| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runterWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.05.2013, 13:17
| #1 |
 |  Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter Heyho, wie in dieser Frage http://www.trojaner-board.de/134171-...rt-runter.html (in der ich leider nicht antworten konnte) habe ich das gleiche Problem. Abgesicherter Modus fährt sofort wieder runter und normal der weiße Bildschirm mit Zahlungsaufforderung. Habe schonmal den ersten Schritt ausgeführt: OTL.exe vom USB-Stick durch Abgesicherten Modus mit Eingabeaufforderung. Dabei kam raus: OTL Code:
ATTFilter OTL logfile created on: 13.05.2013 13:44:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = g:\ Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 87,73% Memory free 6,49 Gb Paging File | 6,12 Gb Available in Paging File | 94,17% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 59,90 Gb Total Space | 19,13 Gb Free Space | 31,94% Space Free | Partition Type: NTFS Drive D: | 100,00 Gb Total Space | 9,35 Gb Free Space | 9,35% Space Free | Partition Type: NTFS Drive E: | 305,76 Gb Total Space | 28,06 Gb Free Space | 9,18% Space Free | Partition Type: NTFS Drive F: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 1,89 Gb Total Space | 1,56 Gb Free Space | 82,69% Space Free | Partition Type: FAT32 Computer Name: FIGUR-PC | User Name: figur | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.13 13:33:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- g:\OTL.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2013.04.11 15:35:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- E:\teamviewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.07.03 19:05:37 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.29 11:44:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Gigabyte\EasySaver\essvr.exe -- (ES lite Service) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.04.20 18:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- E:\Program Files\VMC\Bin\VMCService.exe -- (VMCService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs) DRV - [2013.05.13 13:38:56 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.07.02 12:23:05 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2012.04.18 19:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2011.07.06 04:22:55 | 000,648,808 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8192cu.sys -- (RTL8192cu) DRV - [2011.07.03 19:05:38 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.03 19:05:38 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.13 04:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.05.13 04:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.05.13 04:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011.05.13 04:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.05.13 04:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2011.03.07 11:21:40 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsnmea.sys -- (zghsnmea) DRV - [2011.03.07 11:21:28 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm) DRV - [2011.03.07 11:20:40 | 000,113,432 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsdiag.sys -- (zghsdiag) DRV - [2011.03.07 11:20:08 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs) DRV - [2011.02.12 17:39:53 | 000,281,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.02.12 17:39:53 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.02.12 16:17:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.27 12:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger) DRV - [2009.04.09 14:38:30 | 000,110,592 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV - [2009.04.09 14:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice) DRV - [2009.04.09 14:38:30 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.04.09 14:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.04.09 14:38:30 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.04.09 14:38:30 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2008.10.09 14:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad) DRV - [2008.10.09 14:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2003.04.19 00:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl) DRV - [2003.03.02 17:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.de.maxiwe.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.de.maxiwe.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.de.maxiwe.com IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://facebook.de/ IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 DD D2 D4 53 D0 CB 01 [binary data] IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes,DefaultScope = {D1B3CE3F-25C0-4a35-99C5-1177239FA3DF} IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{C89A4C31-E138-41b2-A7C7-7A30DB2C13CD}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..\SearchScopes\{D1B3CE3F-25C0-4a35-99C5-1177239FA3DF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD IE - HKU\S-1-5-21-3109638477-127064589-495194791-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.9&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5 FF - prefs.js..extensions.enabledAddons: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.7 FF - prefs.js..extensions.enabledAddons: ffxtlbra@softonic.com:1.6.0 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.7&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\figur\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\figur\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: E:\Program Files\VMC\Optimization Client\addon\ [2011.02.28 13:58:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: E:\Program Files\Firefox\components [2012.12.13 01:08:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: E:\Program Files\Firefox\plugins [2013.04.14 14:50:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: E:\Program Files\Firefox\components [2012.12.13 01:08:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: E:\Program Files\Firefox\plugins [2013.04.14 14:50:02 | 000,000,000 | ---D | M] [2011.03.05 21:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Extensions [2012.11.04 14:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions [2012.08.02 16:42:20 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.05.14 13:31:08 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.10.14 14:50:18 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\ffxtlbra@softonic.com [2012.11.04 14:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\figur\AppData\Roaming\mozilla\Firefox\Profiles\qex9jmqo.default\extensions\staged [2012.11.04 14:29:54 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-1.xml [2011.10.05 21:25:09 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-10.xml [2011.11.13 15:22:11 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-11.xml [2012.03.30 12:33:44 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-12.xml [2011.06.11 15:14:33 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-2.xml [2011.07.11 02:20:18 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-3.xml [2011.08.15 16:57:54 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-4.xml [2011.08.22 16:58:17 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-5.xml [2011.09.01 21:10:17 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-6.xml [2011.09.05 18:46:26 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-7.xml [2011.09.08 23:24:58 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-8.xml [2011.09.09 20:00:38 | 000,000,950 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin-9.xml [2012.03.19 20:09:28 | 000,000,168 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.gif [2012.03.19 20:09:28 | 000,000,618 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.src [2010.05.12 17:40:48 | 000,001,042 | ---- | M] () -- C:\Users\figur\AppData\Roaming\mozilla\firefox\profiles\qex9jmqo.default\searchplugins\icqplugin.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\figur\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = E:\Program Files\Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = E:\Program Files\Java\bin\new_plugin\npjp2.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\figur\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ Hosts file not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-3109638477-127064589-495194791-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3109638477-127064589-495194791-1000..\Run: [Spotify Web Helper] C:\Users\figur\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\figur\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - E:\Program Files\ICQ\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - E:\Program Files\ICQ\ICQ7.4\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..Trusted Domains: drei.to ([games] https in Trusted sites) O15 - HKU\S-1-5-21-3109638477-127064589-495194791-1000\..Trusted Domains: x7.to ([]https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A48842B-B5EF-4C72-95D0-6B6A8D3E40CC}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9927F8A-4FBE-4E06-802A-9286DB433134}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3109638477-127064589-495194791-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-3109638477-127064589-495194791-1000 Winlogon: Shell - (C:\Users\figur\AppData\Roaming\skype.dat) - C:\Users\figur\AppData\Roaming\skype.dat () O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O31 - SafeBoot: UseAlternatShell - 1 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.02.25 17:24:44 | 000,000,051 | R--- | M] () - F:\autorun.inf -- [ UDF ] O33 - MountPoints2\{7f1448a0-36a8-11e0-a9ac-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7f1448a0-36a8-11e0-a9ac-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Install.exe -- [2004.10.21 20:38:02 | 000,126,976 | R--- | M] (Macrovision Corporation) O33 - MountPoints2\{c7437061-ab25-11e0-8f2c-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{c7437061-ab25-11e0-8f2c-00a0c6000000}\Shell\AutoRun\command - "" = I:\ZTE_Handset_USB_Driver.exe O33 - MountPoints2\{df2d72aa-d6de-11e0-8a52-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{df2d72aa-d6de-11e0-8a52-00a0c6000000}\Shell\AutoRun\command - "" = N:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.12 16:31:51 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\Männertag 2013 [2013.05.10 11:47:45 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\Mt13 [2013.04.29 23:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM [2013.04.29 23:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6 [2013.04.18 16:23:51 | 000,000,000 | ---D | C] -- D:\Users\figur\Desktop\DSK Praktikum [2013.04.14 16:56:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP [2013.04.14 13:09:29 | 000,000,000 | ---D | C] -- C:\Bilder N [2013.04.14 12:08:51 | 000,000,000 | ---D | C] -- C:\Windows\San Andreas Mod Installer [2013.04.14 12:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Mod Installer [1 D:\Users\figur\Desktop\*.tmp files -> D:\Users\figur\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.01.27 20:03:52 | 003,449,138 | ---- | M] () -- D:\Users\figur\Desktop\DSCF0889.JPG [2014.01.27 19:37:50 | 002,089,078 | ---- | M] () -- D:\Users\figur\Desktop\DSCF0886.JPG [2013.05.13 13:43:17 | 000,664,764 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.13 13:43:17 | 000,624,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.13 13:43:17 | 000,134,932 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.13 13:43:17 | 000,110,584 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.13 13:41:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.13 13:41:20 | 2615,320,576 | -HS- | M] () -- C:\hiberfil.sys [2013.05.13 13:38:56 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\Windows\gdrv.sys [2013.05.13 13:06:33 | 000,000,004 | ---- | M] () -- C:\Users\figur\AppData\Roaming\skype.ini [2013.05.13 13:06:19 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.13 02:07:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109638477-127064589-495194791-1000UA.job [2013.05.13 01:55:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.13 01:53:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.12 21:36:39 | 000,054,108 | ---- | M] () -- D:\Users\figur\Desktop\945526_514430408620738_1546569873_n.jpg [2013.05.12 20:07:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3109638477-127064589-495194791-1000Core.job [2013.05.12 16:26:14 | 002,216,474 | ---- | M] () -- D:\Users\figur\Desktop\20130322_105246.jpg [2013.05.12 16:25:22 | 002,409,417 | ---- | M] () -- D:\Users\figur\Desktop\20130322_105241.jpg [2013.05.12 16:18:57 | 000,000,823 | ---- | M] () -- D:\Users\figur\Desktop\Rollenbeschreibung.lnk [2013.05.12 15:17:12 | 001,477,360 | ---- | M] () -- D:\Users\figur\Desktop\PlanKomm_Prozess_SoSe2013_Layout-Hinweise.pdf [2013.05.12 15:12:09 | 001,860,463 | ---- | M] () -- D:\Users\figur\Desktop\Layout-Vorgabe.zip [2013.05.12 13:43:32 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.12 13:43:32 | 000,019,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.10 12:03:56 | 000,005,253 | ---- | M] () -- D:\Users\figur\Desktop\DSK Wiesbaden.pdf [2013.05.06 16:51:42 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013.04.30 13:18:47 | 003,917,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 D:\Users\figur\Desktop\*.tmp files -> D:\Users\figur\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.13 12:58:43 | 000,000,004 | ---- | C] () -- C:\Users\figur\AppData\Roaming\skype.ini [2013.05.12 21:36:47 | 000,054,108 | ---- | C] () -- D:\Users\figur\Desktop\945526_514430408620738_1546569873_n.jpg [2013.05.12 16:34:07 | 002,089,078 | ---- | C] () -- D:\Users\figur\Desktop\DSCF0886.JPG [2013.05.12 16:31:52 | 003,449,138 | ---- | C] () -- D:\Users\figur\Desktop\DSCF0889.JPG [2013.05.12 16:26:14 | 002,216,474 | ---- | C] () -- D:\Users\figur\Desktop\20130322_105246.jpg [2013.05.12 16:25:08 | 002,409,417 | ---- | C] () -- D:\Users\figur\Desktop\20130322_105241.jpg [2013.05.12 16:19:08 | 000,000,823 | ---- | C] () -- D:\Users\figur\Desktop\Rollenbeschreibung.lnk [2013.05.12 15:12:17 | 001,477,360 | ---- | C] () -- D:\Users\figur\Desktop\PlanKomm_Prozess_SoSe2013_Layout-Hinweise.pdf [2013.05.12 15:12:09 | 001,860,463 | ---- | C] () -- D:\Users\figur\Desktop\Layout-Vorgabe.zip [2013.05.08 09:30:33 | 000,005,253 | ---- | C] () -- D:\Users\figur\Desktop\DSK Wiesbaden.pdf [2013.05.06 16:51:42 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2013.04.04 22:31:38 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys [2013.04.04 22:31:38 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys [2013.03.11 18:04:26 | 000,000,218 | ---- | C] () -- C:\Users\figur\AppData\Local\recently-used.xbel [2012.07.23 21:28:01 | 002,953,448 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin [2012.03.11 17:08:10 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2012.03.11 16:04:00 | 000,084,480 | ---- | C] () -- C:\Users\figur\AppData\Roaming\skype.dat [2012.02.20 15:45:02 | 000,000,287 | ---- | C] () -- C:\Users\figur\AppData\Local\VersionChecker_17.xml [2012.02.16 20:04:25 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2011.09.29 22:14:13 | 000,003,584 | ---- | C] () -- C:\Users\figur\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.10 21:23:14 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe [2011.07.10 21:23:14 | 000,001,623 | ---- | C] () -- C:\Windows\InnoTipLanguage.ini [2011.06.11 00:37:16 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.06.11 00:36:24 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.14 14:00:35 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.05.14 14:00:35 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT [2009.04.09 14:44:42 | 000,108,066 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.05.2013 13:44:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = g:\
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,85 Gb Available Physical Memory | 87,73% Memory free
6,49 Gb Paging File | 6,12 Gb Available in Paging File | 94,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,90 Gb Total Space | 19,13 Gb Free Space | 31,94% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 9,35 Gb Free Space | 9,35% Space Free | Partition Type: NTFS
Drive E: | 305,76 Gb Total Space | 28,06 Gb Free Space | 9,18% Space Free | Partition Type: NTFS
Drive F: | 4,05 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 1,89 Gb Total Space | 1,56 Gb Free Space | 82,69% Space Free | Partition Type: FAT32
Computer Name: FIGUR-PC | User Name: figur | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- E:\Program Files\PS CS 6\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\Fotobuch\fotobuch.de\Designer 2.0\Designer.exe" = E:\Program Files\Fotobuch\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009C1869-451E-40AE-A41A-A21E72ED6F3A}" = rport=445 | protocol=6 | dir=out | app=system |
"{01B8ABAC-1D90-46A3-A55B-AA42E6E8B117}" = rport=138 | protocol=17 | dir=out | app=system |
"{01B90067-134F-406B-A57B-69F713CF03C7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0BC26644-28AE-4FC7-A9BE-392A1FB055F2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{111682D2-AD4D-4BE0-8D3D-E15DCAA685D1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1BC72A23-A3BF-48D4-8F1A-005347C4EC71}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3F901FC0-92B8-449C-9D00-796744D2AC18}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{429B0F19-5A3E-42B4-8B34-D17A05E68740}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{615507E0-A915-45F1-9890-E546C26A209D}" = lport=139 | protocol=6 | dir=in | app=system |
"{63A28F5F-BFB3-4357-99CC-995434CB79D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{658EDBB1-A304-4021-ABE8-6E50B489EEC5}" = lport=445 | protocol=6 | dir=in | app=system |
"{6C00E6A0-F056-40FC-9D20-7E438743FAF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75D64749-451D-4ECD-B074-71AF7652F7EF}" = lport=138 | protocol=17 | dir=in | app=system |
"{7C72D6AB-455C-4EFC-A00E-45555AD3787F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7CC325AD-68A2-4012-AE38-DB18543AEB2E}" = rport=139 | protocol=6 | dir=out | app=system |
"{9861FB8D-7B0F-4A87-BA6D-267F710101A9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{A3EBFCCE-079B-4957-B907-6E9886E6FC50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC93D640-45AC-46A2-9C7A-B6623436BEE4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B70EE68F-D0BD-45D1-96FB-AC0CFA1EE368}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D46EB686-C5BB-4329-9447-471752DC5782}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D601692B-1CD7-4C8B-BFA0-14B75CD05366}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.6 |
"{D992DAFB-B762-4729-B88A-7797839FF2C3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E38F9C35-F1F8-4064-A6F8-7F86E1B560F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{EA208381-5C67-4DC4-8B5D-CE824117F256}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8738809-12F6-45EF-A681-3C31C67DD852}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0085B955-56BA-473F-8ED5-A69D8C843E52}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{02CB7ABC-7A24-4D49-94B8-22E1A1ABB12C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{03A0CE32-38BD-4B08-824E-1F267BB0D92F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{04BA9FAB-3C2B-47C2-8359-427278186989}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0559B808-F3D7-4353-AB37-94C4739E7EC0}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{05A13A72-1A66-4971-ADBF-64A144EAB17D}" = protocol=6 | dir=in | app=e:\program files\ps6\adobe flash builder 4.6\flashbuilder.exe |
"{09A517CD-0FAE-4BFA-9D9D-34CD5F001A47}" = protocol=17 | dir=in | app=e:\teamviewer\version7\teamviewer.exe |
"{0CC90E07-0D62-467C-BF16-9F654E28F1FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{1952F11E-F340-4391-BA41-CDE0BCC9FA73}" = protocol=17 | dir=in | app=e:\teamviewer\version7\teamviewer_service.exe |
"{1CCCD02B-4812-4A08-B2D2-091E852BF90C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{1CD282C3-6482-4D26-A57D-C39721714315}" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe |
"{242FEC2E-D375-4A9F-A44D-52D1AD0234DF}" = protocol=6 | dir=in | app=e:\teamviewer\version7\teamviewer_service.exe |
"{2AAB60E1-5449-4235-AF33-804975A234D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2BC6B7EE-509B-434C-946A-6AB38F96E8A4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2EC6259B-8A5D-4C27-AEF0-BCE5D349D45F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{3198636D-011F-47E0-A9F6-E6FA016F22B8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{38599AE1-76C5-45FE-A585-6100C76A3573}" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe |
"{391D0643-7576-44AA-A0DF-3AB0744B668C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3C979D3C-C62C-41AB-9987-97902D843F98}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3CDB117C-BEA0-4959-AFB3-765FD31584D0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{3EDFFEC1-2B71-46AA-A3F7-C391976538E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{3F6E5F4D-5EF3-4031-AEA9-8EFC03916942}" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe |
"{47065E43-46D8-45FF-9090-3FDFDE7E67E1}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.exe |
"{4E8D4E6B-4A70-4CDE-9B05-88E828451466}" = protocol=6 | dir=in | app=e:\teamviewer\version7\teamviewer.exe |
"{557ACC55-17E2-49D8-A67D-135D45A6B0D4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{5AE17198-72C0-49B3-BDD9-38D2EE0E7967}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5AE45DB6-1B63-4352-86A6-AF522EBDEB53}" = protocol=6 | dir=out | app=system |
"{5B937E7C-ACC8-469F-83AF-4C8A96C3D646}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5BE830D5-7C5A-430A-A23C-A7440478D95B}" = protocol=17 | dir=in | app=e:\spiele\skyrim\steam.exe |
"{60E4AD5E-9905-45F7-AE3C-8B06CAAF9D2C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{61DF8C14-1C34-4290-AC65-06F1A5CCF267}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2editor.exe |
"{61FF37CE-5A62-441E-9C82-24F38BBA2090}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.exe |
"{75F8B34C-9AE8-4B3D-85DB-3491709E6797}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BAA0695-CBBA-4E18-95D9-2E7277A72F46}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{7F4CDBDE-6F13-43EB-ACA6-AD0B235273C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{88C722A1-887E-479E-AB09-3A272FA3497D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{8F1848E2-E74B-495B-86C3-44696EB70E39}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{90AB74DD-BC6F-44F1-8E8B-0266D185BEFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{95EA19CF-7959-44D7-8E79-EFA81EF85AA2}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2launcher.exe |
"{997F5F9B-A978-4146-A110-DE7FC3A722DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A94BF7FC-6DBD-4751-AFCC-74E5DB61303D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AA1EFE17-8CAD-4420-B6E6-40712704E40F}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe |
"{ADB109C7-3215-4520-9B7D-6AA2CF189466}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{B7E4D3CB-855B-4266-8CF5-C719A5308B1E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B9F64E1F-B269-4FE3-91DE-C4A305556699}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BA651E00-E545-4DEB-9B36-374004B1A6F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BBB93082-7A5F-41DC-8CCF-A29616BBD961}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C8657679-17B5-474F-A6A1-7EE6A5DAE3E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA94BBAD-5976-4DEB-B7A7-E79D40FB3490}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe |
"{CAB5B3A0-63F3-4957-A442-AB30C83E99FD}" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe |
"{CDCEC5DE-AE59-495E-A102-E23BCC584025}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D5E8A7E2-4904-4802-9CC2-CA7130CAF273}" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe |
"{D8D5D0D6-569C-48EC-9185-0D5C35FF7643}" = protocol=6 | dir=in | app=e:\spiele\skyrim\steam.exe |
"{DC98AD21-6768-4D43-A30D-1AC341F6BA92}" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\launcher.patch.exe |
"{E60BF77C-2C8B-4595-9486-6936C8D1238B}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2editor.exe |
"{E78488E7-F530-44E7-8B07-D94078721E8C}" = protocol=6 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\fc2launcher.exe |
"{E838FFD5-BB14-45CF-B07A-10E290B2ABFE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{EAD008FD-DDE5-4957-B3DA-CC45520D7F9C}" = protocol=17 | dir=in | app=e:\spiele\farcry2\far cry 2\bin\farcry2.exe |
"{F00B81A9-BBCF-49F9-82BF-1F0F2473FA79}" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe |
"{F285A74F-6849-402A-AED4-A81904F62214}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F343FCFF-97A3-41E6-A360-BEA385F56AC3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{F66E7FC1-9C54-4A8F-9DED-7E131287C44B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{FA9D840E-9563-4507-88F0-8E4D60484484}" = protocol=17 | dir=in | app=e:\program files\ps6\adobe flash builder 4.6\flashbuilder.exe |
"{FC4EF06F-2D22-47CA-8328-B2AAB700B5D5}" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe |
"{FD12A3F3-D574-4F16-9567-50578286410A}" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\launcher.patch.exe |
"{FDD8C4FD-C1F3-4F53-A91D-8D551AC68C1D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{FE7F56E1-103E-4FEB-BC1E-6015ABBF4CB4}" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe |
"{FFB08827-23CE-4FFF-8B5F-1B4DAAF1B21E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"TCP Query User{0014723A-37A7-4C3F-A378-53C41E4CE426}E:\spiele\dead space\dead space.exe" = protocol=6 | dir=in | app=e:\spiele\dead space\dead space.exe |
"TCP Query User{0D27742F-5257-43C8-84EA-9E231B7DCE7B}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe |
"TCP Query User{0F3135FD-083F-4404-B6E2-69293123C8F2}E:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{134391CC-2031-4295-AC94-FFE0E02E4318}E:\spiele\dead space\dead space.exe" = protocol=6 | dir=in | app=e:\spiele\dead space\dead space.exe |
"TCP Query User{16D03AAE-DCDD-4174-BBEA-CC40722A5C37}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"TCP Query User{1C32063D-52A0-4031-AC61-7B4139B83A2D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{1F31CC17-6C9F-45DA-A643-E52FCF7ABC55}E:\spiele\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe |
"TCP Query User{292CF821-DD17-4218-89C3-5207B01E550A}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{2E14E686-E9F9-4B6A-8FD4-3C506F8B9EC3}E:\spiele\diablo3\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=e:\spiele\diablo3\diablo iii\diablo iii.exe |
"TCP Query User{39DF4CF3-A5FC-4EEC-A7C4-1762C4EBB1FF}E:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{4BE721BA-D3A4-4D8D-B69E-2A7B6747D221}E:\spiele\dow\w40kwa.exe" = protocol=6 | dir=in | app=e:\spiele\dow\w40kwa.exe |
"TCP Query User{503EE2B4-27D0-47B6-AB6E-9A0483594BD8}E:\spiele\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=e:\spiele\anno 1404\tools\anno4web.exe |
"TCP Query User{5EB5CE72-82D0-47C3-9679-4FE154E69268}E:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"TCP Query User{5FBFDC7D-4FD2-4134-BBB4-673685DCCF92}E:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\backgrounddownloader.exe |
"TCP Query User{69CC34AE-A050-47F0-A138-8B6038D74588}C:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{6AFAB6D0-E2FC-48BA-83F7-05EAE55483DB}E:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"TCP Query User{7385314B-85D2-42D0-8B7F-F620D9FF4F43}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"TCP Query User{74C4E019-86D6-4FD1-871A-B7B60F9A3CF2}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"TCP Query User{79ED69AB-42AA-4B60-8B66-272845B68CBE}E:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe |
"TCP Query User{7D68FC6B-FABC-4781-A95C-487A550F6027}E:\program files\vectorworks2012\vectorworks2012e.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\vectorworks2012e.exe |
"TCP Query User{8976449F-3BA8-4C1C-B1D8-318B0AFA9A1F}E:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
"TCP Query User{8C5F385C-E7F8-47DA-A08C-1BDDC269EA47}E:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{9935F3CE-57DD-495D-B697-94BFB55504C0}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe |
"TCP Query User{AB3DBF77-F304-466C-8ADD-D21B3C8E353E}E:\spiele\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe |
"TCP Query User{C0428AC3-6D0C-4A44-9CD0-2C9D383B076F}E:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe |
"TCP Query User{C46CC9E1-FC62-42E1-8BE1-BCA9FD9EC549}E:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"TCP Query User{C49EAA02-60FF-4AD1-905C-9672FF9FA560}E:\program files\icq\icq7.4\icq.exe" = protocol=6 | dir=in | app=e:\program files\icq\icq7.4\icq.exe |
"TCP Query User{C5BE331E-0D81-4649-AA58-6B592113830F}E:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=e:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe |
"TCP Query User{CACABA95-CCA6-4AE6-94FD-812FFD8EBDB7}E:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"TCP Query User{D17DD753-F69F-4869-8DFA-C4A93FCA0743}E:\spiele\witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=e:\spiele\witcher 2\bin\witcher2.exe |
"TCP Query User{D2B9AE61-7D39-4100-B18D-020070661285}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{D2F8CD6E-DF6C-4517-AD88-C116E9D7997B}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=6 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"TCP Query User{DCC6B09F-61CB-4CCC-86BE-4B7E28A49B01}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"TCP Query User{DD8180FA-9C4E-44EA-A3DD-0191BE8D0267}D:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=d:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{E690B277-EA1C-4F70-82D3-91A8D83D7973}C:\users\figur\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\figur\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F5C6E122-A674-4006-A3B2-62A824CF1CCE}E:\spiele\dow\w40k.exe" = protocol=6 | dir=in | app=e:\spiele\dow\w40k.exe |
"TCP Query User{F5F4B250-D476-4AC7-816C-D3CCF1136CB6}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{F780D198-5A14-42E4-9A7A-EFD0B98D85A3}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=6 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe |
"UDP Query User{0D019EB6-AF10-4B7A-AB56-40E018F47336}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{14436E6F-4B9C-4229-AB99-01A04281056F}D:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=d:\users\figur\downloads\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{2D20C224-3A2C-42AF-876A-3E4A76F76D60}E:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2317-enus-tools-downloader.exe |
"UDP Query User{36F4E5EB-30CF-4DC8-83A3-ECEC86F73298}C:\programdata\battle.net\agent\agent.1675\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"UDP Query User{37DA6E4E-58ED-4CE0-9232-2B4963A5D371}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"UDP Query User{47004818-6737-40C7-AF7E-0662A54BE024}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe |
"UDP Query User{4BF90717-43F7-44F7-A401-CB19EAB0815F}C:\programdata\battle.net\agent\agent.1267\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"UDP Query User{4DCD9E04-70EF-465E-92B2-E2DBA9D481C1}E:\program files\vectorworks2012\vectorworks2012e.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\vectorworks2012e.exe |
"UDP Query User{5CD2B3DA-0E1D-4139-A961-05F918CABF2C}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{5CE010C9-65B6-4BC3-B424-2C7AC30DF5E4}E:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2210-enus-tools-downloader.exe |
"UDP Query User{64D9B77E-D7A6-4CE3-B8E3-DBB1893C701E}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"UDP Query User{67363C7F-7A2D-4E1D-A0AB-37436FB3351F}E:\spiele\dead space\dead space.exe" = protocol=17 | dir=in | app=e:\spiele\dead space\dead space.exe |
"UDP Query User{708C39C5-CEB3-40A9-A5EF-74C2F62BE340}E:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe" = protocol=17 | dir=in | app=e:\spiele\tom clancy's splinter cell conviction\src\system\conviction_game.exe |
"UDP Query User{77E6FEB7-9173-49BF-B73E-939E5056281C}E:\spiele\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=e:\spiele\anno 1404\tools\anno4web.exe |
"UDP Query User{7AD0CBA2-1BFD-47A6-8960-730FCC6D7D05}E:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{7D8AE906-6B1D-4B2A-9E4D-E0C91134E508}E:\spiele\dow\w40k.exe" = protocol=17 | dir=in | app=e:\spiele\dow\w40k.exe |
"UDP Query User{8025A820-7070-4EEA-9FB0-2FB28D7A83EB}E:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.0.2506-enus-tools-downloader.exe |
"UDP Query User{813FDE57-BD86-4228-8C14-86344241A1D6}E:\program files\icq\icq7.4\icq.exe" = protocol=17 | dir=in | app=e:\program files\icq\icq7.4\icq.exe |
"UDP Query User{883C0B46-D51D-41ED-B29E-FE32BC5B308D}E:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=e:\spiele\farcry2 (online check fehlt)\far cry 2\bin\farcry2.exe |
"UDP Query User{88E88493-832B-40CB-AC8B-C7F46266FD0A}E:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.1.0.2346-enus-tools-downloader.exe |
"UDP Query User{8C104BB1-F90A-4731-ACA3-60025526958C}E:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2727-enus-tools-downloader.exe |
"UDP Query User{8CAFE158-FD02-48CF-B113-D64BFE3380D9}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{95B58C57-C7E0-40A4-BB24-3114F5184899}E:\spiele\witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=e:\spiele\witcher 2\bin\witcher2.exe |
"UDP Query User{9B8EA6B9-35B0-4D4E-AB07-14FA7E4DEE07}C:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{9F80FEA1-FAE2-4346-B9CA-7142DDCA07A5}E:\spiele\diablo3\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=e:\spiele\diablo3\diablo iii\diablo iii.exe |
"UDP Query User{A50931E4-3059-4BC5-8981-579472C7746B}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{A9E42F6A-83D6-48EA-926B-5083DF519523}E:\spiele\dead space\dead space.exe" = protocol=17 | dir=in | app=e:\spiele\dead space\dead space.exe |
"UDP Query User{B82FB9C6-CC21-497A-80D7-716453542BEC}E:\program files\vectorworks2012\renderworks\cinerender.exe" = protocol=17 | dir=in | app=e:\program files\vectorworks2012\renderworks\cinerender.exe |
"UDP Query User{B960B09B-C792-4245-9FFA-CBA497D472CA}E:\spiele\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe |
"UDP Query User{BED86359-2871-4DE6-8094-ADE9C99EEAB7}E:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{C21CF168-1D81-4C42-9372-1A6050867737}E:\spiele\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\backgrounddownloader.exe |
"UDP Query User{D03CBDA1-E7EA-4F78-9011-679CE91F7FEA}E:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{D662E869-6165-4515-A6C0-A5811427FCE4}E:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe |
"UDP Query User{D899DA01-7A3F-4D1E-88CA-7D23E8CEA58F}C:\users\figur\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\figur\appdata\roaming\spotify\spotify.exe |
"UDP Query User{DF520C42-CF22-48AC-927B-A4F4F68EEEB5}E:\spiele\dow\w40kwa.exe" = protocol=17 | dir=in | app=e:\spiele\dow\w40kwa.exe |
"UDP Query User{E6D57D9E-193A-49B3-A137-59746A9C660A}C:\program files\ubisoft\xiii\system\xiii.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\xiii\system\xiii.exe |
"UDP Query User{EEAA92B9-51AA-4A79-8B6E-D5908079E2A6}E:\spiele\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=e:\spiele\call of duty black ops\blackops.exe |
"UDP Query User{F85A4312-DEFF-42F0-BDF9-9A4DC49E76DF}E:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.1214.1
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E25A554-0153-45A7-B342-49003A36367C}" = PDFtk Server
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.3.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87C2FAFA-E830-E3B1-A50E-876D00939884}" = Vectorworks 2012 Hilfe
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{912CE296-3D73-4A9D-B3FB-70A5CF7A8568}" = Empire Earth Ultimate Edition
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2D77DC2-8299-11D1-8949-444553540000}_is1" = ZTE Handset USB Driver 5.2066.1.8B02
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"Designer 2.0_is1" = Designer 2.0
"Diablo III" = Diablo III
"ENTERPRISE" = Microsoft Office Enterprise 2007
"eu.computerworks.vectorworks.2012.help.deu.07222458214E034A0B494E83FAD6744C17D2B914.1" = Vectorworks 2012 Hilfe
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Inkscape" = Inkscape 0.48.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"TeamViewer 7" = TeamViewer 7
"UnrealTournament" = Unreal Tournament
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3109638477-127064589-495194791-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.11.2012 12:31:13 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
Error - 16.11.2012 12:31:19 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
Error - 16.11.2012 12:31:21 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
Error - 29.11.2012 12:42:37 | Computer Name = figur-PC | Source = Application Hang | ID = 1002
Description = Programm Wow.exe, Version 5.1.0.16309 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 140 Startzeit:
01cdce38ba4415d4 Endzeit: 0 Anwendungspfad: E:\Spiele\World of Warcraft\Wow.exe Berichts-ID:
Error - 07.12.2012 08:26:12 | Computer Name = figur-PC | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei C:\Program
Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg. [ACCESS_VIOLATION
Exception!! EIP = 0x1e57462] Bitte Avira informieren und die obige Datei übersenden!
Error - 12.12.2012 20:14:07 | Computer Name = figur-PC | Source = Windows Search Service | ID = 3007
Description =
Error - 16.01.2013 08:10:24 | Computer Name = figur-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: inkscape.exe, Version: 0.48.4.0,
Zeitstempel: 0x50cf79ae Name des fehlerhaften Moduls: inkscape.exe, Version: 0.48.4.0,
Zeitstempel: 0x50cf79ae Ausnahmecode: 0xc0000005 Fehleroffset: 0x00796b3a ID des fehlerhaften
Prozesses: 0x1048 Startzeit der fehlerhaften Anwendung: 0x01cdf3e1279e46ea Pfad der
fehlerhaften Anwendung: E:\Program Files\Inkscape\inkscape.exe Pfad des fehlerhaften
Moduls: E:\Program Files\Inkscape\inkscape.exe Berichtskennung: b432eed6-5fd5-11e2-8f0e-1c6f658620a9
Error - 30.01.2013 05:25:41 | Computer Name = figur-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16457 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: e94 Startzeit: 01cdfecbaf241a15 Endzeit: 40 Anwendungspfad:
C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID:
Error - 10.02.2013 09:33:34 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
Error - 18.02.2013 13:34:31 | Computer Name = figur-PC | Source = VMCService | ID = 0
Description = GetLoggedOnUser
[ Media Center Events ]
Error - 04.09.2011 06:23:26 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:23:26 - Fehler beim Herstellen der Internetverbindung. 12:23:26
- Serververbindung konnte nicht hergestellt werden..
Error - 04.09.2011 06:23:38 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:23:32 - Fehler beim Herstellen der Internetverbindung. 12:23:32
- Serververbindung konnte nicht hergestellt werden..
Error - 05.09.2011 09:52:57 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 15:52:57 - Fehler beim Herstellen der Internetverbindung. 15:52:57
- Serververbindung konnte nicht hergestellt werden..
Error - 05.09.2011 09:53:07 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 15:53:02 - Fehler beim Herstellen der Internetverbindung. 15:53:02
- Serververbindung konnte nicht hergestellt werden..
Error - 06.09.2011 02:18:58 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 08:18:58 - Fehler beim Herstellen der Internetverbindung. 08:18:58
- Serververbindung konnte nicht hergestellt werden..
Error - 06.09.2011 02:19:08 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 08:19:03 - Fehler beim Herstellen der Internetverbindung. 08:19:03
- Serververbindung konnte nicht hergestellt werden..
Error - 06.09.2011 12:57:15 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 18:57:15 - Fehler beim Herstellen der Internetverbindung. 18:57:15
- Serververbindung konnte nicht hergestellt werden..
Error - 06.09.2011 12:57:25 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 18:57:20 - Fehler beim Herstellen der Internetverbindung. 18:57:20
- Serververbindung konnte nicht hergestellt werden..
Error - 07.09.2011 06:45:19 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:45:19 - Fehler beim Herstellen der Internetverbindung. 12:45:19
- Serververbindung konnte nicht hergestellt werden..
Error - 07.09.2011 06:45:36 | Computer Name = figur-PC | Source = MCUpdate | ID = 0
Description = 12:45:25 - Fehler beim Herstellen der Internetverbindung. 12:45:25
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 13.05.2013 07:41:35 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "NetIO-Legacy-TDI-Supporttreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 13.05.2013 07:41:35 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist vom Dienst "Ancillary
Function Driver for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 13.05.2013 07:41:35 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 13.05.2013 07:41:36 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.05.2013 07:41:36 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.05.2013 07:41:36 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31
Error - 13.05.2013 07:41:36 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.05.2013 07:41:36 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.05.2013 07:41:36 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 13.05.2013 07:41:36 | Computer Name = figur-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD AppleCharger avipbb CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd ssmdrv
tcpipBM
tdx
vwififlt
Wanarpv6
WfpLwf
ws2ifsl
< End of report >
|
|
13.05.2013, 13:26
| #2 |
| /// Malware-holic   |  Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter Hi,
__________________auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O20 - HKU\S-1-5-21-3109638477-127064589-495194791-1000 Winlogon: Shell - (C:\Users\figur\AppData\Roaming\skype.dat) - C:\Users\figur\AppData\Roaming\skype.dat
()
[2013.05.13 13:06:33 | 000,000,004 | ---- | M] () -- C:\Users\figur\AppData\Roaming\skype.ini
:Files
C:\Users\figur\AppData\Roaming\skype.dat
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
13.05.2013, 13:55
| #3 |
| | Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter Wurde hochgeladen, Link zum Thema habe ich angegeben.
__________________PC lässt sich wieder normal starten  Sollte noch etwas gemacht werden? |
|
13.05.2013, 13:58
| #4 |
| /// Malware-holic | Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter Danke erst mal fürs hochladen. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.05.2013, 14:12
| #5 |
| | Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter Frage anbei - kann ich meinen PC ohne bedenken wieder ans Internet hauen? Habe bis jetzt alles mit Stick hin- und her geschoben. Getan: Code:
ATTFilter 15:00:51.0321 2572 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:00:51.0415 2572 ============================================================
15:00:51.0415 2572 Current date / time: 2013/05/13 15:00:51.0415
15:00:51.0415 2572 SystemInfo:
15:00:51.0415 2572
15:00:51.0415 2572 OS Version: 6.1.7601 ServicePack: 1.0
15:00:51.0415 2572 Product type: Workstation
15:00:51.0415 2572 ComputerName: FIGUR-PC
15:00:51.0415 2572 UserName: figur
15:00:51.0415 2572 Windows directory: C:\Windows
15:00:51.0415 2572 System windows directory: C:\Windows
15:00:51.0415 2572 Processor architecture: Intel x86
15:00:51.0415 2572 Number of processors: 4
15:00:51.0415 2572 Page size: 0x1000
15:00:51.0415 2572 Boot type: Normal boot
15:00:51.0415 2572 ============================================================
15:00:52.0397 2572 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
15:00:52.0397 2572 Drive \Device\Harddisk1\DR3 - Size: 0x79200000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:00:52.0397 2572 ============================================================
15:00:52.0397 2572 \Device\Harddisk0\DR0:
15:00:52.0397 2572 MBR partitions:
15:00:52.0397 2572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:00:52.0397 2572 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x77CE000
15:00:52.0397 2572 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7800800, BlocksNum 0xC800000
15:00:52.0397 2572 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x14000800, BlocksNum 0x26385000
15:00:52.0397 2572 \Device\Harddisk1\DR3:
15:00:52.0397 2572 MBR partitions:
15:00:52.0397 2572 \Device\Harddisk1\DR3\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x3C8FE0
15:00:52.0397 2572 ============================================================
15:00:52.0413 2572 C: <-> \Device\Harddisk0\DR0\Partition2
15:00:52.0444 2572 D: <-> \Device\Harddisk0\DR0\Partition3
15:00:52.0491 2572 E: <-> \Device\Harddisk0\DR0\Partition4
15:00:52.0491 2572 ============================================================
15:00:52.0491 2572 Initialize success
15:00:52.0491 2572 ============================================================
15:02:09.0680 3380 ============================================================
15:02:09.0680 3380 Scan started
15:02:09.0680 3380 Mode: Manual; SigCheck; TDLFS;
15:02:09.0680 3380 ============================================================
15:02:10.0148 3380 ================ Scan system memory ========================
15:02:10.0148 3380 System memory - ok
15:02:10.0148 3380 ================ Scan services =============================
15:02:10.0257 3380 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:02:10.0319 3380 1394ohci - ok
15:02:10.0351 3380 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:02:10.0351 3380 ACPI - ok
15:02:10.0382 3380 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:02:10.0413 3380 AcpiPmi - ok
15:02:10.0444 3380 adfs - ok
15:02:10.0538 3380 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:02:10.0569 3380 AdobeARMservice - ok
15:02:10.0616 3380 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:02:10.0647 3380 AdobeFlashPlayerUpdateSvc - ok
15:02:10.0663 3380 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:02:10.0694 3380 adp94xx - ok
15:02:10.0709 3380 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:02:10.0725 3380 adpahci - ok
15:02:10.0787 3380 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:02:10.0834 3380 adpu320 - ok
15:02:10.0881 3380 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:02:10.0928 3380 AeLookupSvc - ok
15:02:10.0975 3380 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
15:02:11.0037 3380 AFD - ok
15:02:11.0053 3380 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
15:02:11.0068 3380 agp440 - ok
15:02:11.0084 3380 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
15:02:11.0099 3380 aic78xx - ok
15:02:11.0115 3380 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
15:02:11.0146 3380 ALG - ok
15:02:11.0162 3380 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
15:02:11.0177 3380 aliide - ok
15:02:11.0193 3380 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:02:11.0209 3380 amdagp - ok
15:02:11.0224 3380 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
15:02:11.0240 3380 amdide - ok
15:02:11.0255 3380 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:02:11.0287 3380 AmdK8 - ok
15:02:11.0302 3380 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:02:11.0318 3380 AmdPPM - ok
15:02:11.0349 3380 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:02:11.0365 3380 amdsata - ok
15:02:11.0380 3380 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:02:11.0396 3380 amdsbs - ok
15:02:11.0411 3380 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:02:11.0427 3380 amdxata - ok
15:02:11.0458 3380 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
15:02:11.0505 3380 androidusb - ok
15:02:11.0583 3380 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService E:\Program Files\Avira\AntiVir Desktop\sched.exe
15:02:11.0599 3380 AntiVirSchedulerService - ok
15:02:11.0645 3380 [ 72D90E56563165984224493069C69ED4 ] AntiVirService E:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:02:11.0645 3380 AntiVirService - ok
15:02:11.0677 3380 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
15:02:11.0708 3380 AppID - ok
15:02:11.0739 3380 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:02:11.0786 3380 AppIDSvc - ok
15:02:11.0817 3380 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
15:02:11.0848 3380 Appinfo - ok
15:02:11.0879 3380 [ 75A8B998EB259DD512F01EA25BEC7F3B ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
15:02:11.0895 3380 AppleCharger - ok
15:02:11.0895 3380 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
15:02:11.0911 3380 AppleChargerSrv - ok
15:02:11.0942 3380 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
15:02:11.0989 3380 AppMgmt - ok
15:02:12.0020 3380 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
15:02:12.0051 3380 arc - ok
15:02:12.0051 3380 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:02:12.0067 3380 arcsas - ok
15:02:12.0145 3380 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:02:12.0176 3380 aspnet_state - ok
15:02:12.0191 3380 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:02:12.0254 3380 AsyncMac - ok
15:02:12.0285 3380 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
15:02:12.0301 3380 atapi - ok
15:02:12.0332 3380 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
15:02:12.0347 3380 atksgt - ok
15:02:12.0379 3380 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:02:12.0425 3380 AudioEndpointBuilder - ok
15:02:12.0425 3380 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:02:12.0457 3380 Audiosrv - ok
15:02:12.0457 3380 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:02:12.0472 3380 avgntflt - ok
15:02:12.0488 3380 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:02:12.0503 3380 avipbb - ok
15:02:12.0535 3380 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:02:12.0550 3380 AxInstSV - ok
15:02:12.0581 3380 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
15:02:12.0628 3380 b06bdrv - ok
15:02:12.0644 3380 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:02:12.0675 3380 b57nd60x - ok
15:02:12.0691 3380 [ 382B151DAFFE4A9CE9DA9F564B66761E ] BCUService C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
15:02:12.0706 3380 BCUService - ok
15:02:12.0722 3380 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
15:02:12.0753 3380 BDESVC - ok
15:02:12.0769 3380 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
15:02:12.0815 3380 Beep - ok
15:02:12.0847 3380 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
15:02:12.0878 3380 BFE - ok
15:02:12.0909 3380 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
15:02:12.0925 3380 BITS - ok
15:02:12.0940 3380 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:02:12.0956 3380 blbdrive - ok
15:02:12.0987 3380 [ D002033C1A37F6AF51B5F0BA6D0211BC ] BMLoad C:\Windows\system32\drivers\BMLoad.sys
15:02:13.0018 3380 BMLoad ( UnsignedFile.Multi.Generic ) - warning
15:02:13.0018 3380 BMLoad - detected UnsignedFile.Multi.Generic (1)
15:02:13.0049 3380 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:02:13.0096 3380 bowser - ok
15:02:13.0127 3380 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:02:13.0159 3380 BrFiltLo - ok
15:02:13.0174 3380 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:02:13.0190 3380 BrFiltUp - ok
15:02:13.0221 3380 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
15:02:13.0252 3380 Browser - ok
15:02:13.0268 3380 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:02:13.0299 3380 Brserid - ok
15:02:13.0299 3380 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:02:13.0330 3380 BrSerWdm - ok
15:02:13.0346 3380 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:02:13.0377 3380 BrUsbMdm - ok
15:02:13.0393 3380 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:02:13.0408 3380 BrUsbSer - ok
15:02:13.0424 3380 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:02:13.0471 3380 BTHMODEM - ok
15:02:13.0502 3380 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
15:02:13.0533 3380 bthserv - ok
15:02:13.0549 3380 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:02:13.0611 3380 cdfs - ok
15:02:13.0642 3380 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:02:13.0658 3380 cdrom - ok
15:02:13.0689 3380 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
15:02:13.0736 3380 CertPropSvc - ok
15:02:13.0751 3380 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:02:13.0767 3380 circlass - ok
15:02:13.0783 3380 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
15:02:13.0798 3380 CLFS - ok
15:02:13.0814 3380 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:02:13.0829 3380 clr_optimization_v2.0.50727_32 - ok
15:02:13.0907 3380 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:02:13.0939 3380 clr_optimization_v4.0.30319_32 - ok
15:02:13.0939 3380 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:02:13.0954 3380 CmBatt - ok
15:02:13.0970 3380 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:02:13.0985 3380 cmdide - ok
15:02:14.0017 3380 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
15:02:14.0048 3380 CNG - ok
15:02:14.0063 3380 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:02:14.0079 3380 Compbatt - ok
15:02:14.0095 3380 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:02:14.0141 3380 CompositeBus - ok
15:02:14.0141 3380 COMSysApp - ok
15:02:14.0157 3380 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:02:14.0173 3380 crcdisk - ok
15:02:14.0204 3380 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:02:14.0219 3380 CryptSvc - ok
15:02:14.0251 3380 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
15:02:14.0282 3380 CSC - ok
15:02:14.0313 3380 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
15:02:14.0329 3380 CscService - ok
15:02:14.0360 3380 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
15:02:14.0375 3380 DcomLaunch - ok
15:02:14.0407 3380 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
15:02:14.0438 3380 defragsvc - ok
15:02:14.0453 3380 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:02:14.0485 3380 DfsC - ok
15:02:14.0516 3380 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:02:14.0531 3380 Dhcp - ok
15:02:14.0531 3380 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
15:02:14.0563 3380 discache - ok
15:02:14.0578 3380 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:02:14.0594 3380 Disk - ok
15:02:14.0625 3380 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:02:14.0641 3380 Dnscache - ok
15:02:14.0656 3380 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
15:02:14.0703 3380 dot3svc - ok
15:02:14.0719 3380 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
15:02:14.0734 3380 DPS - ok
15:02:14.0765 3380 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:02:14.0812 3380 drmkaud - ok
15:02:14.0859 3380 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:02:14.0937 3380 DXGKrnl - ok
15:02:14.0953 3380 EagleXNt - ok
15:02:14.0968 3380 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
15:02:14.0999 3380 EapHost - ok
15:02:15.0077 3380 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
15:02:15.0233 3380 ebdrv - ok
15:02:15.0249 3380 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
15:02:15.0265 3380 EFS - ok
15:02:15.0327 3380 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:02:15.0374 3380 ehRecvr - ok
15:02:15.0405 3380 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
15:02:15.0421 3380 ehSched - ok
15:02:15.0436 3380 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:02:15.0452 3380 elxstor - ok
15:02:15.0499 3380 [ B4556F3D468C8DCB0B259D9D866CD4C4 ] enodpl C:\Windows\system32\drivers\enodpl.sys
15:02:15.0530 3380 enodpl ( UnsignedFile.Multi.Generic ) - warning
15:02:15.0530 3380 enodpl - detected UnsignedFile.Multi.Generic (1)
15:02:15.0545 3380 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:02:15.0592 3380 ErrDev - ok
15:02:15.0623 3380 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
15:02:15.0639 3380 ES lite Service - ok
15:02:15.0686 3380 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
15:02:15.0717 3380 EventSystem - ok
15:02:15.0733 3380 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
15:02:15.0764 3380 exfat - ok
15:02:15.0779 3380 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:02:15.0811 3380 fastfat - ok
15:02:15.0842 3380 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
15:02:15.0857 3380 Fax - ok
15:02:15.0873 3380 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:02:15.0935 3380 fdc - ok
15:02:15.0951 3380 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
15:02:15.0982 3380 fdPHost - ok
15:02:15.0982 3380 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
15:02:16.0013 3380 FDResPub - ok
15:02:16.0029 3380 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:02:16.0045 3380 FileInfo - ok
15:02:16.0045 3380 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:02:16.0060 3380 Filetrace - ok
15:02:16.0076 3380 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:02:16.0091 3380 flpydisk - ok
15:02:16.0123 3380 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:02:16.0154 3380 FltMgr - ok
15:02:16.0201 3380 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
15:02:16.0232 3380 FontCache - ok
15:02:16.0279 3380 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:02:16.0310 3380 FontCache3.0.0.0 - ok
15:02:16.0325 3380 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:02:16.0357 3380 FsDepends - ok
15:02:16.0388 3380 [ BFAAA92861526BB0ADCD01E964AB6609 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:02:16.0435 3380 fssfltr - ok
15:02:16.0513 3380 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:02:16.0606 3380 fsssvc - ok
15:02:16.0622 3380 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:02:16.0637 3380 Fs_Rec - ok
15:02:16.0669 3380 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:02:16.0684 3380 fvevol - ok
15:02:16.0700 3380 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:02:16.0715 3380 gagp30kx - ok
15:02:16.0731 3380 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\Windows\gdrv.sys
15:02:16.0747 3380 gdrv - ok
15:02:16.0778 3380 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
15:02:16.0825 3380 gpsvc - ok
15:02:16.0903 3380 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:02:16.0934 3380 gupdate - ok
15:02:16.0965 3380 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:02:16.0981 3380 gupdatem - ok
15:02:17.0027 3380 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:02:17.0090 3380 gusvc - ok
15:02:17.0090 3380 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:02:17.0121 3380 hcw85cir - ok
15:02:17.0152 3380 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:02:17.0183 3380 HdAudAddService - ok
15:02:17.0199 3380 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:02:17.0230 3380 HDAudBus - ok
15:02:17.0230 3380 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:02:17.0246 3380 HidBatt - ok
15:02:17.0261 3380 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:02:17.0293 3380 HidBth - ok
15:02:17.0324 3380 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:02:17.0339 3380 HidIr - ok
15:02:17.0355 3380 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
15:02:17.0402 3380 hidserv - ok
15:02:17.0417 3380 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:02:17.0433 3380 HidUsb - ok
15:02:17.0449 3380 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:02:17.0480 3380 hkmsvc - ok
15:02:17.0511 3380 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:02:17.0511 3380 HomeGroupListener - ok
15:02:17.0542 3380 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:02:17.0558 3380 HomeGroupProvider - ok
15:02:17.0589 3380 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:02:17.0620 3380 HpSAMD - ok
15:02:17.0667 3380 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:02:17.0729 3380 HTTP - ok
15:02:17.0745 3380 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:02:17.0761 3380 hwpolicy - ok
15:02:17.0776 3380 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:02:17.0792 3380 i8042prt - ok
15:02:17.0823 3380 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:02:17.0839 3380 iaStorV - ok
15:02:17.0885 3380 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:02:17.0932 3380 idsvc - ok
15:02:17.0963 3380 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:02:17.0979 3380 iirsp - ok
15:02:18.0026 3380 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
15:02:18.0088 3380 IKEEXT - ok
15:02:18.0166 3380 [ AEE99ECF06CD1CEA95816CCB5BF73EC8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:02:18.0213 3380 IntcAzAudAddService - ok
15:02:18.0229 3380 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
15:02:18.0244 3380 intelide - ok
15:02:18.0260 3380 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:02:18.0275 3380 intelppm - ok
15:02:18.0291 3380 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:02:18.0353 3380 IPBusEnum - ok
15:02:18.0369 3380 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:02:18.0400 3380 IpFilterDriver - ok
15:02:18.0416 3380 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:02:18.0447 3380 iphlpsvc - ok
15:02:18.0463 3380 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:02:18.0478 3380 IPMIDRV - ok
15:02:18.0494 3380 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:02:18.0525 3380 IPNAT - ok
15:02:18.0541 3380 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:02:18.0556 3380 IRENUM - ok
15:02:18.0572 3380 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:02:18.0587 3380 isapnp - ok
15:02:18.0603 3380 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:02:18.0619 3380 iScsiPrt - ok
15:02:18.0650 3380 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:02:18.0665 3380 kbdclass - ok
15:02:18.0681 3380 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:02:18.0712 3380 kbdhid - ok
15:02:18.0728 3380 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
15:02:18.0728 3380 KeyIso - ok
15:02:18.0743 3380 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:02:18.0759 3380 KSecDD - ok
15:02:18.0775 3380 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:02:18.0790 3380 KSecPkg - ok
15:02:18.0806 3380 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
15:02:18.0853 3380 KtmRm - ok
15:02:18.0868 3380 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
15:02:18.0884 3380 LanmanServer - ok
15:02:18.0899 3380 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:02:18.0931 3380 LanmanWorkstation - ok
15:02:18.0946 3380 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
15:02:18.0962 3380 lirsgt - ok
15:02:18.0993 3380 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:02:19.0040 3380 lltdio - ok
15:02:19.0071 3380 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:02:19.0118 3380 lltdsvc - ok
15:02:19.0118 3380 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
15:02:19.0149 3380 lmhosts - ok
15:02:19.0165 3380 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:02:19.0180 3380 LSI_FC - ok
15:02:19.0196 3380 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:02:19.0211 3380 LSI_SAS - ok
15:02:19.0211 3380 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:02:19.0227 3380 LSI_SAS2 - ok
15:02:19.0243 3380 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:02:19.0243 3380 LSI_SCSI - ok
15:02:19.0258 3380 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
15:02:19.0289 3380 luafv - ok
15:02:19.0321 3380 [ F0435FE3C1EC2659D2BBF073CA0752EE ] massfilter C:\Windows\system32\DRIVERS\massfilter.sys
15:02:19.0321 3380 massfilter - ok
15:02:19.0352 3380 [ 3C7B3072C3C5CC23F5FD46F8DFDA7480 ] massfilter_hs C:\Windows\system32\drivers\massfilter_hs.sys
15:02:19.0383 3380 massfilter_hs - ok
15:02:19.0414 3380 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:02:19.0461 3380 Mcx2Svc - ok
15:02:19.0477 3380 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:02:19.0492 3380 megasas - ok
15:02:19.0508 3380 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:02:19.0523 3380 MegaSR - ok
15:02:19.0570 3380 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:02:19.0617 3380 Microsoft Office Groove Audit Service - ok
15:02:19.0633 3380 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
15:02:19.0664 3380 MMCSS - ok
15:02:19.0679 3380 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
15:02:19.0711 3380 Modem - ok
15:02:19.0742 3380 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:02:19.0757 3380 monitor - ok
15:02:19.0804 3380 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:02:19.0835 3380 mouclass - ok
15:02:19.0851 3380 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:02:19.0867 3380 mouhid - ok
15:02:19.0898 3380 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:02:19.0913 3380 mountmgr - ok
15:02:19.0929 3380 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
15:02:19.0945 3380 mpio - ok
15:02:19.0960 3380 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:02:20.0007 3380 mpsdrv - ok
15:02:20.0038 3380 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:02:20.0069 3380 MpsSvc - ok
15:02:20.0085 3380 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:02:20.0116 3380 MRxDAV - ok
15:02:20.0132 3380 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:02:20.0179 3380 mrxsmb - ok
15:02:20.0210 3380 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:02:20.0257 3380 mrxsmb10 - ok
15:02:20.0272 3380 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:02:20.0288 3380 mrxsmb20 - ok
15:02:20.0303 3380 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
15:02:20.0319 3380 msahci - ok
15:02:20.0350 3380 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:02:20.0366 3380 msdsm - ok
15:02:20.0381 3380 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
15:02:20.0413 3380 MSDTC - ok
15:02:20.0444 3380 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:02:20.0475 3380 Msfs - ok
15:02:20.0491 3380 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:02:20.0522 3380 mshidkmdf - ok
15:02:20.0537 3380 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:02:20.0553 3380 msisadrv - ok
15:02:20.0584 3380 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:02:20.0662 3380 MSiSCSI - ok
15:02:20.0662 3380 msiserver - ok
15:02:20.0678 3380 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:02:20.0709 3380 MSKSSRV - ok
15:02:20.0725 3380 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:02:20.0756 3380 MSPCLOCK - ok
15:02:20.0771 3380 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:02:20.0803 3380 MSPQM - ok
15:02:20.0818 3380 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:02:20.0834 3380 MsRPC - ok
15:02:20.0849 3380 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:02:20.0849 3380 mssmbios - ok
15:02:20.0865 3380 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:02:20.0881 3380 MSTEE - ok
15:02:20.0896 3380 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:02:20.0896 3380 MTConfig - ok
15:02:20.0912 3380 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
15:02:20.0927 3380 Mup - ok
15:02:20.0974 3380 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
15:02:21.0083 3380 napagent - ok
15:02:21.0146 3380 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:02:21.0161 3380 NativeWifiP - ok
15:02:21.0208 3380 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:02:21.0239 3380 NDIS - ok
15:02:21.0255 3380 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:02:21.0286 3380 NdisCap - ok
15:02:21.0302 3380 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:02:21.0333 3380 NdisTapi - ok
15:02:21.0364 3380 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:02:21.0395 3380 Ndisuio - ok
15:02:21.0411 3380 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:02:21.0442 3380 NdisWan - ok
15:02:21.0473 3380 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:02:21.0505 3380 NDProxy - ok
15:02:21.0520 3380 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:02:21.0551 3380 NetBIOS - ok
15:02:21.0567 3380 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:02:21.0598 3380 NetBT - ok
15:02:21.0614 3380 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
15:02:21.0614 3380 Netlogon - ok
15:02:21.0645 3380 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
15:02:21.0676 3380 Netman - ok
15:02:21.0692 3380 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
15:02:21.0723 3380 netprofm - ok
15:02:21.0754 3380 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:02:21.0754 3380 NetTcpPortSharing - ok
15:02:21.0785 3380 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:02:21.0801 3380 nfrd960 - ok
15:02:21.0817 3380 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
15:02:21.0848 3380 NlaSvc - ok
15:02:21.0848 3380 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:02:21.0879 3380 Npfs - ok
15:02:21.0879 3380 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
15:02:21.0895 3380 nsi - ok
15:02:21.0926 3380 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:02:21.0941 3380 nsiproxy - ok
15:02:21.0988 3380 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:02:22.0035 3380 Ntfs - ok
15:02:22.0051 3380 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
15:02:22.0082 3380 Null - ok
15:02:22.0113 3380 [ A0A9E53B4AAC3C6534A063ABA69BC19F ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
15:02:22.0129 3380 NVHDA - ok
15:02:22.0300 3380 [ B69E6F70CE1151C8D62ABC9DEF64DFBE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:02:22.0409 3380 nvlddmkm - ok
15:02:22.0441 3380 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:02:22.0472 3380 nvraid - ok
15:02:22.0519 3380 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:02:22.0565 3380 nvstor - ok
15:02:22.0597 3380 [ E4284FCF99FEA13A7E1836F87AE356F6 ] NVSvc C:\Windows\system32\nvvsvc.exe
15:02:22.0643 3380 NVSvc - ok
15:02:22.0690 3380 [ 03E60E0BFA53ED15DC984FA34B44BB0F ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
15:02:22.0721 3380 nvUpdatusService - ok
15:02:22.0737 3380 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:02:22.0753 3380 nv_agp - ok
15:02:22.0815 3380 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:02:22.0831 3380 odserv - ok
15:02:22.0862 3380 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:02:22.0909 3380 ohci1394 - ok
15:02:22.0940 3380 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:02:22.0955 3380 ose - ok
15:02:22.0987 3380 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:02:23.0002 3380 p2pimsvc - ok
15:02:23.0018 3380 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
15:02:23.0033 3380 p2psvc - ok
15:02:23.0065 3380 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:02:23.0096 3380 Parport - ok
15:02:23.0111 3380 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:02:23.0127 3380 partmgr - ok
15:02:23.0143 3380 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
15:02:23.0158 3380 Parvdm - ok
15:02:23.0158 3380 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:02:23.0174 3380 PcaSvc - ok
15:02:23.0205 3380 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
15:02:23.0221 3380 pci - ok
15:02:23.0236 3380 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
15:02:23.0252 3380 pciide - ok
15:02:23.0252 3380 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:02:23.0283 3380 pcmcia - ok
15:02:23.0299 3380 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
15:02:23.0314 3380 pcw - ok
15:02:23.0330 3380 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:02:23.0392 3380 PEAUTH - ok
15:02:23.0423 3380 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
15:02:23.0455 3380 PeerDistSvc - ok
15:02:23.0501 3380 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
15:02:23.0548 3380 pla - ok
15:02:23.0564 3380 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:02:23.0579 3380 PlugPlay - ok
15:02:23.0595 3380 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:02:23.0611 3380 PNRPAutoReg - ok
15:02:23.0626 3380 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:02:23.0642 3380 PNRPsvc - ok
15:02:23.0673 3380 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:02:23.0704 3380 PolicyAgent - ok
15:02:23.0720 3380 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
15:02:23.0751 3380 Power - ok
15:02:23.0767 3380 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:02:23.0782 3380 PptpMiniport - ok
15:02:23.0798 3380 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:02:23.0813 3380 Processor - ok
15:02:23.0845 3380 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
15:02:23.0860 3380 ProfSvc - ok
15:02:23.0876 3380 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:02:23.0891 3380 ProtectedStorage - ok
15:02:23.0891 3380 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:02:23.0923 3380 Psched - ok
15:02:23.0969 3380 [ 053A608BCFEB5A4D0CECDDA703B08C83 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
15:02:24.0016 3380 PxHelp20 - ok
15:02:24.0063 3380 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:02:24.0125 3380 ql2300 - ok
15:02:24.0157 3380 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:02:24.0172 3380 ql40xx - ok
15:02:24.0188 3380 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
15:02:24.0219 3380 QWAVE - ok
15:02:24.0235 3380 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:02:24.0250 3380 QWAVEdrv - ok
15:02:24.0266 3380 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:02:24.0297 3380 RasAcd - ok
15:02:24.0313 3380 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:02:24.0375 3380 RasAgileVpn - ok
15:02:24.0391 3380 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
15:02:24.0422 3380 RasAuto - ok
15:02:24.0437 3380 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:02:24.0453 3380 Rasl2tp - ok
15:02:24.0500 3380 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
15:02:24.0547 3380 RasMan - ok
15:02:24.0562 3380 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:02:24.0578 3380 RasPppoe - ok
15:02:24.0593 3380 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:02:24.0625 3380 RasSstp - ok
15:02:24.0656 3380 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:02:24.0671 3380 rdbss - ok
15:02:24.0687 3380 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:02:24.0703 3380 rdpbus - ok
15:02:24.0718 3380 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:02:24.0734 3380 RDPCDD - ok
15:02:24.0749 3380 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
15:02:24.0765 3380 RDPDR - ok
15:02:24.0781 3380 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:02:24.0812 3380 RDPENCDD - ok
15:02:24.0812 3380 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:02:24.0827 3380 RDPREFMP - ok
15:02:24.0874 3380 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:02:24.0905 3380 RdpVideoMiniport - ok
15:02:24.0937 3380 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:02:24.0968 3380 RDPWD - ok
15:02:24.0983 3380 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:02:24.0999 3380 rdyboost - ok
15:02:25.0030 3380 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
15:02:25.0077 3380 RemoteAccess - ok
15:02:25.0108 3380 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:02:25.0139 3380 RemoteRegistry - ok
15:02:25.0155 3380 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:02:25.0171 3380 RpcEptMapper - ok
15:02:25.0186 3380 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
15:02:25.0233 3380 RpcLocator - ok
15:02:25.0249 3380 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
15:02:25.0280 3380 RpcSs - ok
15:02:25.0295 3380 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:02:25.0327 3380 rspndr - ok
15:02:25.0358 3380 [ 1A42B4CBA44778D312E668CD166CBCBB ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
15:02:25.0373 3380 RTL8167 - ok
15:02:25.0420 3380 [ 08E0B15F88CBFFEE0BB18D321C42E1B4 ] RTL8192cu C:\Windows\system32\DRIVERS\RTL8192cu.sys
15:02:25.0467 3380 RTL8192cu - ok
15:02:25.0498 3380 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
15:02:25.0529 3380 s3cap - ok
15:02:25.0545 3380 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
15:02:25.0561 3380 SamSs - ok
15:02:25.0592 3380 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:02:25.0607 3380 sbp2port - ok
15:02:25.0623 3380 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:02:25.0670 3380 SCardSvr - ok
15:02:25.0685 3380 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:02:25.0732 3380 scfilter - ok
15:02:25.0748 3380 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
15:02:25.0779 3380 Schedule - ok
15:02:25.0795 3380 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:02:25.0810 3380 SCPolicySvc - ok
15:02:25.0826 3380 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:02:25.0857 3380 SDRSVC - ok
15:02:25.0888 3380 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:02:25.0904 3380 secdrv - ok
15:02:25.0919 3380 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
15:02:25.0951 3380 seclogon - ok
15:02:25.0966 3380 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
15:02:25.0997 3380 SENS - ok
15:02:26.0013 3380 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:02:26.0029 3380 SensrSvc - ok
15:02:26.0044 3380 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:02:26.0075 3380 Serenum - ok
15:02:26.0075 3380 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:02:26.0107 3380 Serial - ok
15:02:26.0122 3380 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:02:26.0138 3380 sermouse - ok
15:02:26.0169 3380 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
15:02:26.0216 3380 SessionEnv - ok
15:02:26.0231 3380 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:02:26.0263 3380 sffdisk - ok
15:02:26.0278 3380 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:02:26.0294 3380 sffp_mmc - ok
15:02:26.0309 3380 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:02:26.0341 3380 sffp_sd - ok
15:02:26.0356 3380 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:02:26.0372 3380 sfloppy - ok
15:02:26.0403 3380 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:02:26.0450 3380 SharedAccess - ok
15:02:26.0465 3380 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:02:26.0481 3380 ShellHWDetection - ok
15:02:26.0497 3380 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:02:26.0512 3380 sisagp - ok
15:02:26.0528 3380 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:02:26.0543 3380 SiSRaid2 - ok
15:02:26.0559 3380 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:02:26.0575 3380 SiSRaid4 - ok
15:02:26.0575 3380 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:02:26.0606 3380 Smb - ok
15:02:26.0637 3380 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:02:26.0653 3380 SNMPTRAP - ok
15:02:26.0653 3380 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
15:02:26.0668 3380 spldr - ok
15:02:26.0684 3380 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
15:02:26.0715 3380 Spooler - ok
15:02:26.0793 3380 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
15:02:26.0902 3380 sppsvc - ok
15:02:26.0918 3380 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:02:26.0949 3380 sppuinotify - ok
15:02:26.0980 3380 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
15:02:26.0980 3380 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
15:02:26.0980 3380 sptd ( LockedFile.Multi.Generic ) - warning
15:02:26.0980 3380 sptd - detected LockedFile.Multi.Generic (1)
15:02:27.0011 3380 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:02:27.0089 3380 srv - ok
15:02:27.0105 3380 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:02:27.0152 3380 srv2 - ok
15:02:27.0167 3380 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:02:27.0183 3380 srvnet - ok
15:02:27.0214 3380 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
15:02:27.0230 3380 ssadbus - ok
15:02:27.0245 3380 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:02:27.0261 3380 ssadmdfl - ok
15:02:27.0277 3380 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
15:02:27.0308 3380 ssadmdm - ok
15:02:27.0323 3380 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
15:02:27.0355 3380 ssadserd - ok
15:02:27.0386 3380 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:02:27.0417 3380 SSDPSRV - ok
15:02:27.0464 3380 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
15:02:27.0479 3380 ssmdrv - ok
15:02:27.0495 3380 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:02:27.0526 3380 SstpSvc - ok
15:02:27.0604 3380 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:02:27.0651 3380 Stereo Service - ok
15:02:27.0667 3380 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:02:27.0682 3380 stexstor - ok
15:02:27.0698 3380 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
15:02:27.0745 3380 StiSvc - ok
15:02:27.0776 3380 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
15:02:27.0791 3380 storflt - ok
15:02:27.0807 3380 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
15:02:27.0823 3380 storvsc - ok
15:02:27.0838 3380 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
15:02:27.0838 3380 swenum - ok
15:02:27.0932 3380 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:02:27.0979 3380 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:02:27.0979 3380 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:02:27.0979 3380 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
15:02:28.0010 3380 swprv - ok
15:02:28.0025 3380 Synth3dVsc - ok
15:02:28.0057 3380 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
15:02:28.0103 3380 SysMain - ok
15:02:28.0119 3380 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:02:28.0166 3380 TabletInputService - ok
15:02:28.0213 3380 [ 126D7B3B4C7B724491C604060E1F4E14 ] tandpl C:\Windows\system32\drivers\tandpl.sys
15:02:28.0228 3380 tandpl ( UnsignedFile.Multi.Generic ) - warning
15:02:28.0228 3380 tandpl - detected UnsignedFile.Multi.Generic (1)
15:02:28.0259 3380 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
15:02:28.0306 3380 TapiSrv - ok
15:02:28.0322 3380 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
15:02:28.0337 3380 TBS - ok
15:02:28.0369 3380 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:02:28.0415 3380 Tcpip - ok
15:02:28.0447 3380 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:02:28.0478 3380 TCPIP6 - ok
15:02:28.0493 3380 [ DCFEB82CA988598CEB8F83148616038E ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys
15:02:28.0493 3380 tcpipBM ( UnsignedFile.Multi.Generic ) - warning
15:02:28.0493 3380 tcpipBM - detected UnsignedFile.Multi.Generic (1)
15:02:28.0509 3380 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:02:28.0525 3380 tcpipreg - ok
15:02:28.0556 3380 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:02:28.0571 3380 TDPIPE - ok
15:02:28.0603 3380 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:02:28.0634 3380 TDTCP - ok
15:02:28.0665 3380 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:02:28.0727 3380 tdx - ok
15:02:28.0899 3380 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 E:\teamviewer\Version7\TeamViewer_Service.exe
15:02:28.0946 3380 TeamViewer7 - ok
15:02:28.0993 3380 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
15:02:29.0024 3380 teamviewervpn - ok
15:02:29.0055 3380 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:02:29.0102 3380 TermDD - ok
15:02:29.0133 3380 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
15:02:29.0164 3380 TermService - ok
15:02:29.0180 3380 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
15:02:29.0211 3380 Themes - ok
15:02:29.0211 3380 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
15:02:29.0227 3380 THREADORDER - ok
15:02:29.0242 3380 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
15:02:29.0273 3380 TrkWks - ok
15:02:29.0320 3380 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:02:29.0367 3380 TrustedInstaller - ok
15:02:29.0398 3380 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:02:29.0414 3380 tssecsrv - ok
15:02:29.0429 3380 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:02:29.0445 3380 TsUsbFlt - ok
15:02:29.0445 3380 tsusbhub - ok
15:02:29.0492 3380 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:02:29.0539 3380 tunnel - ok
15:02:29.0554 3380 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:02:29.0570 3380 uagp35 - ok
15:02:29.0601 3380 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:02:29.0648 3380 udfs - ok
15:02:29.0663 3380 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:02:29.0679 3380 UI0Detect - ok
15:02:29.0710 3380 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:02:29.0726 3380 uliagpkx - ok
15:02:29.0757 3380 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
15:02:29.0804 3380 umbus - ok
15:02:29.0804 3380 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:02:29.0819 3380 UmPass - ok
15:02:29.0851 3380 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
15:02:29.0866 3380 UmRdpService - ok
15:02:29.0882 3380 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
15:02:29.0913 3380 upnphost - ok
15:02:29.0975 3380 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:02:30.0022 3380 usbaudio - ok
15:02:30.0038 3380 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:02:30.0069 3380 usbccgp - ok
15:02:30.0100 3380 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:02:30.0163 3380 usbcir - ok
15:02:30.0178 3380 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:02:30.0194 3380 usbehci - ok
15:02:30.0209 3380 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:02:30.0241 3380 usbhub - ok
15:02:30.0256 3380 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:02:30.0287 3380 usbohci - ok
15:02:30.0303 3380 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:02:30.0319 3380 usbprint - ok
15:02:30.0334 3380 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:02:30.0350 3380 USBSTOR - ok
15:02:30.0365 3380 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:02:30.0365 3380 usbuhci - ok
15:02:30.0397 3380 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
15:02:30.0412 3380 UxSms - ok
15:02:30.0428 3380 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
15:02:30.0428 3380 VaultSvc - ok
15:02:30.0459 3380 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:02:30.0475 3380 vdrvroot - ok
15:02:30.0490 3380 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
15:02:30.0521 3380 vds - ok
15:02:30.0537 3380 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:02:30.0553 3380 vga - ok
15:02:30.0584 3380 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:02:30.0599 3380 VgaSave - ok
15:02:30.0615 3380 VGPU - ok
15:02:30.0631 3380 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:02:30.0677 3380 vhdmp - ok
15:02:30.0709 3380 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:02:30.0724 3380 viaagp - ok
15:02:30.0740 3380 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
15:02:30.0771 3380 ViaC7 - ok
15:02:30.0771 3380 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
15:02:30.0787 3380 viaide - ok
15:02:30.0802 3380 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
15:02:30.0818 3380 vmbus - ok
15:02:30.0833 3380 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
15:02:30.0849 3380 VMBusHID - ok
15:02:30.0927 3380 [ C6E18C3B43378AE3FCECDFF0F0BB7BE7 ] VMCService E:\Program Files\VMC\Bin\VMCService.exe
15:02:30.0958 3380 VMCService ( UnsignedFile.Multi.Generic ) - warning
15:02:30.0958 3380 VMCService - detected UnsignedFile.Multi.Generic (1)
15:02:30.0974 3380 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:02:31.0005 3380 volmgr - ok
15:02:31.0036 3380 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:02:31.0099 3380 volmgrx - ok
15:02:31.0114 3380 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:02:31.0130 3380 volsnap - ok
15:02:31.0161 3380 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:02:31.0177 3380 vsmraid - ok
15:02:31.0255 3380 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
15:02:31.0364 3380 VSS - ok
15:02:31.0379 3380 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:02:31.0411 3380 vwifibus - ok
15:02:31.0426 3380 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:02:31.0442 3380 vwififlt - ok
15:02:31.0457 3380 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
15:02:31.0489 3380 W32Time - ok
15:02:31.0504 3380 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:02:31.0535 3380 WacomPen - ok
15:02:31.0551 3380 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:02:31.0567 3380 WANARP - ok
15:02:31.0567 3380 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:02:31.0582 3380 Wanarpv6 - ok
15:02:31.0613 3380 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
15:02:31.0660 3380 wbengine - ok
15:02:31.0676 3380 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:02:31.0707 3380 WbioSrvc - ok
15:02:31.0723 3380 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:02:31.0754 3380 wcncsvc - ok
15:02:31.0769 3380 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:02:31.0785 3380 WcsPlugInService - ok
15:02:31.0785 3380 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:02:31.0801 3380 Wd - ok
15:02:31.0832 3380 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:02:31.0894 3380 Wdf01000 - ok
15:02:31.0894 3380 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:02:31.0925 3380 WdiServiceHost - ok
15:02:31.0925 3380 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:02:31.0941 3380 WdiSystemHost - ok
15:02:31.0957 3380 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
15:02:31.0988 3380 WebClient - ok
15:02:32.0003 3380 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:02:32.0035 3380 Wecsvc - ok
15:02:32.0035 3380 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:02:32.0066 3380 wercplsupport - ok
15:02:32.0097 3380 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
15:02:32.0113 3380 WerSvc - ok
15:02:32.0128 3380 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:02:32.0144 3380 WfpLwf - ok
15:02:32.0159 3380 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:02:32.0175 3380 WIMMount - ok
15:02:32.0222 3380 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:02:32.0237 3380 WinDefend - ok
15:02:32.0253 3380 WinHttpAutoProxySvc - ok
15:02:32.0300 3380 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:02:32.0362 3380 Winmgmt - ok
15:02:32.0409 3380 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
15:02:32.0456 3380 WinRM - ok
15:02:32.0487 3380 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:02:32.0503 3380 WinUsb - ok
15:02:32.0534 3380 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:02:32.0565 3380 Wlansvc - ok
15:02:32.0612 3380 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:02:32.0627 3380 wlcrasvc - ok
15:02:32.0721 3380 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:02:32.0752 3380 wlidsvc - ok
15:02:32.0783 3380 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:02:32.0799 3380 WmiAcpi - ok
15:02:32.0815 3380 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:02:32.0846 3380 wmiApSrv - ok
15:02:32.0908 3380 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:02:32.0939 3380 WMPNetworkSvc - ok
15:02:32.0955 3380 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:02:32.0986 3380 WPCSvc - ok
15:02:33.0002 3380 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:02:33.0033 3380 WPDBusEnum - ok
15:02:33.0064 3380 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:02:33.0111 3380 ws2ifsl - ok
15:02:33.0127 3380 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
15:02:33.0158 3380 wscsvc - ok
15:02:33.0158 3380 WSearch - ok
15:02:33.0189 3380 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:02:33.0236 3380 wuauserv - ok
15:02:33.0251 3380 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:02:33.0267 3380 WudfPf - ok
15:02:33.0298 3380 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:02:33.0314 3380 WUDFRd - ok
15:02:33.0345 3380 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:02:33.0392 3380 wudfsvc - ok
15:02:33.0407 3380 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:02:33.0454 3380 WwanSvc - ok
15:02:33.0485 3380 [ 9474B548D96FBE5E5A99B9AC8AF65BD8 ] zghsdiag C:\Windows\system32\DRIVERS\zghsdiag.sys
15:02:33.0532 3380 zghsdiag - ok
15:02:33.0563 3380 [ 5CBAFE90E78C13C0429971E2FA05B48A ] zghsmdm C:\Windows\system32\DRIVERS\zghsmdm.sys
15:02:33.0610 3380 zghsmdm - ok
15:02:33.0641 3380 [ DEC848571EB87EF2F10FA289320D7A44 ] zghsnmea C:\Windows\system32\DRIVERS\zghsnmea.sys
15:02:33.0673 3380 zghsnmea - ok
15:02:33.0719 3380 [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
15:02:33.0766 3380 ZTEusbmdm6k - ok
15:02:33.0782 3380 [ 9862F9D2FF50AE748ED42C022E6AAC15 ] ZTEusbnet C:\Windows\system32\DRIVERS\ZTEusbnet.sys
15:02:33.0829 3380 ZTEusbnet - ok
15:02:33.0844 3380 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
15:02:33.0860 3380 ZTEusbnmea - ok
15:02:33.0875 3380 [ C2215C6ADA8B1E9FEB507CEE9B446661 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
15:02:33.0891 3380 ZTEusbser6k - ok
15:02:33.0907 3380 [ F16CE3C7690AB7426DC96520D54A737E ] ZTEusbvoice C:\Windows\system32\DRIVERS\ZTEusbvoice.sys
15:02:33.0922 3380 ZTEusbvoice - ok
15:02:33.0938 3380 ================ Scan global ===============================
15:02:33.0969 3380 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:02:33.0985 3380 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:02:34.0000 3380 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:02:34.0031 3380 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:02:34.0047 3380 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:02:34.0047 3380 [Global] - ok
15:02:34.0047 3380 ================ Scan MBR ==================================
15:02:34.0063 3380 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:02:34.0468 3380 \Device\Harddisk0\DR0 - ok
15:02:34.0484 3380 [ 20C15EF2111B8472BBFE5E65B7C949E6 ] \Device\Harddisk1\DR3
15:02:35.0092 3380 \Device\Harddisk1\DR3 - ok
15:02:35.0092 3380 ================ Scan VBR ==================================
15:02:35.0092 3380 [ 2BCA57A5544EFA7843D3397D6F43C02A ] \Device\Harddisk0\DR0\Partition1
15:02:35.0092 3380 \Device\Harddisk0\DR0\Partition1 - ok
15:02:35.0108 3380 [ 99200672EC99E77D8952E7E529DEDD4A ] \Device\Harddisk0\DR0\Partition2
15:02:35.0108 3380 \Device\Harddisk0\DR0\Partition2 - ok
15:02:35.0123 3380 [ 7121F92D8BA49FD731F3ED6F22B5EC10 ] \Device\Harddisk0\DR0\Partition3
15:02:35.0123 3380 \Device\Harddisk0\DR0\Partition3 - ok
15:02:35.0139 3380 [ 8CB2DF087D07941900F5D07328D049F6 ] \Device\Harddisk0\DR0\Partition4
15:02:35.0139 3380 \Device\Harddisk0\DR0\Partition4 - ok
15:02:35.0139 3380 [ 3BEA09A2C03F8F769740A0333FC3D361 ] \Device\Harddisk1\DR3\Partition1
15:02:35.0139 3380 \Device\Harddisk1\DR3\Partition1 - ok
15:02:35.0139 3380 ============================================================
15:02:35.0139 3380 Scan finished
15:02:35.0139 3380 ============================================================
15:02:35.0155 1816 Detected object count: 7
15:02:35.0155 1816 Actual detected object count: 7
15:05:12.0356 1816 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:12.0356 1816 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:12.0356 1816 enodpl ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:12.0356 1816 enodpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:12.0356 1816 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:05:12.0356 1816 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:05:12.0372 1816 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:12.0372 1816 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:12.0372 1816 tandpl ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:12.0372 1816 tandpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:12.0372 1816 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:12.0372 1816 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:12.0372 1816 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
15:05:12.0372 1816 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:05:24.0275 3376 Deinitialize success
|
|
13.05.2013, 14:14
| #6 |
| /// Malware-holic | Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter Hi ins Netz kannst du, und in den normalen Modus. Scan mit Combofix
__________________ --> Weißer-Bildschirm mit Zahlungsaufforderung, Abgesicherter Modus fährt sofort runter |
WARNUNG an die MITLESER: 
Textbox. 
Linear-Darstellung
