichen Dank für die rasche Antwort!
__________________Hier sind erst einmal die beiden otl-Dateien: Code:
ATTFilter OTL logfile created on: 24.04.2013 16:51:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hrl\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16484) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,59 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 76,53% Memory free 7,21 Gb Paging File | 6,12 Gb Available in Paging File | 84,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,69 Gb Total Space | 373,20 Gb Free Space | 82,81% Space Free | Partition Type: NTFS Drive D: | 14,30 Gb Total Space | 1,89 Gb Free Space | 13,24% Space Free | Partition Type: NTFS Drive E: | 6,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: CHRISTOPH | User Name: Hrl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.24 16:48:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hrl\Desktop\OTL.exe PRC - [2013.02.20 08:28:40 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2012.07.09 13:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012.07.09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.12.06 06:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.12.06 06:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.08.06 13:08:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012.08.02 11:06:02 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.08.10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.26 05:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2012.07.26 05:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2012.07.25 19:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service) SRV - [2012.07.14 03:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012.07.09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.29 18:15:04 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2013.01.29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013.01.10 03:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.11.27 05:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 09:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2012.11.06 09:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.09.20 09:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 09:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.08.31 10:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver) DRV:64bit: - [2012.08.29 09:35:13 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.08.29 09:34:03 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012.08.29 09:34:03 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv) DRV:64bit: - [2012.08.08 23:28:38 | 001,958,984 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2012.08.02 12:54:18 | 010,280,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.08.02 10:09:30 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.08.01 12:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 07:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 06:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012.07.26 06:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.23 23:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2012.07.23 23:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2012.07.17 18:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService) DRV:64bit: - [2012.07.04 00:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2012.06.19 04:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2012.06.13 07:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.06.02 16:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON13/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQCON13/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS IE:64bit: - HKLM\..\SearchScopes\{22AB7F76-BB0E-4FFB-B7F4-F0D99AEB6599}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON13/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQCON13/1 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS IE - HKLM\..\SearchScopes\{22AB7F76-BB0E-4FFB-B7F4-F0D99AEB6599}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON13/1 IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&babsrc=SP_ss&mntrId=B8EE689423C4168E IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\..\SearchScopes\{22AB7F76-BB0E-4FFB-B7F4-F0D99AEB6599}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKU\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) [2013.04.01 16:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hrl\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2013.02.11 12:58:00 | 000,214,122 | ---- | M] () (No name found) -- C:\Users\Hrl\AppData\Roaming\mozilla\firefox\profiles\extensions\putlockerdownloader2@putlockerdownloader.com.xpi [2013.03.29 18:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-919890997-1340977237-2831244317-1002..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - Startup: C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AA41483-FA8E-46C2-8D04-2E5D75E7DC76}: DhcpNameServer = 192.168.0.1 213.33.99.70 80.120.17.70 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8366D461-FAD5-4D41-89CD-7A97D05A5460}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.08.31 09:39:28 | 008,110,472 | R--- | M] (Electronic Arts, Inc.) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2012.09.05 05:18:38 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ] O32 - AutoRun File - [2012.08.31 09:41:57 | 000,048,902 | R--- | M] () - E:\Autorun.ico -- [ UDF ] O32 - AutoRun File - [2012.09.05 05:18:36 | 000,000,124 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{62561ec2-27cc-11e2-be72-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{62561ec2-27cc-11e2-be72-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.08.31 09:39:28 | 008,110,472 | R--- | M] (Electronic Arts, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.04.24 16:48:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hrl\Desktop\OTL.exe [2013.04.23 18:29:23 | 000,000,000 | ---D | C] -- C:\Maustreiber [2013.04.23 17:43:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.20 18:11:24 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\wienfuchs [2013.04.18 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Temp [2013.04.18 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Configuration [2013.04.18 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Backup Tickets [2013.04.18 18:02:36 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photosketch Demo V3.0 [2013.04.18 18:02:36 | 000,000,000 | ---D | C] -- C:\Photosketch [2013.04.16 19:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC SWOS-Total Pack [2013.04.16 19:00:20 | 000,000,000 | ---D | C] -- C:\games [2013.04.11 17:07:20 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Blender Foundation [2013.04.07 07:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74 [2013.04.05 17:12:13 | 000,000,000 | ---D | C] -- C:\000 [2013.04.02 18:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12 [2013.04.01 19:19:51 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FM12_temp [2013.04.01 17:53:28 | 000,000,000 | ---D | C] -- C:\FIFA 13 [2013.04.01 17:03:27 | 000,000,000 | ---D | C] -- C:\FIFA_Creation_Studio_13_Basic_13.0.3 [2013.04.01 17:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe [2013.04.01 16:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013.04.01 16:47:48 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Local\PutLockerDownloader [2013.04.01 16:47:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PutLockerDownloader [2013.04.01 16:47:47 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Mozilla [2013.04.01 16:47:44 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com [2013.04.01 16:44:35 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FM13_temp [2013.04.01 16:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fifa Master 12 [2013.04.01 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModdingWay [2013.03.31 18:50:43 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\FaceGen [2013.03.31 18:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FaceShopPro [2013.03.31 18:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pantomat [2013.03.31 12:06:11 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FIFA 10 FAT Rebuilder [2013.03.31 12:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 10 FAT Rebuilder [2013.03.30 08:06:09 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FM10_temp [2013.03.30 08:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fifa Master [2013.03.29 20:39:40 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Local\Origin [2013.03.29 20:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.03.29 20:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013.03.29 18:20:38 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Local\Downloaded Installations [2013.03.29 18:20:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.03.29 18:20:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.03.29 18:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.29 18:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.03.29 18:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.03.29 18:19:55 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Babylon [2013.03.29 16:41:47 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 10 [2013.03.29 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 11 [2013.03.28 19:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2013.03.28 19:51:57 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 09 [2013.03.28 19:51:36 | 000,000,000 | RH-D | C] -- C:\Users\Hrl\AppData\Roaming\SecuROM [2013.03.28 19:02:15 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 2005 [2013.03.25 17:33:55 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Local\DOSBox [2013.03.25 17:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.24 16:48:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hrl\Desktop\OTL.exe [2013.04.24 16:43:32 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.24 16:43:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.24 15:33:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.23 08:01:24 | 001,949,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.23 08:01:24 | 000,830,120 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.23 08:01:24 | 000,774,720 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.23 08:01:24 | 000,188,224 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.23 08:01:24 | 000,158,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.23 07:56:39 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.23 07:56:35 | 376,586,357 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.23 07:56:30 | 3082,186,752 | -HS- | M] () -- C:\hiberfil.sys [2013.04.23 07:55:26 | 000,001,960 | ---- | M] () -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk [2013.04.20 11:16:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHrl.job [2013.04.19 15:43:59 | 001,530,086 | ---- | M] () -- C:\Users\Hrl\Documents\büchel.skp [2013.04.18 18:22:33 | 000,003,904 | -H-- | M] () -- C:\Users\Hrl\AppData\Local\cgiiqikm.ini [2013.04.16 19:03:57 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\PC SWOS-Total Pack.lnk [2013.04.13 09:45:20 | 000,001,097 | ---- | M] () -- C:\Users\Hrl\Desktop\Das Fussball Studio.lnk [2013.04.07 07:57:51 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk [2013.04.06 06:07:13 | 000,001,269 | ---- | M] () -- C:\Users\Hrl\Desktop\CM 12.lnk [2013.04.02 18:19:15 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2013.04.01 17:04:42 | 000,001,274 | ---- | M] () -- C:\Users\Hrl\Desktop\FIFA Creation Studio 13 - Verknüpfung.lnk [2013.04.01 16:41:53 | 000,001,221 | ---- | M] () -- C:\Users\Hrl\Desktop\FileM 12.lnk [2013.04.01 16:41:36 | 000,001,197 | ---- | M] () -- C:\Users\Hrl\Desktop\DBM 12.lnk [2013.03.31 19:08:23 | 000,010,539 | ---- | M] () -- C:\Users\Hrl\Documents\1.png [2013.03.31 19:03:53 | 000,009,701 | ---- | M] () -- C:\Users\Hrl\Documents\aba.fg [2013.03.29 20:37:21 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.03.29 20:25:49 | 000,000,110 | ---- | M] () -- C:\Windows\wininit.ini [2013.03.29 18:23:19 | 000,002,060 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2013.03.27 07:22:47 | 000,320,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.19 15:43:59 | 001,525,476 | ---- | C] () -- C:\Users\Hrl\Documents\büchel.skb [2013.04.18 18:22:33 | 000,003,904 | -H-- | C] () -- C:\Users\Hrl\AppData\Local\cgiiqikm.ini [2013.04.16 19:03:57 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\PC SWOS-Total Pack.lnk [2013.04.07 07:57:51 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk [2013.04.06 10:09:56 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll [2013.04.06 06:07:13 | 000,001,269 | ---- | C] () -- C:\Users\Hrl\Desktop\CM 12.lnk [2013.04.02 18:19:15 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2013.04.01 17:04:42 | 000,001,274 | ---- | C] () -- C:\Users\Hrl\Desktop\FIFA Creation Studio 13 - Verknüpfung.lnk [2013.04.01 16:41:53 | 000,001,221 | ---- | C] () -- C:\Users\Hrl\Desktop\FileM 12.lnk [2013.04.01 16:41:36 | 000,001,197 | ---- | C] () -- C:\Users\Hrl\Desktop\DBM 12.lnk [2013.03.31 19:08:22 | 000,010,539 | ---- | C] () -- C:\Users\Hrl\Documents\1.png [2013.03.31 19:03:53 | 000,009,701 | ---- | C] () -- C:\Users\Hrl\Documents\aba.fg [2013.03.29 20:37:21 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.03.29 18:20:46 | 000,002,060 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2013.03.29 15:45:09 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini [2013.02.14 09:18:37 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.02.03 19:20:48 | 000,000,269 | ---- | C] () -- C:\Users\Hrl\.octave_hist [2013.02.03 10:07:01 | 000,000,868 | ---- | C] () -- C:\Users\Hrl\AppData\Local\recently-used.xbel [2013.01.05 14:54:03 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.08.20 20:23:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.08.04 00:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.02 10:53:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.08.02 10:53:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.07.25 22:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2012.07.25 22:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2012.07.25 22:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2011.09.13 04:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2012.08.20 20:51:55 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.04.2013 16:51:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hrl\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,59 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 76,53% Memory free
7,21 Gb Paging File | 6,12 Gb Available in Paging File | 84,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,69 Gb Total Space | 373,20 Gb Free Space | 82,81% Space Free | Partition Type: NTFS
Drive D: | 14,30 Gb Total Space | 1,89 Gb Free Space | 13,24% Space Free | Partition Type: NTFS
Drive E: | 6,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: CHRISTOPH | User Name: Hrl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D9DCA90-94F1-4F7C-B926-53425E05BCEE}" = rport=138 | protocol=17 | dir=out | app=system |
"{28BE1BA6-9E49-43ED-9240-67C2DDDBCB20}" = rport=137 | protocol=17 | dir=out | app=system |
"{372B2882-3DB6-4582-B0B8-94419BCD7705}" = lport=139 | protocol=6 | dir=in | app=system |
"{4DF403AA-63DD-4631-82B8-172A00075055}" = lport=137 | protocol=17 | dir=in | app=system |
"{6371972F-FD04-4380-AB1B-D5C89647608C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7D707C2B-66F3-49A3-B3A5-F1E752F23730}" = lport=445 | protocol=6 | dir=in | app=system |
"{A7D1084C-DC6D-43E3-BDFE-3F2420CC6D77}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B2901653-8BD3-4B50-9C4A-C49B9789C1AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B3ECBF8D-242F-4369-A4C2-AAB34ADA6483}" = rport=139 | protocol=6 | dir=out | app=system |
"{C89240F7-A358-4D26-B8A8-9A46A27D7FBC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D479AA52-9847-4EB0-BC8B-09017648001C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E915AB00-A3F1-4AA6-A7E1-8BA028440E7A}" = rport=445 | protocol=6 | dir=out | app=system |
"{E978E9A0-CA90-4689-AC35-EA3DDD08710F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F843D29C-AE2C-4953-80D0-A41D03BD1294}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003F020E-F751-4BA1-AA3D-CE9DA6F7F44E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{03BBDF1C-4766-4E9B-A8B0-5D4874CB6B3D}" = protocol=6 | dir=in | app=c:\users\hrl\appdata\local\temp\7zsd838.tmp\symnrt.exe |
"{0505E55B-81E9-49CB-BCC3-21F15FFA25E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{065C6EDB-D432-43C4-92AE-983366CA597A}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{085BD021-3284-40E3-B411-05AF6229B1E2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe |
"{0878202E-1313-4036-9D33-EB2DE2373B89}" = protocol=6 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe |
"{15CF9A0B-9F8B-44CE-8A02-42A56B2BE232}" = dir=out | name=getting started with windows 8 |
"{15EDF370-A169-4BA5-A9F5-C9778DAF5653}" = dir=out | name=ebay |
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
"{1CE5F3FD-C5AF-44F1-93B4-9DFA7AA3868F}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{1D145B11-FA39-4220-8813-CC1BDF107C0A}" = dir=in | name=kindle |
"{1D71000A-A704-4878-A740-4FEA917BCACC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2B8A66FE-5B03-4319-85E7-AFAEFE11A7CC}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{3253464F-1DEB-48E1-A5E1-C85ADAC6A76A}" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"{32ABBA5C-45AC-41DF-A1C4-157F93910978}" = dir=out | name=kindle |
"{3CF5B02B-BEC6-4E26-9D22-55672E4E394B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{44E69452-D0F6-4C11-99FB-D632FAE2E1B0}" = dir=out | name=hp registration |
"{46EFF4D3-F7C1-437F-B11E-F07F2C99CE98}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{491EEF38-A02E-40A8-B8F9-39B88A3D0194}" = dir=out | name=norton studio |
"{51FBA43D-26DB-419F-B408-952E06B226BA}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{53222944-180D-4AE8-8C8B-8DE3304AC5E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5D2F28CB-FBCF-4826-8948-F1F979755387}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{5FDD5E75-A5EA-4924-BC32-3414B75730EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6403A10B-4EAE-4783-9932-490312223085}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{752E46C7-B1FA-46D1-BC6E-6E49143FF346}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7E741563-8C40-4B77-BB74-2B813CB0384D}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{82C0D8CD-7B8D-4A01-B74E-9DA90AE8000F}" = dir=out | name=hp connected photo powered by snapfish |
"{82EF04DF-3D6C-4D13-9407-CA51EFC17CA6}" = dir=in | name=ebay |
"{8370EB6F-64E4-40A9-9093-EAB4FB6270A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8468B233-D95F-4688-A6ED-2ED33D446E88}" = dir=out | name=skype |
"{85C46F73-7EC9-48E6-A7F7-5E2FA8477735}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8CC9B20F-5F4E-4555-A5F1-D68860A73D5D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{8F3D5532-A371-4EE5-BB85-754B94DC12B3}" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 10\fifa10.exe |
"{9002D236-6A69-4E2B-BA72-2EB24ABC4517}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9582728C-9537-4130-A13A-E029C198CA4F}" = protocol=6 | dir=in | app=c:\users\hrl\downloads\cm10_beta_3.exe |
"{95A2DCFE-C77D-4193-B8BF-6B43F64E55B4}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{9C73D7F0-418E-45C5-8E5E-3A2DE9883F9C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{9CD70374-F221-487E-812F-0A1CE47F7CF0}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{A296A1A2-BB6A-45C6-ADDB-3D4C40B3DD57}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{A87BD2DA-A780-4E5A-882C-FF1F2A0AB077}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AA1CABE1-F9C0-49E6-AD13-D51EF66B0C11}" = protocol=17 | dir=in | app=c:\users\hrl\downloads\cm10_beta_3.exe |
"{B39174C0-4639-4049-A4EC-B687EA845056}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{B96D8107-3864-4483-8815-5ABD260E151D}" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 10\fifa10.exe |
"{C4C3F9ED-4F35-4B00-AB03-682D6B65DCE0}" = protocol=17 | dir=in | app=c:\users\hrl\appdata\local\temp\7zsd838.tmp\symnrt.exe |
"{CA55B394-8FD4-4594-B317-6E9CF198A744}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{CF897716-81AA-4A6F-89C6-60D523B63653}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{D13E357E-EDB4-4B53-BE51-9B41394E027C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D300F09B-9C6F-4344-A544-A3C62A1323FE}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{D5EBE7EF-55ED-4ADF-8AC3-A1E8277735B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D609A076-F719-42F6-BDE4-6AA63C9C6329}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{D6AE7093-3B4C-46CD-96C1-887DA1FDF6DD}" = dir=in | name=skype |
"{D6C45A34-6ECA-4E90-A668-97F58AC69606}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0A18A3C-1D10-43E1-9B5C-56A9626DD5A5}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E52DE610-063F-4F26-8316-C457B2A19EAA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8CF42A2-A934-440C-B8E1-EA86C1F34B26}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{EA05C822-D9E7-4A7A-BC8D-6A943FB3F182}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{ED7C903F-0709-4869-88AC-888B6B018B9C}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{F5358C8A-CF15-4CA4-BD00-5EDA1F249751}" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"{F6506514-4C52-415E-9576-C27560A709FF}" = dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"TCP Query User{6E4050E5-1146-4FEE-973B-6D989D4C4315}C:\program files (x86)\origin\legacypm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe |
"TCP Query User{7EC9BC78-79B9-4165-8DAA-67A099956073}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{7F148541-C67F-4916-8F63-C2C29A45DBD1}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{36E10D39-F72B-4440-B85E-8515F305CD48}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{48E259C7-35B2-4D3D-AAFC-0D676C15D320}C:\program files (x86)\origin\legacypm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe |
"UDP Query User{A9869C3D-B5C0-449B-8B79-368091276998}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{63ADEC24-A374-80A8-E89B-BE401C787F75}" = AMD Catalyst Install Manager
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A79A9231-0A5A-9384-21D0-DB753C2BE59B}" = AMD Fuel
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{E82EC5DF-28FD-C8F4-ED08-B88728158260}" = ccc-utility64
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Blender" = Blender
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0123AB93-E7A4-7F40-83B6-41EC2CF84B3F}" = CCC Help Dutch
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C3B99D2-35D0-6993-3C4B-A759419A8678}" = CCC Help Korean
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{0D36378E-B482-433F-9E9F-545367ED0511}" = PhoX - Photogrammetric Calculation System
"{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding
"{1225C0F8-AB1A-BE3A-CD0C-DB8CA1613940}" = CCC Help Greek
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{285B4FB8-207C-4CBA-BF3C-0AF1FFAA4123}" = Microsoft Windows Build 8250 Retail Debugging Symbols for x64
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C41A693-28E1-4335-A738-528B09DB600C}" = CCC Help Thai
"{3C458872-A5BB-89F3-933C-2406F6D9E6F8}" = CCC Help Finnish
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{52A3FC19-6F84-F293-08C6-80A1D2F7477F}" = CCC Help Swedish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CD2FE1D-A3DB-F273-2798-EFAACF8492A5}" = CCC Help Portuguese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A66D912-541C-54C6-43E6-17AF24700B91}" = CCC Help German
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C8FF546-B0C0-0935-2F5E-7DC2DA727CFD}" = CCC Help Czech
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
"{734846E6-3E7A-04AC-0612-638A1D8A63F8}" = CCC Help Russian
"{747F3993-036E-5F4F-1B82-7DA844B73966}" = Catalyst Control Center Localization All
"{793ED091-3F14-4968-3864-5C8A7727A5DA}" = CCC Help Chinese Standard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E7CB625-076C-4812-87B9-A2695C2CFABF}" = HP Documentation
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9285EABA-D88C-4A8A-6E9D-5F55BF03E46F}" = Catalyst Control Center InstallProxy
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93EB60BA-458D-FBE6-E466-CD170080E719}" = CCC Help Polish
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C0F4CBD-8543-96CC-46F1-75E57B1B22A6}" = Catalyst Control Center Graphics Previews Common
"{9EF69B68-6DFE-F916-2D6E-E486D21A26C2}" = CCC Help Spanish
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1E7FE70-3B18-5BA2-8032-2547FC636A50}" = CCC Help Japanese
"{B424890D-64FC-E0D1-4A17-4B512CA45CD9}" = CCC Help Italian
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant
"{BE64A239-E22E-9D77-AA57-36AE0443EC2F}" = CCC Help Chinese Traditional
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FBB88A-65AA-6751-25EC-6A9046FA5F3B}" = Windows Driver Kit
"{C5C62359-A304-4C6B-B2F0-63AB58F9CBB8}_is1" = PC SWOS-Total Pack version V1.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF8C33C1-C978-527D-E0AF-530882DEB146}" = AMD VISION Engine Control Center
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5DC9541-12F0-59CF-9430-1136D5A58BD0}" = CCC Help Hungarian
"{D7FBE7DC-A18F-4DFF-80BB-A478E4E09CF7}" = CCC Help Danish
"{DC3C5C4A-1869-A99C-3AE4-55E0191105F0}" = CCC Help Norwegian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB2CDF95-92D4-AC57-63B1-4E7F0BD8F9B8}" = CCC Help French
"{ECA42F46-D80E-AD40-18FB-4BF64491CEE3}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f65530f7-1696-4fcd-8876-37cdcacdbd4c}" = Windows Driver Kit
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.5.2 (Beta)
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF282A38-D10B-E302-FBAD-5903C9DD9A5B}" = CCC Help Turkish
"Creation Master 12_is1" = Creation Master 12 Beta 6
"DB Master 12_is1" = DB Master 12 Beta 2
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"File Master 12_is1" = File Master 12 Release 12.0
"GCstar" = GCstar 1.6.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Notepad++" = Notepad++
"Origin" = Origin
"WinLiveSuite" = Windows Live Essentials
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.04.2013 11:27:38 | Computer Name = Christoph | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16482,
Zeitstempel: 0x50cfc9bf Name des fehlerhaften Moduls: atidxx32.dll, Version: 8.17.10.451,
Zeitstempel: 0x501a0a26 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000624f2 ID des fehlerhaften
Prozesses: 0x26f4 Startzeit der fehlerhaften Anwendung: 0x01ce35ff74e8f71d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\atidxx32.dll Berichtskennung: 2ccaad61-a1f3-11e2-be87-10604b4a8871
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 12.04.2013 09:23:19 | Computer Name = Christoph | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fifa13.exe, Version: 1.7.0.0, Zeitstempel:
0x02af1040 Name des fehlerhaften Moduls: fifa13.exe, Version: 1.7.0.0, Zeitstempel:
0x02af1040 Ausnahmecode: 0xc000001d Fehleroffset: 0x0254177b ID des fehlerhaften Prozesses:
0x2290 Startzeit der fehlerhaften Anwendung: 0x01ce3780df7a47f3 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe Pfad des
fehlerhaften Moduls: C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe
Berichtskennung:
238910b6-a374-11e2-be87-10604b4a8871 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 12.04.2013 09:23:19 | Computer Name = Christoph | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
der Datenträger fehlt. Das Programm FIFA 13 wurde wegen dieses Fehlers geschlossen.
Programm:
FIFA 13 Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: 00000000 Datenträgertyp: 0
Error - 12.04.2013 12:00:55 | Computer Name = Christoph | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 12.04.2013 12:00:55 | Computer Name = Christoph | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_gimp.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Error - 14.04.2013 09:56:09 | Computer Name = Christoph | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fifa13.exe, Version: 1.7.0.0, Zeitstempel:
0x02af1040 Name des fehlerhaften Moduls: fifa13.exe, Version: 1.7.0.0, Zeitstempel:
0x02af1040 Ausnahmecode: 0xc000001d Fehleroffset: 0x0254177b ID des fehlerhaften Prozesses:
0x186c Startzeit der fehlerhaften Anwendung: 0x01ce3917cb05c275 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe Pfad des
fehlerhaften Moduls: C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe
Berichtskennung:
0e75b3f8-a50b-11e2-be88-10604b4a8871 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 14.04.2013 09:56:09 | Computer Name = Christoph | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
der Datenträger fehlt. Das Programm FIFA 13 wurde wegen dieses Fehlers geschlossen.
Programm:
FIFA 13 Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: 00000000 Datenträgertyp: 0
Error - 14.04.2013 13:00:10 | Computer Name = Christoph | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fifa13.exe, Version: 1.7.0.0, Zeitstempel:
0x02af1040 Name des fehlerhaften Moduls: fifa13.exe, Version: 1.7.0.0, Zeitstempel:
0x02af1040 Ausnahmecode: 0xc000001d Fehleroffset: 0x0254177b ID des fehlerhaften Prozesses:
0x241c Startzeit der fehlerhaften Anwendung: 0x01ce393180294570 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe Pfad des
fehlerhaften Moduls: C:\Program Files (x86)\Origin Games\FIFA 13\Game\fifa13.exe
Berichtskennung:
c38e047e-a524-11e2-be88-10604b4a8871 Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error - 14.04.2013 13:00:10 | Computer Name = Christoph | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder
der Datenträger fehlt. Das Programm FIFA 13 wurde wegen dieses Fehlers geschlossen.
Programm:
FIFA 13 Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem,
das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn
Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk
befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese
sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen
und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware,
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche
Daten Fehlerwert: 00000000 Datenträgertyp: 0
Error - 15.04.2013 12:38:17 | Computer Name = Christoph | Source = Application Hang | ID = 1002
Description = Programm IEXPLORE.EXE, Version 10.0.9200.16482 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 208 Startzeit: 01ce39f795087107 Endzeit: 16 Anwendungspfad:
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: db0f740c-a5ea-11e2-be88-10604b4a8871
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
[ System Events ]
Error - 10.04.2013 11:33:35 | Computer Name = Christoph | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 10.04.2013 11:34:21 | Computer Name = Christoph | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 10.04.2013 11:34:41 | Computer Name = Christoph | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt
gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende
Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus
lautet: 900.
Error - 13.04.2013 11:46:01 | Computer Name = Christoph | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?04.?2013 um 10:26:28 unerwartet heruntergefahren.
Error - 13.04.2013 11:46:17 | Computer Name = Christoph | Source = BugCheck | ID = 1001
Description =
Error - 13.04.2013 11:47:19 | Computer Name = Christoph | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst HPWMISVC erreicht.
Error - 16.04.2013 00:47:21 | Computer Name = Christoph | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?04.?2013 um 06:32:03 unerwartet heruntergefahren.
Error - 16.04.2013 00:47:25 | Computer Name = Christoph | Source = BugCheck | ID = 1001
Description =
Error - 16.04.2013 01:42:50 | Computer Name = Christoph | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?16.?04.?2013 um 07:17:21 unerwartet heruntergefahren.
Error - 16.04.2013 01:42:55 | Computer Name = Christoph | Source = BugCheck | ID = 1001
Description =
< End of report >
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:21 on 24/04/2013 (Hrl)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
|
24.04.2013, 16:32
| #4 |
| /// TB-Ausbilder | BSOD-Maustreiber oder doch Virus? Servus, fehlt nur noch die Logdatei von GMER. |
|
24.04.2013, 16:55
| #5 |
| | BSOD-Maustreiber oder doch Virus? Genau, die ist eben fertig geworden  Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-24 17:50:51
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000032 Hitachi_HTS545050A7E380 rev.GG2OA7A0 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Hrl\AppData\Local\Temp\kgtyrpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[2736] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 306 000007fd4e20177a 4 bytes [20, 4E, FD, 07]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[2736] C:\Windows\system32\psapi.dll!GetProcessImageFileNameA + 314 000007fd4e201782 4 bytes [20, 4E, FD, 07]
.text C:\Windows\system32\atieclxx.exe[3520] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd4e20177a 4 bytes [20, 4E, FD, 07]
.text C:\Windows\system32\atieclxx.exe[3520] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd4e201782 4 bytes [20, 4E, FD, 07]
.text C:\Windows\system32\atieclxx.exe[3520] C:\Windows\system32\WSOCK32.dll!recvfrom + 742 000007fd4b751b32 4 bytes [75, 4B, FD, 07]
.text C:\Windows\system32\atieclxx.exe[3520] C:\Windows\system32\WSOCK32.dll!recvfrom + 750 000007fd4b751b3a 4 bytes [75, 4B, FD, 07]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2992] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fd4a9f1532 4 bytes [9F, 4A, FD, 07]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2992] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fd4a9f153a 4 bytes [9F, 4A, FD, 07]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[2992] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fd4a9f165a 4 bytes [9F, 4A, FD, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3708] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd4e20177a 4 bytes [20, 4E, FD, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3708] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd4e201782 4 bytes [20, 4E, FD, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4240] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fd4e20177a 4 bytes [20, 4E, FD, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4240] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fd4e201782 4 bytes [20, 4E, FD, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [3888:3896] fffff9600096b5e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
24.04.2013, 18:39
| #6 |
| /// TB-Ausbilder | BSOD-Maustreiber oder doch Virus? vus, Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Bitte poste mit deiner nächsten Antwort
|
|
25.04.2013, 05:52
| #7 |
| | BSOD-Maustreiber oder doch Virus? Hier die Daten von adwcleaner Code:
ATTFilter # AdwCleaner v2.202 - Datei am 25/04/2013 um 06:47:37 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : Hrl - CHRISTOPH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Hrl\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\PutLockerDownloader
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\SoftSafe
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Hrl\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Hrl\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Hrl\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\UpdateStar
Schlüssel Gelöscht : HKCU\Software\9e8b8ce06fed12
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PutLockerDownloader
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\9e8b8ce06fed12
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16482
[OK] Die Registrierungsdatenbank ist sauber.
*************************
AdwCleaner[S1].txt - [3062 octets] - [25/04/2013 06:47:37]
########## EOF - C:\AdwCleaner[S1].txt - [3122 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 8 x64
Ran by Hrl on 25.04.2013 at 6:56:40,07
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{22AB7F76-BB0E-4FFB-B7F4-F0D99AEB6599}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{22AB7F76-BB0E-4FFB-B7F4-F0D99AEB6599}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.04.2013 at 7:03:00,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16484
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.397000 GHz
Memory total: 3852734464, free: 2911477760
------------ Kernel report ------------
04/25/2013 07:10:04
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\amd_sata.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\amd_xata.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\RtsP2Stor.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\dc3d.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800486b420
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000032\
Lower Device Object: 0xfffffa8003f65400
Lower Device Driver Name: \Driver\amd_sata\
Driver name found: amd_sata
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\Drivers\storport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.04.25.01
Downloaded database version: v2013.04.22.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 4
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800486b420, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004865040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800486b420, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8003f62910, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa8003f65400, DeviceName: \Device\00000032\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xfffff8a00e8dca20, 0xfffffa800486b420, 0xfffffa8003a4f090
Lower DeviceData: 0xfffff8a002779570, 0xfffffa8003f65400, 0xfffffa80066819b0
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 4
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: C87CE4C6
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 976773167
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 361418761
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid 58d7bd3f-dd1b-414e-8756-8ee82613297a
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 361418761
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid 58d7bd3f-dd1b-414e-8756-8ee82613297a
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 99b6817f-9a1f-4086-b586-3efd8a288974
FirstLBA 2048 Last LBA 821247
Attributes 1
Partition Name Basic data partition
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID c31e054d-997d-42b2-8844-f49c62c1796e
FirstLBA 821248 Last LBA 1353727
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID c3a840f4-3e7d-4f90-8433-722f4919268e
FirstLBA 1353728 Last LBA 1615871
Attributes 0
Partition Name Microsoft reserved partition
Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID feaabb5d-b3e3-4d03-8610-312941bfe1b9
FirstLBA 1615872 Last LBA 946790399
Attributes 0
Partition Name Basic data partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID a20db402-8594-4b19-8542-9d9c4f496e1e
FirstLBA 946790400 Last LBA 976773119
Attributes 1
Partition Name Basic data partition
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
|
|
25.04.2013, 10:06
| #8 |
| /// TB-Ausbilder | BSOD-Maustreiber oder doch Virus? Servus, ein bisschen Adware wurde entfernt. Wir werfen noch einen 2. Blick auf dein System: Schritt 1 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Schritt 2 Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop. SystemLook (64 bit)
Schritt 3 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste mit deiner nächsten Antwort
|
|
25.04.2013, 15:05
| #9 |
| | BSOD-Maustreiber oder doch Virus? Hallo, Code:
ATTFilter OTL logfile created on: 25.04.2013 15:50:16 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hrl\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16484) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,59 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 76,76% Memory free 7,21 Gb Paging File | 6,25 Gb Available in Paging File | 86,66% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,69 Gb Total Space | 373,09 Gb Free Space | 82,78% Space Free | Partition Type: NTFS Drive D: | 14,30 Gb Total Space | 1,89 Gb Free Space | 13,24% Space Free | Partition Type: NTFS Drive E: | 6,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: CHRISTOPH | User Name: Hrl | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.24 16:48:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hrl\Desktop\OTL.exe PRC - [2013.02.20 08:28:40 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2012.07.09 13:40:02 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012.07.09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.12.06 06:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.12.06 06:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.08.06 13:08:48 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012.08.02 11:06:02 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.08.10 17:53:44 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012.07.26 05:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2012.07.26 05:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2012.07.25 19:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service) SRV - [2012.07.14 03:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012.07.09 13:40:02 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.29 18:15:04 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2013.01.29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013.01.10 03:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.11.27 05:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.06 09:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2012.11.06 09:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.09.20 09:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 09:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.08.31 10:40:24 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver) DRV:64bit: - [2012.08.29 09:35:13 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.08.29 09:34:03 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:64bit: - [2012.08.29 09:34:03 | 000,041,272 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv) DRV:64bit: - [2012.08.08 23:28:38 | 001,958,984 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2012.08.02 12:54:18 | 010,280,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.08.02 10:09:30 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.08.01 12:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 07:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 06:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012.07.26 06:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.07.23 23:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2012.07.23 23:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2012.07.17 18:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService) DRV:64bit: - [2012.07.04 00:09:08 | 000,269,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2012.06.19 04:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2012.06.13 07:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.06.02 16:32:26 | 010,627,744 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON13/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQCON13/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS IE:64bit: - HKLM\..\SearchScopes\{22AB7F76-BB0E-4FFB-B7F4-F0D99AEB6599}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON13/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/CQCON13/1 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQCON13/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) [2013.04.01 16:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hrl\AppData\Roaming\mozilla\Firefox\Profiles\extensions [2013.02.11 12:58:00 | 000,214,122 | ---- | M] () (No name found) -- C:\Users\Hrl\AppData\Roaming\mozilla\firefox\profiles\extensions\putlockerdownloader2@putlockerdownloader.com.xpi [2013.03.29 18:20:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - Startup: C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AA41483-FA8E-46C2-8D04-2E5D75E7DC76}: DhcpNameServer = 192.168.0.1 213.33.99.70 80.120.17.70 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8366D461-FAD5-4D41-89CD-7A97D05A5460}: DhcpNameServer = 212.186.211.21 195.34.133.21 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.08.31 09:39:28 | 008,110,472 | R--- | M] (Electronic Arts, Inc.) - E:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2012.09.05 05:18:38 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ] O32 - AutoRun File - [2012.08.31 09:41:57 | 000,048,902 | R--- | M] () - E:\Autorun.ico -- [ UDF ] O32 - AutoRun File - [2012.09.05 05:18:36 | 000,000,124 | R--- | M] () - E:\autorun.inf -- [ UDF ] O33 - MountPoints2\{62561ec2-27cc-11e2-be72-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{62561ec2-27cc-11e2-be72-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.08.31 09:39:28 | 008,110,472 | R--- | M] (Electronic Arts, Inc.) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.25 07:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.25 07:09:24 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Desktop\mbar-1.05.0.1001 [2013.04.25 06:56:36 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.25 06:56:30 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.25 06:55:56 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Hrl\Desktop\JRT.exe [2013.04.24 16:48:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hrl\Desktop\OTL.exe [2013.04.23 18:29:23 | 000,000,000 | ---D | C] -- C:\Maustreiber [2013.04.23 17:43:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.04.20 18:11:24 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\wienfuchs [2013.04.18 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Temp [2013.04.18 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Configuration [2013.04.18 18:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Backup Tickets [2013.04.18 18:02:36 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photosketch Demo V3.0 [2013.04.18 18:02:36 | 000,000,000 | ---D | C] -- C:\Photosketch [2013.04.16 19:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC SWOS-Total Pack [2013.04.16 19:00:20 | 000,000,000 | ---D | C] -- C:\games [2013.04.11 17:07:20 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Blender Foundation [2013.04.07 07:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DOSBox-0.74 [2013.04.05 17:12:13 | 000,000,000 | ---D | C] -- C:\000 [2013.04.02 18:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12 [2013.04.01 19:19:51 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FM12_temp [2013.04.01 17:53:28 | 000,000,000 | ---D | C] -- C:\FIFA 13 [2013.04.01 17:03:27 | 000,000,000 | ---D | C] -- C:\FIFA_Creation_Studio_13_Basic_13.0.3 [2013.04.01 16:47:47 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Mozilla [2013.04.01 16:44:35 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FM13_temp [2013.04.01 16:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fifa Master 12 [2013.04.01 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ModdingWay [2013.03.31 18:50:43 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\FaceGen [2013.03.31 18:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FaceShopPro [2013.03.31 18:48:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pantomat [2013.03.31 12:06:11 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FIFA 10 FAT Rebuilder [2013.03.31 12:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 10 FAT Rebuilder [2013.03.30 08:06:09 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FM10_temp [2013.03.30 08:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fifa Master [2013.03.29 20:39:40 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Local\Origin [2013.03.29 20:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin [2013.03.29 20:36:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin [2013.03.29 18:20:38 | 000,000,000 | ---D | C] -- C:\Users\Hrl\AppData\Local\Downloaded Installations [2013.03.29 18:20:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.03.29 18:20:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.03.29 18:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.29 16:41:47 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 10 [2013.03.29 15:48:03 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 11 [2013.03.28 19:52:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2013.03.28 19:51:57 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 09 [2013.03.28 19:51:36 | 000,000,000 | RH-D | C] -- C:\Users\Hrl\AppData\Roaming\SecuROM [2013.03.28 19:02:15 | 000,000,000 | ---D | C] -- C:\Users\Hrl\Documents\FIFA 2005 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.25 15:48:04 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.25 15:47:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.25 07:33:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.25 07:08:44 | 012,917,756 | ---- | M] () -- C:\Users\Hrl\Desktop\mbar-1.05.0.1001.zip [2013.04.25 06:55:57 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Hrl\Desktop\JRT.exe [2013.04.25 06:54:02 | 001,949,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.25 06:54:02 | 000,830,120 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.25 06:54:02 | 000,774,720 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.25 06:54:02 | 000,188,224 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.25 06:54:02 | 000,158,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.25 06:49:36 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.25 06:49:29 | 3082,186,752 | -HS- | M] () -- C:\hiberfil.sys [2013.04.25 06:46:59 | 000,619,461 | ---- | M] () -- C:\Users\Hrl\Desktop\adwcleaner.exe [2013.04.24 17:28:32 | 000,377,856 | ---- | M] () -- C:\Users\Hrl\Desktop\gmer_2.1.19163.exe [2013.04.24 17:21:18 | 000,000,000 | ---- | M] () -- C:\Users\Hrl\defogger_reenable [2013.04.24 17:20:19 | 000,050,477 | ---- | M] () -- C:\Users\Hrl\Desktop\Defogger.exe [2013.04.24 16:48:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hrl\Desktop\OTL.exe [2013.04.23 07:56:35 | 376,586,357 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.23 07:55:26 | 000,001,960 | ---- | M] () -- C:\Users\Hrl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 1050 J410 series.lnk [2013.04.20 11:16:12 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHrl.job [2013.04.19 15:43:59 | 001,530,086 | ---- | M] () -- C:\Users\Hrl\Documents\büchel.skp [2013.04.18 18:22:33 | 000,003,904 | -H-- | M] () -- C:\Users\Hrl\AppData\Local\cgiiqikm.ini [2013.04.16 19:03:57 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\PC SWOS-Total Pack.lnk [2013.04.13 09:45:20 | 000,001,097 | ---- | M] () -- C:\Users\Hrl\Desktop\Das Fussball Studio.lnk [2013.04.07 07:57:51 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk [2013.04.06 06:07:13 | 000,001,269 | ---- | M] () -- C:\Users\Hrl\Desktop\CM 12.lnk [2013.04.02 18:19:15 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2013.04.01 17:04:42 | 000,001,274 | ---- | M] () -- C:\Users\Hrl\Desktop\FIFA Creation Studio 13 - Verknüpfung.lnk [2013.04.01 16:41:53 | 000,001,221 | ---- | M] () -- C:\Users\Hrl\Desktop\FileM 12.lnk [2013.04.01 16:41:36 | 000,001,197 | ---- | M] () -- C:\Users\Hrl\Desktop\DBM 12.lnk [2013.03.31 19:08:23 | 000,010,539 | ---- | M] () -- C:\Users\Hrl\Documents\1.png [2013.03.31 19:03:53 | 000,009,701 | ---- | M] () -- C:\Users\Hrl\Documents\aba.fg [2013.03.29 20:37:21 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk [2013.03.29 20:25:49 | 000,000,110 | ---- | M] () -- C:\Windows\wininit.ini [2013.03.29 18:23:19 | 000,002,060 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2013.03.27 07:22:47 | 000,320,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.25 07:08:44 | 012,917,756 | ---- | C] () -- C:\Users\Hrl\Desktop\mbar-1.05.0.1001.zip [2013.04.25 06:46:44 | 000,619,461 | ---- | C] () -- C:\Users\Hrl\Desktop\adwcleaner.exe [2013.04.24 17:28:32 | 000,377,856 | ---- | C] () -- C:\Users\Hrl\Desktop\gmer_2.1.19163.exe [2013.04.24 17:21:18 | 000,000,000 | ---- | C] () -- C:\Users\Hrl\defogger_reenable [2013.04.24 17:20:19 | 000,050,477 | ---- | C] () -- C:\Users\Hrl\Desktop\Defogger.exe [2013.04.19 15:43:59 | 001,525,476 | ---- | C] () -- C:\Users\Hrl\Documents\büchel.skb [2013.04.18 18:22:33 | 000,003,904 | -H-- | C] () -- C:\Users\Hrl\AppData\Local\cgiiqikm.ini [2013.04.16 19:03:57 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\PC SWOS-Total Pack.lnk [2013.04.07 07:57:51 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk [2013.04.06 10:09:56 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll [2013.04.06 06:07:13 | 000,001,269 | ---- | C] () -- C:\Users\Hrl\Desktop\CM 12.lnk [2013.04.02 18:19:15 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 12.lnk [2013.04.01 17:04:42 | 000,001,274 | ---- | C] () -- C:\Users\Hrl\Desktop\FIFA Creation Studio 13 - Verknüpfung.lnk [2013.04.01 16:41:53 | 000,001,221 | ---- | C] () -- C:\Users\Hrl\Desktop\FileM 12.lnk [2013.04.01 16:41:36 | 000,001,197 | ---- | C] () -- C:\Users\Hrl\Desktop\DBM 12.lnk [2013.03.31 19:08:22 | 000,010,539 | ---- | C] () -- C:\Users\Hrl\Documents\1.png [2013.03.31 19:03:53 | 000,009,701 | ---- | C] () -- C:\Users\Hrl\Documents\aba.fg [2013.03.29 20:37:21 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk [2013.03.29 18:20:46 | 000,002,060 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg [2013.03.29 15:45:09 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini [2013.02.14 09:18:37 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.02.03 19:20:48 | 000,000,269 | ---- | C] () -- C:\Users\Hrl\.octave_hist [2013.02.03 10:07:01 | 000,000,868 | ---- | C] () -- C:\Users\Hrl\AppData\Local\recently-used.xbel [2013.01.05 14:54:03 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.08.20 20:23:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.08.04 00:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.02 10:53:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.08.02 10:53:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.07.25 22:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2012.07.25 22:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2012.07.25 22:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2011.09.13 04:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2012.08.20 20:51:55 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 25.04.2013 15:50:16 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hrl\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16484)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,59 Gb Total Physical Memory | 2,75 Gb Available Physical Memory | 76,76% Memory free
7,21 Gb Paging File | 6,25 Gb Available in Paging File | 86,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,69 Gb Total Space | 373,09 Gb Free Space | 82,78% Space Free | Partition Type: NTFS
Drive D: | 14,30 Gb Total Space | 1,89 Gb Free Space | 13,24% Space Free | Partition Type: NTFS
Drive E: | 6,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: CHRISTOPH | User Name: Hrl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D9DCA90-94F1-4F7C-B926-53425E05BCEE}" = rport=138 | protocol=17 | dir=out | app=system |
"{28BE1BA6-9E49-43ED-9240-67C2DDDBCB20}" = rport=137 | protocol=17 | dir=out | app=system |
"{372B2882-3DB6-4582-B0B8-94419BCD7705}" = lport=139 | protocol=6 | dir=in | app=system |
"{4DF403AA-63DD-4631-82B8-172A00075055}" = lport=137 | protocol=17 | dir=in | app=system |
"{6371972F-FD04-4380-AB1B-D5C89647608C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7D707C2B-66F3-49A3-B3A5-F1E752F23730}" = lport=445 | protocol=6 | dir=in | app=system |
"{A7D1084C-DC6D-43E3-BDFE-3F2420CC6D77}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B2901653-8BD3-4B50-9C4A-C49B9789C1AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B3ECBF8D-242F-4369-A4C2-AAB34ADA6483}" = rport=139 | protocol=6 | dir=out | app=system |
"{C89240F7-A358-4D26-B8A8-9A46A27D7FBC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D479AA52-9847-4EB0-BC8B-09017648001C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E915AB00-A3F1-4AA6-A7E1-8BA028440E7A}" = rport=445 | protocol=6 | dir=out | app=system |
"{E978E9A0-CA90-4689-AC35-EA3DDD08710F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F843D29C-AE2C-4953-80D0-A41D03BD1294}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003F020E-F751-4BA1-AA3D-CE9DA6F7F44E}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{03BBDF1C-4766-4E9B-A8B0-5D4874CB6B3D}" = protocol=6 | dir=in | app=c:\users\hrl\appdata\local\temp\7zsd838.tmp\symnrt.exe |
"{0505E55B-81E9-49CB-BCC3-21F15FFA25E5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{065C6EDB-D432-43C4-92AE-983366CA597A}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{085BD021-3284-40E3-B411-05AF6229B1E2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe |
"{0878202E-1313-4036-9D33-EB2DE2373B89}" = protocol=6 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe |
"{15CF9A0B-9F8B-44CE-8A02-42A56B2BE232}" = dir=out | name=getting started with windows 8 |
"{15EDF370-A169-4BA5-A9F5-C9778DAF5653}" = dir=out | name=ebay |
"{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 |
"{1CE5F3FD-C5AF-44F1-93B4-9DFA7AA3868F}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{1D145B11-FA39-4220-8813-CC1BDF107C0A}" = dir=in | name=kindle |
"{1D71000A-A704-4878-A740-4FEA917BCACC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2B8A66FE-5B03-4319-85E7-AFAEFE11A7CC}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{3253464F-1DEB-48E1-A5E1-C85ADAC6A76A}" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"{32ABBA5C-45AC-41DF-A1C4-157F93910978}" = dir=out | name=kindle |
"{3CF5B02B-BEC6-4E26-9D22-55672E4E394B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{44E69452-D0F6-4C11-99FB-D632FAE2E1B0}" = dir=out | name=hp registration |
"{46EFF4D3-F7C1-437F-B11E-F07F2C99CE98}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{491EEF38-A02E-40A8-B8F9-39B88A3D0194}" = dir=out | name=norton studio |
"{51FBA43D-26DB-419F-B408-952E06B226BA}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{53222944-180D-4AE8-8C8B-8DE3304AC5E5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5D2F28CB-FBCF-4826-8948-F1F979755387}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{5FDD5E75-A5EA-4924-BC32-3414B75730EF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6403A10B-4EAE-4783-9932-490312223085}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{752E46C7-B1FA-46D1-BC6E-6E49143FF346}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7E741563-8C40-4B77-BB74-2B813CB0384D}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{82C0D8CD-7B8D-4A01-B74E-9DA90AE8000F}" = dir=out | name=hp connected photo powered by snapfish |
"{82EF04DF-3D6C-4D13-9407-CA51EFC17CA6}" = dir=in | name=ebay |
"{8370EB6F-64E4-40A9-9093-EAB4FB6270A7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8468B233-D95F-4688-A6ED-2ED33D446E88}" = dir=out | name=skype |
"{85C46F73-7EC9-48E6-A7F7-5E2FA8477735}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8CC9B20F-5F4E-4555-A5F1-D68860A73D5D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{8F3D5532-A371-4EE5-BB85-754B94DC12B3}" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 10\fifa10.exe |
"{9002D236-6A69-4E2B-BA72-2EB24ABC4517}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9582728C-9537-4130-A13A-E029C198CA4F}" = protocol=6 | dir=in | app=c:\users\hrl\downloads\cm10_beta_3.exe |
"{95A2DCFE-C77D-4193-B8BF-6B43F64E55B4}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{9C73D7F0-418E-45C5-8E5E-3A2DE9883F9C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{9CD70374-F221-487E-812F-0A1CE47F7CF0}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{A296A1A2-BB6A-45C6-ADDB-3D4C40B3DD57}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{A87BD2DA-A780-4E5A-882C-FF1F2A0AB077}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AA1CABE1-F9C0-49E6-AD13-D51EF66B0C11}" = protocol=17 | dir=in | app=c:\users\hrl\downloads\cm10_beta_3.exe |
"{B39174C0-4639-4049-A4EC-B687EA845056}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{B96D8107-3864-4483-8815-5ABD260E151D}" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 10\fifa10.exe |
"{C4C3F9ED-4F35-4B00-AB03-682D6B65DCE0}" = protocol=17 | dir=in | app=c:\users\hrl\appdata\local\temp\7zsd838.tmp\symnrt.exe |
"{CA55B394-8FD4-4594-B317-6E9CF198A744}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{CF897716-81AA-4A6F-89C6-60D523B63653}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{D13E357E-EDB4-4B53-BE51-9B41394E027C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D300F09B-9C6F-4344-A544-A3C62A1323FE}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{D5EBE7EF-55ED-4ADF-8AC3-A1E8277735B9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D609A076-F719-42F6-BDE4-6AA63C9C6329}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{D6AE7093-3B4C-46CD-96C1-887DA1FDF6DD}" = dir=in | name=skype |
"{D6C45A34-6ECA-4E90-A668-97F58AC69606}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0A18A3C-1D10-43E1-9B5C-56A9626DD5A5}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E52DE610-063F-4F26-8316-C457B2A19EAA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8CF42A2-A934-440C-B8E1-EA86C1F34B26}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{EA05C822-D9E7-4A7A-BC8D-6A943FB3F182}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{ED7C903F-0709-4869-88AC-888B6B018B9C}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{F5358C8A-CF15-4CA4-BD00-5EDA1F249751}" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"{F6506514-4C52-415E-9576-C27560A709FF}" = dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"TCP Query User{6E4050E5-1146-4FEE-973B-6D989D4C4315}C:\program files (x86)\origin\legacypm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe |
"TCP Query User{7EC9BC78-79B9-4165-8DAA-67A099956073}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{7F148541-C67F-4916-8F63-C2C29A45DBD1}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{36E10D39-F72B-4440-B85E-8515F305CD48}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{48E259C7-35B2-4D3D-AAFC-0D676C15D320}C:\program files (x86)\origin\legacypm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin\legacypm\core.exe |
"UDP Query User{A9869C3D-B5C0-449B-8B79-368091276998}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{63ADEC24-A374-80A8-E89B-BE401C787F75}" = AMD Catalyst Install Manager
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A79A9231-0A5A-9384-21D0-DB753C2BE59B}" = AMD Fuel
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C3F12DD0-54B1-4B2B-A82B-FA43502BC550}" = HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{E82EC5DF-28FD-C8F4-ED08-B88728158260}" = ccc-utility64
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Blender" = Blender
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0123AB93-E7A4-7F40-83B6-41EC2CF84B3F}" = CCC Help Dutch
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C3B99D2-35D0-6993-3C4B-A759419A8678}" = CCC Help Korean
"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center
"{0D36378E-B482-433F-9E9F-545367ED0511}" = PhoX - Photogrammetric Calculation System
"{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding
"{1225C0F8-AB1A-BE3A-CD0C-DB8CA1613940}" = CCC Help Greek
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{285B4FB8-207C-4CBA-BF3C-0AF1FFAA4123}" = Microsoft Windows Build 8250 Retail Debugging Symbols for x64
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C41A693-28E1-4335-A738-528B09DB600C}" = CCC Help Thai
"{3C458872-A5BB-89F3-933C-2406F6D9E6F8}" = CCC Help Finnish
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch
"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager
"{52A3FC19-6F84-F293-08C6-80A1D2F7477F}" = CCC Help Swedish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CD2FE1D-A3DB-F273-2798-EFAACF8492A5}" = CCC Help Portuguese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A66D912-541C-54C6-43E6-17AF24700B91}" = CCC Help German
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C8FF546-B0C0-0935-2F5E-7DC2DA727CFD}" = CCC Help Czech
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
"{734846E6-3E7A-04AC-0612-638A1D8A63F8}" = CCC Help Russian
"{747F3993-036E-5F4F-1B82-7DA844B73966}" = Catalyst Control Center Localization All
"{793ED091-3F14-4968-3864-5C8A7727A5DA}" = CCC Help Chinese Standard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E7CB625-076C-4812-87B9-A2695C2CFABF}" = HP Documentation
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{9285EABA-D88C-4A8A-6E9D-5F55BF03E46F}" = Catalyst Control Center InstallProxy
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93EB60BA-458D-FBE6-E466-CD170080E719}" = CCC Help Polish
"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C0F4CBD-8543-96CC-46F1-75E57B1B22A6}" = Catalyst Control Center Graphics Previews Common
"{9EF69B68-6DFE-F916-2D6E-E486D21A26C2}" = CCC Help Spanish
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1E7FE70-3B18-5BA2-8032-2547FC636A50}" = CCC Help Japanese
"{B424890D-64FC-E0D1-4A17-4B512CA45CD9}" = CCC Help Italian
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant
"{BE64A239-E22E-9D77-AA57-36AE0443EC2F}" = CCC Help Chinese Traditional
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2FBB88A-65AA-6751-25EC-6A9046FA5F3B}" = Windows Driver Kit
"{C5C62359-A304-4C6B-B2F0-63AB58F9CBB8}_is1" = PC SWOS-Total Pack version V1.5
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF8C33C1-C978-527D-E0AF-530882DEB146}" = AMD VISION Engine Control Center
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5DC9541-12F0-59CF-9430-1136D5A58BD0}" = CCC Help Hungarian
"{D7FBE7DC-A18F-4DFF-80BB-A478E4E09CF7}" = CCC Help Danish
"{DC3C5C4A-1869-A99C-3AE4-55E0191105F0}" = CCC Help Norwegian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{EB2CDF95-92D4-AC57-63B1-4E7F0BD8F9B8}" = CCC Help French
"{ECA42F46-D80E-AD40-18FB-4BF64491CEE3}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f65530f7-1696-4fcd-8876-37cdcacdbd4c}" = Windows Driver Kit
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.5.2 (Beta)
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF282A38-D10B-E302-FBAD-5903C9DD9A5B}" = CCC Help Turkish
"Creation Master 12_is1" = Creation Master 12 Beta 6
"DB Master 12_is1" = DB Master 12 Beta 2
"Digitale Bibliothek 4" = Digitale Bibliothek 4
"File Master 12_is1" = File Master 12 Release 12.0
"GCstar" = GCstar 1.6.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"Notepad++" = Notepad++
"Origin" = Origin
"WinLiveSuite" = Windows Live Essentials
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
< End of report >
Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 16:10 on 25/04/2013 by Hrl
Administrator - Elevation successful
========== filefind ==========
Searching for "*PutLockerDownloader*"
C:\Users\Hrl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3C3DSZ1\PutLockerDownloader[1].exe --a---- 1117808 bytes [14:47 01/04/2013] [14:47 01/04/2013] 2222C63F23A895B88D418F543F143F5D
C:\Users\Hrl\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\putlockerdownloader2@putlockerdownloader.com.xpi --a---- 214122 bytes [10:58 11/02/2013] [10:58 11/02/2013] 985AC93755E0BE63531966D64A299E2F
Searching for "*Babylon*"
C:\Users\Hrl\AppData\Local\Temp\A7B6E0F6-BAB0-7891-BEB6-86C5B5794BB1\Latest\Babylon.dat --a---- 12384 bytes [12:17 19/02/2013] [12:17 19/02/2013] 825E5733974586A0A1229A53361ED13E
C:\Users\Hrl\AppData\Local\Temp\A7B6E0F6-BAB0-7891-BEB6-86C5B5794BB1\Latest\MyBabylonTB.exe --a---- 2028384 bytes [13:15 23/01/2013] [13:15 23/01/2013] 42D8EBB6DCB232E81F93CD4F280058DC
Searching for "*SoftSafe*"
No files found.
Searching for "*1ClickDownload*"
No files found.
Searching for "*DataMngr*"
No files found.
Searching for "*Softonic*"
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2YW6QVBT\football-manager-2013.en.softonic[1].xml --a---- 13 bytes [15:20 23/03/2013] [15:20 23/03/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PSZNT4H\en.softonic[1].xml --a---- 13 bytes [15:03 22/02/2013] [06:53 24/03/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PSZNT4H\league-scheduler.en.softonic[1].xml --a---- 13 bytes [15:06 22/02/2013] [15:06 22/02/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\5PSZNT4H\sensible-soccer-2006.softonic[1].xml --a---- 13 bytes [06:59 24/03/2013] [07:01 24/03/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NY5GL6KW\art-of-illusion.softonic[1].xml --a---- 13 bytes [14:40 15/04/2013] [14:40 15/04/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NY5GL6KW\blender-64bits.softonic[1].xml --a---- 13 bytes [17:45 23/01/2013] [17:45 23/01/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\NY5GL6KW\fifa-manager-13.softonic[1].xml --a---- 13 bytes [07:52 24/03/2013] [07:52 24/03/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\S5TQSZ52\gimp.softonic[1].xml --a---- 13 bytes [16:19 25/12/2012] [16:19 25/12/2012] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\S5TQSZ52\microsoft-soccer-scoreboard.en.softonic[1].xml --a---- 13 bytes [15:03 22/02/2013] [15:03 22/02/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\S5TQSZ52\sculptris.softonic[1].xml --a---- 13 bytes [14:38 15/04/2013] [14:41 15/04/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\S5TQSZ52\www.softonic[1].xml --a---- 13 bytes [17:45 23/01/2013] [07:01 24/03/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_gimp.exe --a---- 373424 bytes [16:20 25/12/2012] [16:20 25/12/2012] 4BC80A8F90C059950CE07D30EE1B1CF2
C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe --a---- 393064 bytes [07:00 24/03/2013] [07:00 24/03/2013] 0F3007119ECDDB7736EE08627746C0C6
C:\Windows\Prefetch\SOFTONICDOWNLOADER_FUER_SENSI-BB758226.pf --a---- 131550 bytes [07:14 24/03/2013] [13:31 25/03/2013] 5778B51D311894B73197E1F5C8EE821B
========== folderfind ==========
Searching for "*PutLockerDownloader*"
No folders found.
Searching for "*Babylon*"
No folders found.
Searching for "*SoftSafe*"
No folders found.
Searching for "*1ClickDownload*"
No folders found.
Searching for "*DataMngr*"
No folders found.
Searching for "*Softonic*"
C:\Users\Hrl\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\K4N2TRY4\static.softonic.de d------ [16:28 25/12/2012]
C:\Users\Hrl\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.softonic.de d------ [16:28 25/12/2012]
========== regfind ==========
Searching for "PutLockerDownloader"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PutLockerDownloader.com\PutLockerDownloader.exe.FriendlyAppName"="PutLockerDownloader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dnnajmlhehgnkclpdlggknanmcplloej]
"path"="C:\Program Files (x86)\PutLockerDownloader\PutLockerDownloader10.crx"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PutLockerDownloader.com\PutLockerDownloader.exe.FriendlyAppName"="PutLockerDownloader"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\PutLockerDownloader.com\PutLockerDownloader.exe.FriendlyAppName"="PutLockerDownloader"
Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
Searching for "SoftSafe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Hrl\Downloads\FIFA_Creation_Studio_13_Basic_13.0.3.rar.exe.ApplicationCompany"="SoftSafe"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Hrl\Downloads\FIFA_Creation_Studio_13_Basic_13.0.3.rar.exe.ApplicationCompany"="SoftSafe"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Hrl\Downloads\FIFA_Creation_Studio_13_Basic_13.0.3.rar.exe.ApplicationCompany"="SoftSafe"
Searching for "1ClickDownload"
No data found.
Searching for "DataMngr"
No data found.
Searching for "Softonic"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
"Path"="C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe"
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
[HKEY_CURRENT_USER\Software\Microsoft\IntelliType Pro\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
"Path"="C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\49df99ef_0]
@="{2}.\\?\hdaudio#func_01&ven_1002&dev_aa01&subsys_00aa0100&rev_1002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\e0hdmiout2topo/00010001|\Device\HarddiskVolume4\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ec4b3745_0]
@="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0269&subsys_103c1885&rev_1002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume4\Users\Hrl\Downloads\SoftonicDownloader_fuer_gimp.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de]
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\IntelliPoint\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\IntelliPoint\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
"Path"="C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\IntelliType Pro\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\IntelliType Pro\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
"Path"="C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\49df99ef_0]
@="{2}.\\?\hdaudio#func_01&ven_1002&dev_aa01&subsys_00aa0100&rev_1002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\e0hdmiout2topo/00010001|\Device\HarddiskVolume4\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ec4b3745_0]
@="{2}.\\?\hdaudio#func_01&ven_10ec&dev_0269&subsys_103c1885&rev_1002#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\singlelineouttopo/00010001|\Device\HarddiskVolume4\Users\Hrl\Downloads\SoftonicDownloader_fuer_gimp.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com]
[HKEY_USERS\S-1-5-21-919890997-1340977237-2831244317-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de]
Searching for " "
[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 1\Target Id 0\Logical Unit Id 0]
"SerialNumber"="M32CA3C0253 "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Enabled="true" > <InitializationParameters> <Param Name="PSVersion" Value="3.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Reso
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell.Workflow]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell.workflow" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" UseSharedProcess="true" ProcessIdleTimeoutSec="28800" RunAsUser="" RunAsPassword="" AutoRestart="false" Enabled="true" > <InitializationParameters> <Param Name="PSVersion" Value="3.0"/> <Param Name="AssemblyName" Value="Microsoft.PowerShell.Workflow.ServiceCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"/> <Param Name="PSSessionConfigurationTypeName" Value="Microsoft.PowerShell.Workflow.PSWorkflowSessionConfiguration"/> <Param Name="SessionConfigurationData" Value="
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="2" XmlRenderingType="text" Architecture="32" Enabled="true" > <InitializationParameters> <Param Name="PSVersion" Value="3.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;RM)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
-= EOF =-
|
|
25.04.2013, 15:30
| #10 |
| | BSOD-Maustreiber oder doch Virus?Code:
ATTFilter 16:27:50.0909 2248 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:27:50.0909 2248 UEFI system
16:27:51.0205 2248 ============================================================
16:27:51.0205 2248 Current date / time: 2013/04/25 16:27:51.0205
16:27:51.0205 2248 SystemInfo:
16:27:51.0205 2248
16:27:51.0205 2248 OS Version: 6.2.9200 ServicePack: 0.0
16:27:51.0205 2248 Product type: Workstation
16:27:51.0205 2248 ComputerName: CHRISTOPH
16:27:51.0205 2248 UserName: Hrl
16:27:51.0205 2248 Windows directory: C:\Windows
16:27:51.0205 2248 System windows directory: C:\Windows
16:27:51.0205 2248 Running under WOW64
16:27:51.0205 2248 Processor architecture: Intel x64
16:27:51.0205 2248 Number of processors: 2
16:27:51.0205 2248 Page size: 0x1000
16:27:51.0205 2248 Boot type: Normal boot
16:27:51.0205 2248 ============================================================
16:27:52.0079 2248 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:27:52.0079 2248 ============================================================
16:27:52.0079 2248 \Device\Harddisk0\DR0:
16:27:52.0079 2248 GPT partitions:
16:27:52.0079 2248 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {99B6817F-9A1F-4086-B586-3EFD8A288974}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
16:27:52.0079 2248 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {C31E054D-997D-42B2-8844-F49C62C1796E}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
16:27:52.0079 2248 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {C3A840F4-3E7D-4F90-8433-722F4919268E}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
16:27:52.0079 2248 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FEAABB5D-B3E3-4D03-8610-312941BFE1B9}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x38563800
16:27:52.0079 2248 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A20DB402-8594-4B19-8542-9D9C4F496E1E}, Name: Basic data partition, StartLBA 0x386EE000, BlocksNum 0x1C98000
16:27:52.0079 2248 MBR partitions:
16:27:52.0079 2248 ============================================================
16:27:52.0110 2248 C: <-> \Device\Harddisk0\DR0\Partition4
16:27:52.0157 2248 D: <-> \Device\Harddisk0\DR0\Partition5
16:27:52.0157 2248 ============================================================
16:27:52.0157 2248 Initialize success
16:27:52.0157 2248 ============================================================
16:28:09.0380 1076 ============================================================
16:28:09.0380 1076 Scan started
16:28:09.0380 1076 Mode: Manual; SigCheck; TDLFS;
16:28:09.0380 1076 ============================================================
16:28:10.0269 1076 ================ Scan system memory ========================
16:28:10.0269 1076 System memory - ok
16:28:10.0269 1076 ================ Scan services =============================
16:28:10.0504 1076 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
16:28:10.0613 1076 1394ohci - ok
16:28:10.0644 1076 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
16:28:10.0675 1076 3ware - ok
16:28:10.0754 1076 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:28:10.0847 1076 ACPI - ok
16:28:10.0894 1076 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
16:28:10.0925 1076 acpiex - ok
16:28:10.0956 1076 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
16:28:11.0003 1076 acpipagr - ok
16:28:11.0019 1076 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
16:28:11.0081 1076 AcpiPmi - ok
16:28:11.0097 1076 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
16:28:11.0144 1076 acpitime - ok
16:28:11.0175 1076 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:28:11.0222 1076 adp94xx - ok
16:28:11.0253 1076 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:28:11.0377 1076 adpahci - ok
16:28:11.0409 1076 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:28:11.0456 1076 adpu320 - ok
16:28:11.0502 1076 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:28:11.0533 1076 AeLookupSvc - ok
16:28:11.0596 1076 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
16:28:11.0627 1076 AERTFilters - ok
16:28:11.0674 1076 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
16:28:11.0736 1076 AFD - ok
16:28:11.0768 1076 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:28:11.0799 1076 agp440 - ok
16:28:11.0830 1076 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
16:28:11.0877 1076 ALG - ok
16:28:11.0908 1076 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
16:28:11.0955 1076 AllUserInstallAgent - ok
16:28:11.0986 1076 [ 1F500945F87AA517BD2F049256B304DD ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:28:12.0064 1076 AMD External Events Utility - ok
16:28:12.0111 1076 AMD FUEL Service - ok
16:28:12.0158 1076 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
16:28:12.0204 1076 AmdK8 - ok
16:28:12.0438 1076 [ 2A831A7F9031B5BBA6EF189381D65228 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:28:12.0844 1076 amdkmdag - ok
16:28:12.0891 1076 [ B9ACB2AA40709E060CDC34F13F1C9C8F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:28:12.0969 1076 amdkmdap - ok
16:28:13.0016 1076 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
16:28:13.0062 1076 AmdPPM - ok
16:28:13.0109 1076 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:28:13.0140 1076 amdsata - ok
16:28:13.0156 1076 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:28:13.0203 1076 amdsbs - ok
16:28:13.0218 1076 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:28:13.0250 1076 amdxata - ok
16:28:13.0281 1076 [ A2EFE3869B976296E097DEF368280F95 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
16:28:13.0328 1076 amd_sata - ok
16:28:13.0359 1076 [ 625396421C29FB305C6C6235D01130B8 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
16:28:13.0374 1076 amd_xata - ok
16:28:13.0437 1076 [ 823F34D1DEF120A657BB7529ABF4461F ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
16:28:13.0484 1076 AppHostSvc - ok
16:28:13.0515 1076 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
16:28:13.0562 1076 AppID - ok
16:28:13.0593 1076 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:28:13.0640 1076 AppIDSvc - ok
16:28:13.0655 1076 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\Windows\System32\appinfo.dll
16:28:13.0718 1076 Appinfo - ok
16:28:13.0749 1076 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
16:28:13.0780 1076 arc - ok
16:28:13.0811 1076 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:28:13.0842 1076 arcsas - ok
16:28:13.0967 1076 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:28:14.0014 1076 aspnet_state - ok
16:28:14.0030 1076 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:28:14.0076 1076 AsyncMac - ok
16:28:14.0108 1076 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
16:28:14.0139 1076 atapi - ok
16:28:14.0170 1076 [ 506907D2E7F3A5B67DBD39C00A788B7C ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW86.sys
16:28:14.0186 1076 AtiHDAudioService - ok
16:28:14.0233 1076 [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
16:28:14.0279 1076 AudioEndpointBuilder - ok
16:28:14.0326 1076 [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:28:14.0388 1076 Audiosrv - ok
16:28:14.0435 1076 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:28:14.0466 1076 AxInstSV - ok
16:28:14.0513 1076 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:28:14.0560 1076 b06bdrv - ok
16:28:14.0591 1076 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
16:28:14.0638 1076 BasicDisplay - ok
16:28:14.0654 1076 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
16:28:14.0700 1076 BasicRender - ok
16:28:14.0732 1076 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
16:28:14.0794 1076 BDESVC - ok
16:28:14.0825 1076 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
16:28:14.0905 1076 Beep - ok
16:28:14.0967 1076 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
16:28:15.0014 1076 BFE - ok
16:28:15.0061 1076 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
16:28:15.0123 1076 BITS - ok
16:28:15.0170 1076 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:28:15.0201 1076 Bonjour Service - ok
16:28:15.0217 1076 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:28:15.0263 1076 bowser - ok
16:28:15.0310 1076 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
16:28:15.0357 1076 BrokerInfrastructure - ok
16:28:15.0404 1076 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
16:28:15.0451 1076 Browser - ok
16:28:15.0482 1076 [ 3AA4309EBD9491E516F13FE3DC752FEE ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
16:28:15.0513 1076 BthAvrcpTg - ok
16:28:15.0544 1076 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
16:28:15.0607 1076 BthHFEnum - ok
16:28:15.0653 1076 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
16:28:15.0700 1076 bthhfhid - ok
16:28:15.0732 1076 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
16:28:15.0794 1076 BTHMODEM - ok
16:28:15.0825 1076 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
16:28:15.0872 1076 bthserv - ok
16:28:15.0903 1076 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:28:15.0950 1076 cdfs - ok
16:28:15.0981 1076 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
16:28:16.0028 1076 cdrom - ok
16:28:16.0075 1076 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
16:28:16.0106 1076 CertPropSvc - ok
16:28:16.0153 1076 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
16:28:16.0231 1076 circlass - ok
16:28:16.0262 1076 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
16:28:16.0309 1076 CLFS - ok
16:28:16.0356 1076 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
16:28:16.0387 1076 CmBatt - ok
16:28:16.0434 1076 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys
16:28:16.0496 1076 CNG - ok
16:28:16.0543 1076 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
16:28:16.0621 1076 CompositeBus - ok
16:28:16.0636 1076 COMSysApp - ok
16:28:16.0668 1076 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
16:28:16.0699 1076 condrv - ok
16:28:16.0746 1076 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:28:16.0777 1076 CryptSvc - ok
16:28:16.0824 1076 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys
16:28:16.0855 1076 dam - ok
16:28:16.0886 1076 [ BA25D4B9B067248F7CAC416E855D706B ] dc3d C:\Windows\System32\drivers\dc3d.sys
16:28:16.0901 1076 dc3d - ok
16:28:16.0948 1076 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
16:28:17.0026 1076 DcomLaunch - ok
16:28:17.0073 1076 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:28:17.0136 1076 defragsvc - ok
16:28:17.0167 1076 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
16:28:17.0245 1076 DeviceAssociationService - ok
16:28:17.0292 1076 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
16:28:17.0338 1076 DeviceInstall - ok
16:28:17.0385 1076 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
16:28:17.0416 1076 Dfsc - ok
16:28:17.0463 1076 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:28:17.0541 1076 Dhcp - ok
16:28:17.0588 1076 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
16:28:17.0635 1076 discache - ok
16:28:17.0666 1076 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
16:28:17.0697 1076 disk - ok
16:28:17.0728 1076 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
16:28:17.0759 1076 dmvsc - ok
16:28:17.0806 1076 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:28:17.0853 1076 Dnscache - ok
16:28:17.0900 1076 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
16:28:17.0947 1076 dot3svc - ok
16:28:17.0978 1076 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
16:28:18.0040 1076 DPS - ok
16:28:18.0087 1076 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:28:18.0118 1076 drmkaud - ok
16:28:18.0150 1076 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
16:28:18.0212 1076 DsmSvc - ok
16:28:18.0274 1076 [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:28:18.0368 1076 DXGKrnl - ok
16:28:18.0399 1076 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
16:28:18.0446 1076 Eaphost - ok
16:28:18.0540 1076 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:28:18.0727 1076 ebdrv - ok
16:28:18.0758 1076 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe
16:28:18.0805 1076 EFS - ok
16:28:18.0836 1076 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
16:28:18.0883 1076 EhStorClass - ok
16:28:18.0914 1076 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
16:28:18.0945 1076 EhStorTcgDrv - ok
16:28:18.0961 1076 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
16:28:18.0992 1076 ErrDev - ok
16:28:19.0070 1076 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
16:28:19.0132 1076 EventSystem - ok
16:28:19.0179 1076 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
16:28:19.0226 1076 exfat - ok
16:28:19.0257 1076 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:28:19.0304 1076 fastfat - ok
16:28:19.0351 1076 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
16:28:19.0413 1076 Fax - ok
16:28:19.0445 1076 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
16:28:19.0491 1076 fdc - ok
16:28:19.0523 1076 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
16:28:19.0569 1076 fdPHost - ok
16:28:19.0585 1076 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
16:28:19.0647 1076 FDResPub - ok
16:28:19.0694 1076 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll
16:28:19.0741 1076 fhsvc - ok
16:28:19.0756 1076 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:28:19.0788 1076 FileInfo - ok
16:28:19.0819 1076 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:28:19.0866 1076 Filetrace - ok
16:28:19.0913 1076 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
16:28:19.0944 1076 flpydisk - ok
16:28:19.0975 1076 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:28:20.0022 1076 FltMgr - ok
16:28:20.0084 1076 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll
16:28:20.0162 1076 FontCache - ok
16:28:20.0225 1076 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:28:20.0240 1076 FontCache3.0.0.0 - ok
16:28:20.0287 1076 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:28:20.0302 1076 FsDepends - ok
16:28:20.0334 1076 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:28:20.0349 1076 Fs_Rec - ok
16:28:20.0412 1076 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:28:20.0458 1076 fvevol - ok
16:28:20.0505 1076 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
16:28:20.0536 1076 FxPPM - ok
16:28:20.0583 1076 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:28:20.0614 1076 gagp30kx - ok
16:28:20.0630 1076 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
16:28:20.0661 1076 gencounter - ok
16:28:20.0708 1076 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
16:28:20.0739 1076 GPIOClx0101 - ok
16:28:20.0802 1076 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
16:28:20.0895 1076 gpsvc - ok
16:28:21.0004 1076 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:21.0036 1076 gupdate - ok
16:28:21.0051 1076 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:28:21.0067 1076 gupdatem - ok
16:28:21.0083 1076 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:28:21.0114 1076 gusvc - ok
16:28:21.0145 1076 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:28:21.0207 1076 HdAudAddService - ok
16:28:21.0239 1076 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
16:28:21.0285 1076 HDAudBus - ok
16:28:21.0317 1076 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
16:28:21.0363 1076 HidBatt - ok
16:28:21.0395 1076 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\Windows\System32\drivers\hidbth.sys
16:28:21.0457 1076 HidBth - ok
16:28:21.0504 1076 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
16:28:21.0535 1076 hidi2c - ok
16:28:21.0582 1076 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
16:28:21.0629 1076 HidIr - ok
16:28:21.0675 1076 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll
16:28:21.0722 1076 hidserv - ok
16:28:21.0738 1076 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
16:28:21.0800 1076 HidUsb - ok
16:28:21.0863 1076 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:28:21.0909 1076 hkmsvc - ok
16:28:21.0956 1076 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:28:22.0003 1076 HomeGroupListener - ok
16:28:22.0050 1076 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:28:22.0112 1076 HomeGroupProvider - ok
16:28:22.0190 1076 [ 6515296E8F9D81BB6C4588C4878A9AC1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:28:22.0206 1076 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning
16:28:22.0206 1076 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1)
16:28:22.0299 1076 [ 514455F6586473791C5C6B25BA4E1BAB ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
16:28:22.0362 1076 hpqwmiex - ok
16:28:22.0393 1076 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:28:22.0424 1076 HpSAMD - ok
16:28:22.0455 1076 [ F50912B0A861ED396F6062E79C37A4A7 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
16:28:22.0471 1076 HPWMISVC - ok
16:28:22.0533 1076 [ 29CB98187BB5711F7759540976D295FC ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:28:22.0611 1076 HTTP - ok
16:28:22.0643 1076 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:28:22.0674 1076 hwpolicy - ok
16:28:22.0705 1076 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
16:28:22.0736 1076 hyperkbd - ok
16:28:22.0767 1076 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
16:28:22.0814 1076 HyperVideo - ok
16:28:22.0830 1076 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
16:28:22.0877 1076 i8042prt - ok
16:28:22.0923 1076 [ 050F2539E14F9D5E90A4B61738EC29BD ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
16:28:22.0970 1076 iaStorA - ok
16:28:23.0001 1076 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:28:23.0064 1076 iaStorV - ok
16:28:23.0157 1076 [ ABEFA4BD23329FD9BD47496BF2E58774 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
16:28:23.0235 1076 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
16:28:23.0235 1076 IconMan_R - detected UnsignedFile.Multi.Generic (1)
16:28:23.0314 1076 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:28:23.0329 1076 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:28:23.0329 1076 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:28:23.0594 1076 [ 83915E05E168AB63B48302F7DC5D8E00 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
16:28:24.0000 1076 igfx - ok
16:28:24.0031 1076 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:28:24.0062 1076 iirsp - ok
16:28:24.0125 1076 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll
16:28:24.0203 1076 IKEEXT - ok
16:28:24.0359 1076 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:28:24.0530 1076 IntcAzAudAddService - ok
16:28:24.0562 1076 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
16:28:24.0577 1076 intelide - ok
16:28:24.0608 1076 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys
16:28:24.0655 1076 intelppm - ok
16:28:24.0671 1076 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:28:24.0718 1076 IpFilterDriver - ok
16:28:24.0780 1076 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:28:24.0842 1076 iphlpsvc - ok
16:28:24.0874 1076 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
16:28:24.0905 1076 IPMIDRV - ok
16:28:24.0920 1076 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:28:24.0967 1076 IPNAT - ok
16:28:24.0998 1076 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:28:25.0045 1076 IRENUM - ok
16:28:25.0061 1076 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:28:25.0092 1076 isapnp - ok
16:28:25.0139 1076 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
16:28:25.0170 1076 iScsiPrt - ok
16:28:25.0217 1076 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
16:28:25.0248 1076 kbdclass - ok
16:28:25.0264 1076 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
16:28:25.0310 1076 kbdhid - ok
16:28:25.0342 1076 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
16:28:25.0373 1076 kdnic - ok
16:28:25.0388 1076 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe
16:28:25.0435 1076 KeyIso - ok
16:28:25.0482 1076 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:28:25.0513 1076 KSecDD - ok
16:28:25.0560 1076 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:28:25.0591 1076 KSecPkg - ok
16:28:25.0622 1076 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:28:25.0669 1076 ksthunk - ok
16:28:25.0716 1076 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:28:25.0763 1076 KtmRm - ok
16:28:25.0810 1076 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll
16:28:25.0856 1076 LanmanServer - ok
16:28:25.0888 1076 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:28:25.0934 1076 LanmanWorkstation - ok
16:28:25.0981 1076 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:28:26.0028 1076 lltdio - ok
16:28:26.0075 1076 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:28:26.0137 1076 lltdsvc - ok
16:28:26.0168 1076 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:28:26.0200 1076 lmhosts - ok
16:28:26.0231 1076 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:28:26.0262 1076 LSI_SAS - ok
16:28:26.0293 1076 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:28:26.0324 1076 LSI_SAS2 - ok
16:28:26.0356 1076 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:28:26.0387 1076 LSI_SCSI - ok
16:28:26.0418 1076 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
16:28:26.0449 1076 LSI_SSS - ok
16:28:26.0480 1076 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\Windows\System32\lsm.dll
16:28:26.0527 1076 LSM - ok
16:28:26.0558 1076 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
16:28:26.0621 1076 luafv - ok
16:28:26.0668 1076 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
16:28:26.0683 1076 megasas - ok
16:28:26.0714 1076 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:28:26.0761 1076 MegaSR - ok
16:28:26.0824 1076 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll
16:28:26.0855 1076 MMCSS - ok
16:28:26.0870 1076 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
16:28:26.0933 1076 Modem - ok
16:28:26.0948 1076 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:28:26.0995 1076 monitor - ok
16:28:27.0026 1076 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
16:28:27.0058 1076 mouclass - ok
16:28:27.0073 1076 [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid C:\Windows\System32\drivers\mouhid.sys
16:28:27.0104 1076 mouhid - ok
16:28:27.0136 1076 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:28:27.0167 1076 mountmgr - ok
16:28:27.0198 1076 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:28:27.0229 1076 mpsdrv - ok
16:28:27.0292 1076 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:28:27.0370 1076 MpsSvc - ok
16:28:27.0401 1076 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:28:27.0448 1076 MRxDAV - ok
16:28:27.0510 1076 [ 877D60D6E4156EC4A2E0B6871D41BED9 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:28:27.0557 1076 mrxsmb - ok
16:28:27.0604 1076 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:28:27.0650 1076 mrxsmb10 - ok
16:28:27.0666 1076 [ E078446D4B8622AA6030C7B8A1A08962 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:28:27.0713 1076 mrxsmb20 - ok
16:28:27.0744 1076 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
16:28:27.0791 1076 MsBridge - ok
16:28:27.0838 1076 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
16:28:27.0884 1076 MSDTC - ok
16:28:27.0931 1076 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:28:27.0978 1076 Msfs - ok
16:28:28.0009 1076 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
16:28:28.0040 1076 msgpiowin32 - ok
16:28:28.0072 1076 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:28:28.0087 1076 mshidkmdf - ok
16:28:28.0119 1076 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
16:28:28.0150 1076 mshidumdf - ok
16:28:28.0165 1076 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:28:28.0196 1076 msisadrv - ok
16:28:28.0228 1076 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:28:28.0274 1076 MSiSCSI - ok
16:28:28.0290 1076 msiserver - ok
16:28:28.0321 1076 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:28:28.0368 1076 MSKSSRV - ok
16:28:28.0384 1076 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
16:28:28.0430 1076 MsLldp - ok
16:28:28.0462 1076 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:28:28.0493 1076 MSPCLOCK - ok
16:28:28.0524 1076 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:28:28.0571 1076 MSPQM - ok
16:28:28.0602 1076 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:28:28.0649 1076 MsRPC - ok
16:28:28.0711 1076 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
16:28:28.0727 1076 mssmbios - ok
16:28:28.0758 1076 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:28:28.0789 1076 MSTEE - ok
16:28:28.0805 1076 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
16:28:28.0852 1076 MTConfig - ok
16:28:28.0883 1076 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
16:28:28.0914 1076 Mup - ok
16:28:28.0930 1076 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
16:28:28.0961 1076 mvumis - ok
16:28:29.0008 1076 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
16:28:29.0070 1076 napagent - ok
16:28:29.0117 1076 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:28:29.0164 1076 NativeWifiP - ok
16:28:29.0210 1076 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
16:28:29.0257 1076 NcaSvc - ok
16:28:29.0273 1076 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
16:28:29.0304 1076 NcdAutoSetup - ok
16:28:29.0382 1076 [ 0F89AE618DBA5D8AB7A2DFCC375F4159 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:28:29.0444 1076 NDIS - ok
16:28:29.0476 1076 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:28:29.0522 1076 NdisCap - ok
16:28:29.0554 1076 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
16:28:29.0600 1076 NdisImPlatform - ok
16:28:29.0632 1076 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:28:29.0678 1076 NdisTapi - ok
16:28:29.0710 1076 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:28:29.0788 1076 Ndisuio - ok
16:28:29.0819 1076 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:29.0897 1076 NdisWan - ok
16:28:29.0897 1076 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
16:28:29.0944 1076 NDISWANLEGACY - ok
16:28:29.0959 1076 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:28:30.0037 1076 NDProxy - ok
16:28:30.0069 1076 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
16:28:30.0100 1076 Ndu - ok
16:28:30.0131 1076 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:28:30.0178 1076 NetBIOS - ok
16:28:30.0209 1076 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:28:30.0256 1076 NetBT - ok
16:28:30.0287 1076 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe
16:28:30.0318 1076 Netlogon - ok
16:28:30.0349 1076 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
16:28:30.0412 1076 Netman - ok
16:28:30.0443 1076 [ C166E3CD90AB0781ECDF10EC765B083A ] netprofm C:\Windows\System32\netprofmsvc.dll
16:28:30.0505 1076 netprofm - ok
16:28:30.0583 1076 [ 06C59F7859970C445F09E233D607FA4C ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
16:28:30.0661 1076 netr28x - ok
16:28:30.0692 1076 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:28:30.0724 1076 NetTcpPortSharing - ok
16:28:30.0755 1076 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:28:30.0786 1076 nfrd960 - ok
16:28:30.0817 1076 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:28:30.0880 1076 NlaSvc - ok
16:28:30.0911 1076 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:28:30.0942 1076 Npfs - ok
16:28:30.0958 1076 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
16:28:31.0005 1076 npsvctrig - ok
16:28:31.0036 1076 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
16:28:31.0067 1076 nsi - ok
16:28:31.0098 1076 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:28:31.0145 1076 nsiproxy - ok
16:28:31.0223 1076 [ 11D7A4A4A1DA60F394F53B413DCDF0DE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:28:31.0348 1076 Ntfs - ok
16:28:31.0395 1076 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
16:28:31.0410 1076 Null - ok
16:28:31.0426 1076 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:28:31.0473 1076 nvraid - ok
16:28:31.0488 1076 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:28:31.0519 1076 nvstor - ok
16:28:31.0535 1076 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:28:31.0566 1076 nv_agp - ok
16:28:31.0691 1076 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:28:31.0738 1076 odserv - ok
16:28:31.0785 1076 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:28:31.0800 1076 ose - ok
16:28:31.0847 1076 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:28:31.0894 1076 p2pimsvc - ok
16:28:31.0925 1076 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
16:28:31.0987 1076 p2psvc - ok
16:28:32.0019 1076 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
16:28:32.0050 1076 Parport - ok
16:28:32.0097 1076 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:28:32.0128 1076 partmgr - ok
16:28:32.0175 1076 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:28:32.0221 1076 PcaSvc - ok
16:28:32.0253 1076 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
16:28:32.0284 1076 pci - ok
16:28:32.0315 1076 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
16:28:32.0346 1076 pciide - ok
16:28:32.0393 1076 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:28:32.0440 1076 pcmcia - ok
16:28:32.0455 1076 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
16:28:32.0487 1076 pcw - ok
16:28:32.0518 1076 [ EF9B4F3136B4C45F421ADE6871659FB6 ] pdc C:\Windows\system32\drivers\pdc.sys
16:28:32.0549 1076 pdc - ok
16:28:32.0596 1076 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:28:32.0658 1076 PEAUTH - ok
16:28:32.0752 1076 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:28:32.0783 1076 PerfHost - ok
16:28:32.0877 1076 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
16:28:32.0970 1076 pla - ok
16:28:33.0017 1076 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:28:33.0048 1076 PlugPlay - ok
16:28:33.0064 1076 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:28:33.0111 1076 PNRPAutoReg - ok
16:28:33.0157 1076 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:28:33.0189 1076 PNRPsvc - ok
16:28:33.0220 1076 [ 34A8FAE065249F85A67A3215FF5ECB34 ] Point64 C:\Windows\System32\drivers\point64.sys
16:28:33.0251 1076 Point64 - ok
16:28:33.0282 1076 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:28:33.0345 1076 PolicyAgent - ok
16:28:33.0396 1076 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll
16:28:33.0442 1076 Power - ok
16:28:33.0473 1076 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:28:33.0520 1076 PptpMiniport - ok
16:28:33.0629 1076 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
16:28:33.0739 1076 PrintNotify - ok
16:28:33.0801 1076 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys
16:28:33.0832 1076 Processor - ok
16:28:33.0895 1076 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
16:28:33.0941 1076 ProfSvc - ok
16:28:33.0973 1076 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:28:34.0035 1076 Psched - ok
16:28:34.0066 1076 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
16:28:34.0113 1076 QWAVE - ok
16:28:34.0144 1076 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:28:34.0175 1076 QWAVEdrv - ok
16:28:34.0191 1076 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:28:34.0238 1076 RasAcd - ok
16:28:34.0269 1076 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:28:34.0300 1076 RasAgileVpn - ok
16:28:34.0347 1076 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
16:28:34.0394 1076 RasAuto - ok
16:28:34.0425 1076 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:28:34.0472 1076 Rasl2tp - ok
16:28:34.0503 1076 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
16:28:34.0565 1076 RasMan - ok
16:28:34.0597 1076 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:28:34.0643 1076 RasPppoe - ok
16:28:34.0675 1076 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:28:34.0706 1076 RasSstp - ok
16:28:34.0737 1076 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:28:34.0768 1076 rdbss - ok
16:28:34.0815 1076 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
16:28:34.0862 1076 rdpbus - ok
16:28:34.0862 1076 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:28:34.0909 1076 RDPDR - ok
16:28:34.0956 1076 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:28:34.0987 1076 RdpVideoMiniport - ok
16:28:35.0002 1076 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:28:35.0049 1076 RDPWD - ok
16:28:35.0080 1076 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:28:35.0127 1076 rdyboost - ok
16:28:35.0158 1076 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:28:35.0205 1076 RemoteAccess - ok
16:28:35.0236 1076 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:28:35.0283 1076 RemoteRegistry - ok
16:28:35.0346 1076 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:28:35.0392 1076 RpcEptMapper - ok
16:28:35.0424 1076 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
16:28:35.0455 1076 RpcLocator - ok
16:28:35.0502 1076 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
16:28:35.0548 1076 RpcSs - ok
16:28:35.0595 1076 [ D38250F459BF60D6F4B69B79DCD948CC ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys
16:28:35.0611 1076 RSP2STOR - ok
16:28:35.0658 1076 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:28:35.0704 1076 rspndr - ok
16:28:35.0736 1076 [ 7D9DA8EC6784A9EE213C676709D46BE6 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys
16:28:35.0798 1076 RTL8168 - ok
16:28:35.0813 1076 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
16:28:35.0860 1076 s3cap - ok
16:28:35.0892 1076 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe
16:28:35.0923 1076 SamSs - ok
16:28:35.0954 1076 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:28:35.0985 1076 sbp2port - ok
16:28:36.0032 1076 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:28:36.0079 1076 SCardSvr - ok
16:28:36.0110 1076 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:28:36.0141 1076 scfilter - ok
16:28:36.0188 1076 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\Windows\system32\schedsvc.dll
16:28:36.0281 1076 Schedule - ok
16:28:36.0313 1076 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:28:36.0360 1076 SCPolicySvc - ok
16:28:36.0375 1076 [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus C:\Windows\System32\drivers\sdbus.sys
16:28:36.0422 1076 sdbus - ok
16:28:36.0453 1076 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:28:36.0500 1076 SDRSVC - ok
16:28:36.0531 1076 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys
16:28:36.0562 1076 sdstor - ok
16:28:36.0594 1076 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:28:36.0625 1076 secdrv - ok
16:28:36.0640 1076 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
16:28:36.0703 1076 seclogon - ok
16:28:36.0734 1076 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
16:28:36.0781 1076 SENS - ok
16:28:36.0812 1076 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:28:36.0859 1076 SensrSvc - ok
16:28:36.0890 1076 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
16:28:36.0921 1076 SerCx - ok
16:28:36.0968 1076 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
16:28:36.0984 1076 Serenum - ok
16:28:37.0015 1076 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
16:28:37.0046 1076 Serial - ok
16:28:37.0062 1076 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
16:28:37.0093 1076 sermouse - ok
16:28:37.0155 1076 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
16:28:37.0202 1076 SessionEnv - ok
16:28:37.0218 1076 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
16:28:37.0264 1076 sfloppy - ok
16:28:37.0311 1076 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:28:37.0374 1076 SharedAccess - ok
16:28:37.0436 1076 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:28:37.0514 1076 ShellHWDetection - ok
16:28:37.0545 1076 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:28:37.0576 1076 SiSRaid2 - ok
16:28:37.0592 1076 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:28:37.0623 1076 SiSRaid4 - ok
16:28:37.0670 1076 [ AF5CC3F9B88F140D78FC967ABF0F4EC7 ] SmbDrv C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
16:28:37.0686 1076 SmbDrv - ok
16:28:37.0701 1076 [ 19555D03CB179BED8B8AAA239A36BDA4 ] SmbDrvI C:\Windows\System32\drivers\Smb_driver_Intel.sys
16:28:37.0717 1076 SmbDrvI - ok
16:28:37.0764 1076 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:28:37.0810 1076 SNMPTRAP - ok
16:28:37.0842 1076 [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport C:\Windows\system32\drivers\spaceport.sys
16:28:37.0888 1076 spaceport - ok
16:28:37.0904 1076 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
16:28:37.0951 1076 SpbCx - ok
16:28:37.0982 1076 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
16:28:38.0044 1076 Spooler - ok
16:28:38.0169 1076 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
16:28:38.0388 1076 sppsvc - ok
16:28:38.0434 1076 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:28:38.0481 1076 srv - ok
16:28:38.0528 1076 [ C2106BB710AA34A046126AED7BCA6964 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:28:38.0575 1076 srv2 - ok
16:28:38.0606 1076 [ 9400C71F5A1A380B494B6922F007D485 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:28:38.0653 1076 srvnet - ok
16:28:38.0700 1076 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:28:38.0746 1076 SSDPSRV - ok
16:28:38.0778 1076 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:28:38.0824 1076 SstpSvc - ok
16:28:38.0856 1076 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:28:38.0871 1076 stexstor - ok
16:28:38.0918 1076 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
16:28:38.0980 1076 stisvc - ok
16:28:39.0012 1076 [ C588BBD37B432CE3204E5765B459E6B2 ] storahci C:\Windows\system32\drivers\storahci.sys
16:28:39.0043 1076 storahci - ok
16:28:39.0074 1076 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
16:28:39.0090 1076 storflt - ok
16:28:39.0136 1076 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
16:28:39.0183 1076 StorSvc - ok
16:28:39.0230 1076 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:28:39.0246 1076 storvsc - ok
16:28:39.0292 1076 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
16:28:39.0355 1076 svsvc - ok
16:28:39.0386 1076 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
16:28:39.0417 1076 swenum - ok
16:28:39.0449 1076 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
16:28:39.0526 1076 swprv - ok
16:28:39.0558 1076 [ 3F45C3FE208CA5E68832B65C597A35A6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:28:39.0589 1076 SynTP - ok
16:28:39.0667 1076 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll
16:28:39.0760 1076 SysMain - ok
16:28:39.0792 1076 [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
16:28:39.0838 1076 SystemEventsBroker - ok
16:28:39.0870 1076 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
16:28:39.0901 1076 TabletInputService - ok
16:28:39.0932 1076 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
16:28:39.0979 1076 TapiSrv - ok
16:28:40.0072 1076 [ D192288CE5FB395F0BBAFDD1A8B5285D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:28:40.0197 1076 Tcpip - ok
16:28:40.0244 1076 [ D192288CE5FB395F0BBAFDD1A8B5285D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:28:40.0369 1076 TCPIP6 - ok
16:28:40.0478 1076 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:28:40.0540 1076 tcpipreg - ok
16:28:40.0572 1076 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:28:40.0603 1076 tdx - ok
16:28:40.0743 1076 [ BB676D2C7AD5E7131D12417E4691F9B9 ] Te.Service C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
16:28:40.0775 1076 Te.Service ( UnsignedFile.Multi.Generic ) - warning
16:28:40.0775 1076 Te.Service - detected UnsignedFile.Multi.Generic (1)
16:28:40.0806 1076 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
16:28:40.0821 1076 terminpt - ok
16:28:40.0868 1076 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
16:28:40.0930 1076 TermService - ok
16:28:40.0946 1076 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
16:28:41.0008 1076 Themes - ok
16:28:41.0055 1076 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll
16:28:41.0086 1076 THREADORDER - ok
16:28:41.0118 1076 [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
16:28:41.0180 1076 TimeBroker - ok
16:28:41.0211 1076 [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM C:\Windows\system32\drivers\tpm.sys
16:28:41.0242 1076 TPM - ok
16:28:41.0289 1076 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
16:28:41.0320 1076 TrkWks - ok
16:28:41.0383 1076 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:28:41.0445 1076 TrustedInstaller - ok
16:28:41.0508 1076 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:28:41.0539 1076 TsUsbFlt - ok
16:28:41.0554 1076 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
16:28:41.0601 1076 TsUsbGD - ok
16:28:41.0617 1076 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:28:41.0679 1076 tunnel - ok
16:28:41.0695 1076 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:28:41.0726 1076 uagp35 - ok
16:28:41.0757 1076 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
16:28:41.0788 1076 UASPStor - ok
16:28:41.0820 1076 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
16:28:41.0867 1076 UCX01000 - ok
16:28:41.0882 1076 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:28:41.0945 1076 udfs - ok
16:28:41.0991 1076 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:28:42.0054 1076 UI0Detect - ok
16:28:42.0069 1076 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:28:42.0100 1076 uliagpkx - ok
16:28:42.0116 1076 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
16:28:42.0163 1076 umbus - ok
16:28:42.0194 1076 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
16:28:42.0225 1076 UmPass - ok
16:28:42.0272 1076 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
16:28:42.0335 1076 UmRdpService - ok
16:28:42.0366 1076 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
16:28:42.0428 1076 upnphost - ok
16:28:42.0459 1076 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
16:28:42.0553 1076 usbccgp - ok
16:28:42.0584 1076 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
16:28:42.0647 1076 usbcir - ok
16:28:42.0678 1076 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
16:28:42.0709 1076 usbehci - ok
16:28:42.0740 1076 [ 4875DC63E548812C75D4FDEF84970C89 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
16:28:42.0771 1076 usbfilter - ok
16:28:42.0802 1076 [ FBB6794E3BBAD92D66D59D206C1F849F ] usbhub C:\Windows\System32\drivers\usbhub.sys
16:28:42.0849 1076 usbhub - ok
16:28:42.0881 1076 [ B7A948501424805571BF562BB0BFE31D ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
16:28:42.0943 1076 USBHUB3 - ok
16:28:42.0959 1076 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys
16:28:43.0005 1076 usbohci - ok
16:28:43.0037 1076 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
16:28:43.0068 1076 usbprint - ok
16:28:43.0099 1076 [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan C:\Windows\System32\drivers\usbscan.sys
16:28:43.0130 1076 usbscan - ok
16:28:43.0146 1076 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
16:28:43.0177 1076 USBSTOR - ok
16:28:43.0208 1076 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
16:28:43.0255 1076 usbuhci - ok
16:28:43.0286 1076 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:28:43.0317 1076 usbvideo - ok
16:28:43.0349 1076 [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
16:28:43.0395 1076 USBXHCI - ok
16:28:43.0411 1076 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe
16:28:43.0458 1076 VaultSvc - ok
16:28:43.0473 1076 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:28:43.0505 1076 vdrvroot - ok
16:28:43.0551 1076 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe
16:28:43.0629 1076 vds - ok
16:28:43.0661 1076 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
16:28:43.0692 1076 VerifierExt - ok
16:28:43.0723 1076 [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
16:28:43.0770 1076 vhdmp - ok
16:28:43.0801 1076 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
16:28:43.0832 1076 viaide - ok
16:28:43.0863 1076 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:28:43.0879 1076 vmbus - ok
16:28:43.0910 1076 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
16:28:43.0941 1076 VMBusHID - ok
16:28:43.0973 1076 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
16:28:44.0019 1076 vmicheartbeat - ok
16:28:44.0035 1076 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
16:28:44.0066 1076 vmickvpexchange - ok
16:28:44.0082 1076 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
16:28:44.0113 1076 vmicrdv - ok
16:28:44.0144 1076 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
16:28:44.0175 1076 vmicshutdown - ok
16:28:44.0191 1076 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
16:28:44.0222 1076 vmictimesync - ok
16:28:44.0238 1076 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
16:28:44.0285 1076 vmicvss - ok
16:28:44.0300 1076 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:28:44.0331 1076 volmgr - ok
16:28:44.0363 1076 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:28:44.0409 1076 volmgrx - ok
16:28:44.0441 1076 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:28:44.0487 1076 volsnap - ok
16:28:44.0519 1076 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
16:28:44.0550 1076 vpci - ok
16:28:44.0581 1076 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:28:44.0628 1076 vsmraid - ok
16:28:44.0690 1076 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe
16:28:44.0815 1076 VSS - ok
16:28:44.0831 1076 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
16:28:44.0877 1076 VSTXRAID - ok
16:28:44.0909 1076 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:28:44.0955 1076 vwifibus - ok
16:28:44.0987 1076 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:28:45.0033 1076 vwififlt - ok
16:28:45.0049 1076 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:28:45.0080 1076 vwifimp - ok
16:28:45.0127 1076 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
16:28:45.0174 1076 W32Time - ok
16:28:45.0205 1076 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
16:28:45.0236 1076 WacomPen - ok
16:28:45.0267 1076 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:28:45.0299 1076 Wanarp - ok
16:28:45.0299 1076 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:28:45.0330 1076 Wanarpv6 - ok
16:28:45.0408 1076 [ 901CC968412F8155B08D7ABE0171166A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
16:28:45.0470 1076 WAS - ok
16:28:45.0533 1076 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
16:28:45.0626 1076 wbengine - ok
16:28:45.0657 1076 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:28:45.0704 1076 WbioSrvc - ok
16:28:45.0751 1076 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
16:28:45.0798 1076 Wcmsvc - ok
16:28:45.0845 1076 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:28:45.0891 1076 wcncsvc - ok
16:28:45.0923 1076 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:28:45.0969 1076 WcsPlugInService - ok
16:28:46.0016 1076 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
16:28:46.0047 1076 Wd - ok
16:28:46.0063 1076 [ 260F8DFC4D5748F4CCB9B19CFB0E58EA ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
16:28:46.0094 1076 WdBoot - ok
16:28:46.0141 1076 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:28:46.0188 1076 Wdf01000 - ok
16:28:46.0219 1076 [ 880FFFC4D5BBBB4187B6B04AB2E8C32A ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
16:28:46.0250 1076 WdFilter - ok
16:28:46.0313 1076 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:28:46.0391 1076 WdiServiceHost - ok
16:28:46.0391 1076 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:28:46.0453 1076 WdiSystemHost - ok
16:28:46.0469 1076 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
16:28:46.0531 1076 WebClient - ok
16:28:46.0562 1076 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:28:46.0625 1076 Wecsvc - ok
16:28:46.0640 1076 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:28:46.0703 1076 wercplsupport - ok
16:28:46.0718 1076 [ 8E2426162ED6749A127B35D235F21E11 ] WerSvc C:\Windows\System32\WerSvc.dll
16:28:46.0796 1076 WerSvc - ok
16:28:46.0828 1076 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
16:28:46.0874 1076 WFPLWFS - ok
16:28:46.0890 1076 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
16:28:46.0937 1076 WiaRpc - ok
16:28:46.0952 1076 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:28:46.0983 1076 WIMMount - ok
16:28:47.0015 1076 WinDefend - ok
16:28:47.0077 1076 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
16:28:47.0139 1076 WinHttpAutoProxySvc - ok
16:28:47.0202 1076 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:28:47.0233 1076 Winmgmt - ok
16:28:47.0327 1076 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
16:28:47.0451 1076 WinRM - ok
16:28:47.0498 1076 [ 4F2A80D65AE6F845776E2F06AE6782ED ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
16:28:47.0514 1076 WirelessButtonDriver - ok
16:28:47.0592 1076 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll
16:28:47.0670 1076 WlanSvc - ok
16:28:47.0748 1076 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
16:28:47.0841 1076 wlidsvc - ok
16:28:47.0888 1076 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
16:28:47.0935 1076 WmiAcpi - ok
16:28:47.0966 1076 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:28:48.0013 1076 wmiApSrv - ok
16:28:48.0044 1076 WMPNetworkSvc - ok
16:28:48.0075 1076 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
16:28:48.0153 1076 wpcfltr - ok
16:28:48.0185 1076 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:28:48.0231 1076 WPCSvc - ok
16:28:48.0247 1076 [ 94AA5150E35B3ABB7191FE641E3C2473 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:28:48.0294 1076 WPDBusEnum - ok
16:28:48.0325 1076 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
16:28:48.0356 1076 WpdUpFltr - ok
16:28:48.0403 1076 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:28:48.0419 1076 ws2ifsl - ok
16:28:48.0450 1076 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\Windows\System32\wscsvc.dll
16:28:48.0497 1076 wscsvc - ok
16:28:48.0512 1076 WSearch - ok
16:28:48.0606 1076 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll
16:28:48.0762 1076 WSService - ok
16:28:48.0902 1076 [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv C:\Windows\system32\wuaueng.dll
16:28:49.0027 1076 wuauserv - ok
16:28:49.0058 1076 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:28:49.0089 1076 WudfPf - ok
16:28:49.0105 1076 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
16:28:49.0152 1076 WUDFRd - ok
16:28:49.0183 1076 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:28:49.0230 1076 wudfsvc - ok
16:28:49.0261 1076 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
16:28:49.0324 1076 WUDFWpdFs - ok
16:28:49.0355 1076 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:28:49.0417 1076 WwanSvc - ok
16:28:49.0464 1076 ================ Scan global ===============================
16:28:49.0542 1076 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
16:28:49.0589 1076 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
16:28:49.0620 1076 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
16:28:49.0713 1076 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
16:28:49.0729 1076 [Global] - ok
16:28:49.0745 1076 ================ Scan MBR ==================================
16:28:49.0776 1076 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
16:28:49.0932 1076 \Device\Harddisk0\DR0 - ok
16:28:49.0948 1076 ================ Scan VBR ==================================
16:28:49.0948 1076 [ 6F8DA339B7DAC3368B1C576D3D4091F4 ] \Device\Harddisk0\DR0\Partition1
16:28:49.0948 1076 \Device\Harddisk0\DR0\Partition1 - ok
16:28:49.0994 1076 [ 216056526544C32BFC585E260FF4E59A ] \Device\Harddisk0\DR0\Partition2
16:28:49.0994 1076 \Device\Harddisk0\DR0\Partition2 - ok
16:28:50.0010 1076 [ 62D149ADBE3E8863DDEF557DA85E5E8A ] \Device\Harddisk0\DR0\Partition3
16:28:50.0010 1076 \Device\Harddisk0\DR0\Partition3 - ok
16:28:50.0026 1076 [ 90B81A0EFA454B2B8396FB5C53AA6976 ] \Device\Harddisk0\DR0\Partition4
16:28:50.0026 1076 \Device\Harddisk0\DR0\Partition4 - ok
16:28:50.0057 1076 [ 714FC2300270B0FBB45DC01F40072D0B ] \Device\Harddisk0\DR0\Partition5
16:28:50.0072 1076 \Device\Harddisk0\DR0\Partition5 - ok
16:28:50.0072 1076 ============================================================
16:28:50.0072 1076 Scan finished
16:28:50.0072 1076 ============================================================
16:28:50.0088 0380 Detected object count: 4
16:28:50.0088 0380 Actual detected object count: 4
16:29:11.0810 0380 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:11.0810 0380 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:29:11.0810 0380 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:11.0810 0380 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:29:11.0810 0380 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:11.0810 0380 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:29:11.0826 0380 Te.Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:29:11.0826 0380 Te.Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:29:23.0668 0348 Deinitialize success
Grüße Christoph |
|
25.04.2013, 16:27
| #11 |
| /// TB-Ausbilder | BSOD-Maustreiber oder doch Virus? Servus, wir entfernen noch ein paar Reste und kontrollieren nochmal alles: Schritt 1 Fixen mit OTL
Code:
ATTFilter :files
C:\Users\Hrl\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\putlockerdownloader2@putlockerdownloader.com.xpi
C:\Users\Hrl\AppData\Local\Temp\A7B6E0F6-BAB0-7891-BEB6-86C5B5794BB1
C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_gimp.exe
C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe
C:\Windows\Prefetch\SOFTONICDOWNLOADER_FUER_SENSI-BB758226.pf
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dnnajmlhehgnkclpdlggknanmcplloej]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de]
[-HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe]
:Commands
[emptytemp]
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
25.04.2013, 17:17
| #12 |
| | BSOD-Maustreiber oder doch Virus? Guten Abend, Code:
ATTFilter All processes killed
========== FILES ==========
File\Folder C:\Users\Hrl\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\putlockerdownloader2@putlockerdownloader.com.xpi not found.
File\Folder C:\Users\Hrl\AppData\Local\Temp\A7B6E0F6-BAB0-7891-BEB6-86C5B5794BB1 not found.
File\Folder C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_gimp.exe not found.
File\Folder C:\Users\Hrl\Downloads\SoftonicDownloader_fuer_sensible-soccer-2006.exe not found.
File\Folder C:\Windows\Prefetch\SOFTONICDOWNLOADER_FUER_SENSI-BB758226.pf not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dnnajmlhehgnkclpdlggknanmcplloej\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\IntelliPoint\AppSpecific\SoftonicDownloader_fuer_sensible-soccer-2006.exe\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Hrl
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 17574930 bytes
->Flash cache emptied: 22726 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2177664 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 209702518 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 16078926593 bytes
Total Files Cleaned = 15*553,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04252013_181044
Files\Folders moved on Reboot...
C:\Users\Hrl\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.25.05 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16484 Hrl :: CHRISTOPH [Administrator] 25.04.2013 18:23:04 mbam-log-2013-04-25 (18-23-04).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 213750 Laufzeit: 5 Minute(n), 10 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
25.04.2013, 18:44
| #13 |
| /// TB-Ausbilder | BSOD-Maustreiber oder doch Virus? Servus, bist du dir sicher, dass du den OTL-Fix richtig ausgeführt hast?  Fehlen noch ESET und SecurityCheck.  |
|
26.04.2013, 04:35
| #14 |
| | BSOD-Maustreiber oder doch Virus? Guten Morgen, sicher bin ich mir bei pc Dingen NIE. Allerdings könnte ich nicht sagen, WAS ich falsch gemacht haben könnte. ESET hat über die ganze Nacht "gearbeitet" oder auch nicht - mußte mich in der Früh neu am pc anmelden - und stand erst nach 11 Stunden bei 46%. Poste daher nur Teilergebnis, weil ich meinen einzigen pc brauche. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=302766fd6fc0d14593c52bdb5d24776a
# engine=13695
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-26 03:30:08
# local_time=2013-04-26 05:30:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 128246 23676920 0 0
# scanned=132496
# found=0
# cleaned=0
# scan_time=39326
Code:
ATTFilter Results of screen317's Security Check version 0.99.62 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` |
|
26.04.2013, 10:13
| #15 |
| /// TB-Ausbilder | BSOD-Maustreiber oder doch Virus? Servus, Malware sehe ich keine mehr, scheint in der Tat wohl eher ein Problem mit dem Maustreiber zu sein. In diesem Bereich des Forums könntest du dein Anliegen noch schildern: Netzwerk und Hardware Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Sofern verwendet, starte DeFogger und klicke auf Re-enable. Gegebenenfalls muss dein Rechner neu gestartet werden. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Schritt 3 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von Registry Cleanern. Diese Schaden deinem System mehr als dass sie helfen. Hier ein paar ( englische ) Links: Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
| Themen zu BSOD-Maustreiber oder doch Virus? |
| abstürze, aktuelle, allgemein, amd, angezeigt, arbeitsspeicher, beliebige, betrieb, bluescreens, fehler, folge, grafikkarte, laptop, maus, microsoft, mäuse, neue, neuen, problem, radeon, touchpad, treiber, version., virus, virus?, windows, wireless |
Textbox.
Linear-Darstellung
