| |
| |||||||
Log-Analyse und Auswertung: Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.05.2013, 11:15
| #31 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.05.2013, 12:16
| #32 |
 | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Übrigens lassen sich die Dateien wieder öffnen!
__________________Hier die Log-Datei von aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-17 12:22:42
-----------------------------
12:22:42.383 OS Version: Windows x64 6.1.7600
12:22:42.383 Number of processors: 2 586 0x170A
12:22:42.383 ComputerName: LIAMPC UserName:
12:22:52.024 Initialize success
12:24:16.667 AVAST engine defs: 13051601
12:24:27.389 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:24:27.389 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
12:24:27.389 Disk 1 \Device\Harddisk1\DR0 -> \Device\0000000e
12:24:27.405 Disk 1 Vendor: ( Size: 250MB BusType: 0
12:24:27.670 Disk 0 MBR read successfully
12:24:27.670 Disk 0 MBR scan
12:24:27.733 Disk 0 Windows VISTA default MBR code
12:24:27.733 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:24:27.764 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
12:24:27.795 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920
12:24:28.310 Disk 0 scanning C:\Windows\system32\drivers
12:24:50.415 Service scanning
12:25:49.820 Modules scanning
12:25:50.335 Disk 0 trace - called modules:
12:25:50.350 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:25:50.350 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800420d730]
12:25:50.366 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004062050]
12:25:54.765 AVAST engine scan C:\Windows
12:26:05.326 AVAST engine scan C:\Windows\system32
12:34:54.721 AVAST engine scan C:\Windows\system32\drivers
12:36:12.223 AVAST engine scan C:\Users\***
13:05:40.199 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
13:05:40.199 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
Code:
ATTFilter 13:08:33.0871 6092 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:08:34.0012 6092 ============================================================
13:08:34.0012 6092 Current date / time: 2013/05/17 13:08:34.0012
13:08:34.0012 6092 SystemInfo:
13:08:34.0012 6092
13:08:34.0012 6092 OS Version: 6.1.7600 ServicePack: 0.0
13:08:34.0012 6092 Product type: Workstation
13:08:34.0012 6092 ComputerName: LIAMPC
13:08:34.0012 6092 UserName: ***
13:08:34.0012 6092 Windows directory: C:\Windows
13:08:34.0012 6092 System windows directory: C:\Windows
13:08:34.0012 6092 Running under WOW64
13:08:34.0012 6092 Processor architecture: Intel x64
13:08:34.0012 6092 Number of processors: 2
13:08:34.0012 6092 Page size: 0x1000
13:08:34.0012 6092 Boot type: Normal boot
13:08:34.0012 6092 ============================================================
13:08:35.0057 6092 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:08:35.0073 6092 Drive \Device\Harddisk1\DR0 - Size: 0xFA00000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x20, TracksPerCylinder: 0x40, Type 'W'
13:08:35.0073 6092 Drive \Device\Harddisk2\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:08:35.0104 6092 ============================================================
13:08:35.0104 6092 \Device\Harddisk0\DR0:
13:08:35.0104 6092 MBR partitions:
13:08:35.0104 6092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
13:08:35.0104 6092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
13:08:35.0104 6092 \Device\Harddisk1\DR0:
13:08:35.0104 6092 MBR partitions:
13:08:35.0104 6092 \Device\Harddisk2\DR1:
13:08:35.0104 6092 MBR partitions:
13:08:35.0104 6092 \Device\Harddisk2\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
13:08:35.0104 6092 ============================================================
13:08:35.0151 6092 C: <-> \Device\Harddisk0\DR0\Partition2
13:08:35.0182 6092 E: <-> \Device\Harddisk2\DR1\Partition1
13:08:35.0182 6092 ============================================================
13:08:35.0182 6092 Initialize success
13:08:35.0182 6092 ============================================================
13:09:00.0641 1668 ============================================================
13:09:00.0641 1668 Scan started
13:09:00.0641 1668 Mode: Manual; SigCheck; TDLFS;
13:09:00.0641 1668 ============================================================
13:09:01.0390 1668 ================ Scan system memory ========================
13:09:01.0390 1668 System memory - ok
13:09:01.0390 1668 ================ Scan services =============================
13:09:01.0624 1668 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
13:09:01.0827 1668 1394ohci - ok
13:09:01.0936 1668 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
13:09:01.0983 1668 ACPI - ok
13:09:02.0030 1668 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
13:09:02.0123 1668 AcpiPmi - ok
13:09:02.0264 1668 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
13:09:02.0342 1668 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:09:02.0342 1668 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:09:02.0435 1668 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:09:02.0482 1668 AdobeARMservice - ok
13:09:02.0966 1668 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:09:02.0997 1668 AdobeFlashPlayerUpdateSvc - ok
13:09:03.0090 1668 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:09:03.0122 1668 adp94xx - ok
13:09:03.0184 1668 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:09:03.0215 1668 adpahci - ok
13:09:03.0246 1668 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:09:03.0278 1668 adpu320 - ok
13:09:03.0356 1668 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:09:03.0543 1668 AeLookupSvc - ok
13:09:03.0605 1668 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
13:09:03.0746 1668 AFD - ok
13:09:03.0839 1668 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
13:09:03.0855 1668 agp440 - ok
13:09:03.0933 1668 [ C5C0564B56A7015308401F1DF0ED3213 ] AirDisplay C:\Windows\system32\DRIVERS\AVVideoCard.sys
13:09:03.0964 1668 AirDisplay - ok
13:09:04.0026 1668 [ 047446596E28835C277C490DE9CDECEE ] AirDisplayMirror C:\Windows\system32\DRIVERS\AVVideoCardMirror.sys
13:09:04.0042 1668 AirDisplayMirror - ok
13:09:04.0120 1668 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:09:04.0214 1668 ALG - ok
13:09:04.0276 1668 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
13:09:04.0292 1668 aliide - ok
13:09:04.0354 1668 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
13:09:04.0370 1668 amdide - ok
13:09:04.0416 1668 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:09:04.0463 1668 AmdK8 - ok
13:09:04.0479 1668 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:09:04.0526 1668 AmdPPM - ok
13:09:04.0572 1668 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:09:04.0588 1668 amdsata - ok
13:09:04.0650 1668 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:09:04.0682 1668 amdsbs - ok
13:09:04.0728 1668 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:09:04.0760 1668 amdxata - ok
13:09:05.0025 1668 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:09:05.0056 1668 AntiVirSchedulerService - ok
13:09:05.0118 1668 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:09:05.0150 1668 AntiVirService - ok
13:09:05.0228 1668 [ 1412E9A88FE1F7E35CE6058A2EF03664 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
13:09:05.0243 1668 ApfiltrService - ok
13:09:05.0321 1668 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
13:09:05.0446 1668 AppID - ok
13:09:05.0493 1668 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:09:05.0571 1668 AppIDSvc - ok
13:09:05.0633 1668 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
13:09:05.0727 1668 Appinfo - ok
13:09:05.0898 1668 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:09:05.0945 1668 Apple Mobile Device - ok
13:09:06.0039 1668 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:09:06.0070 1668 arc - ok
13:09:06.0117 1668 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:09:06.0132 1668 arcsas - ok
13:09:06.0226 1668 aspnet_state - ok
13:09:06.0273 1668 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:09:06.0335 1668 AsyncMac - ok
13:09:06.0366 1668 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
13:09:06.0398 1668 atapi - ok
13:09:06.0476 1668 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:09:06.0554 1668 AudioEndpointBuilder - ok
13:09:06.0569 1668 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:09:06.0616 1668 AudioSrv - ok
13:09:06.0678 1668 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:09:06.0710 1668 avgntflt - ok
13:09:06.0756 1668 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:09:06.0772 1668 avipbb - ok
13:09:06.0834 1668 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:09:06.0881 1668 avkmgr - ok
13:09:06.0975 1668 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:09:07.0115 1668 AxInstSV - ok
13:09:07.0178 1668 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:09:07.0271 1668 b06bdrv - ok
13:09:07.0334 1668 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:09:07.0365 1668 b57nd60a - ok
13:09:07.0427 1668 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
13:09:07.0443 1668 BCM42RLY - ok
13:09:07.0599 1668 [ F4CD5F52850BF2C978DE178F256BA372 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
13:09:07.0755 1668 BCM43XX - ok
13:09:07.0833 1668 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:09:07.0864 1668 BDESVC - ok
13:09:07.0942 1668 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:09:08.0020 1668 Beep - ok
13:09:08.0098 1668 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
13:09:08.0192 1668 BFE - ok
13:09:08.0254 1668 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\system32\qmgr.dll
13:09:08.0394 1668 BITS - ok
13:09:08.0441 1668 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:09:08.0472 1668 blbdrive - ok
13:09:08.0613 1668 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:09:08.0644 1668 Bonjour Service - ok
13:09:08.0738 1668 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:09:08.0831 1668 bowser - ok
13:09:08.0894 1668 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:09:08.0956 1668 BrFiltLo - ok
13:09:09.0003 1668 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:09:09.0018 1668 BrFiltUp - ok
13:09:09.0096 1668 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:09:09.0159 1668 BridgeMP - ok
13:09:09.0221 1668 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
13:09:09.0346 1668 Browser - ok
13:09:09.0393 1668 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:09:09.0533 1668 Brserid - ok
13:09:09.0549 1668 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:09:09.0596 1668 BrSerWdm - ok
13:09:09.0627 1668 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:09:09.0674 1668 BrUsbMdm - ok
13:09:09.0705 1668 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:09:09.0752 1668 BrUsbSer - ok
13:09:09.0798 1668 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
13:09:09.0908 1668 BthEnum - ok
13:09:09.0939 1668 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:09:09.0986 1668 BTHMODEM - ok
13:09:10.0048 1668 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:09:10.0095 1668 BthPan - ok
13:09:10.0142 1668 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
13:09:10.0220 1668 BTHPORT - ok
13:09:10.0266 1668 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:09:10.0344 1668 bthserv - ok
13:09:10.0360 1668 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
13:09:10.0391 1668 BTHUSB - ok
13:09:10.0454 1668 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
13:09:10.0485 1668 btwaudio - ok
13:09:10.0547 1668 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
13:09:10.0563 1668 btwavdt - ok
13:09:10.0641 1668 [ D65AA164ACD0F6706DBCFBBCC9731584 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:09:10.0703 1668 btwdins - ok
13:09:10.0719 1668 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
13:09:10.0734 1668 btwl2cap - ok
13:09:10.0734 1668 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
13:09:10.0750 1668 btwrchid - ok
13:09:10.0797 1668 catchme - ok
13:09:10.0828 1668 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:09:10.0906 1668 cdfs - ok
13:09:10.0968 1668 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:09:11.0015 1668 cdrom - ok
13:09:11.0078 1668 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
13:09:11.0171 1668 CertPropSvc - ok
13:09:11.0234 1668 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:09:11.0280 1668 circlass - ok
13:09:11.0327 1668 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:09:11.0358 1668 CLFS - ok
13:09:11.0405 1668 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:09:11.0468 1668 clr_optimization_v2.0.50727_32 - ok
13:09:11.0561 1668 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:09:11.0592 1668 clr_optimization_v2.0.50727_64 - ok
13:09:11.0717 1668 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:09:11.0780 1668 clr_optimization_v4.0.30319_32 - ok
13:09:11.0873 1668 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:09:11.0889 1668 clr_optimization_v4.0.30319_64 - ok
13:09:11.0951 1668 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:09:11.0982 1668 CmBatt - ok
13:09:12.0029 1668 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
13:09:12.0045 1668 cmdide - ok
13:09:12.0154 1668 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
13:09:12.0232 1668 CNG - ok
13:09:12.0279 1668 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:09:12.0310 1668 Compbatt - ok
13:09:12.0357 1668 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
13:09:12.0404 1668 CompositeBus - ok
13:09:12.0419 1668 COMSysApp - ok
13:09:12.0482 1668 cpuz135 - ok
13:09:12.0528 1668 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:09:12.0560 1668 crcdisk - ok
13:09:12.0622 1668 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:09:12.0716 1668 CryptSvc - ok
13:09:12.0794 1668 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:09:12.0903 1668 CtClsFlt - ok
13:09:12.0981 1668 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:09:13.0059 1668 DcomLaunch - ok
13:09:13.0106 1668 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:09:13.0184 1668 defragsvc - ok
13:09:13.0246 1668 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:09:13.0324 1668 DfsC - ok
13:09:13.0386 1668 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
13:09:13.0511 1668 Dhcp - ok
13:09:13.0558 1668 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:09:13.0620 1668 discache - ok
13:09:13.0698 1668 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:09:13.0714 1668 Disk - ok
13:09:13.0995 1668 [ 214CF29D013B96B8AAA0C31682349D92 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
13:09:14.0400 1668 DisplayLinkService - ok
13:09:14.0463 1668 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:09:14.0525 1668 Dnscache - ok
13:09:14.0588 1668 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
13:09:14.0650 1668 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
13:09:14.0650 1668 DockLoginService - detected UnsignedFile.Multi.Generic (1)
13:09:14.0728 1668 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
13:09:14.0790 1668 dot3svc - ok
13:09:14.0822 1668 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
13:09:14.0900 1668 DPS - ok
13:09:14.0946 1668 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:09:14.0993 1668 drmkaud - ok
13:09:15.0102 1668 dump_wmimmc - ok
13:09:15.0180 1668 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:09:15.0258 1668 DXGKrnl - ok
13:09:15.0336 1668 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:09:15.0399 1668 EapHost - ok
13:09:15.0508 1668 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:09:15.0680 1668 ebdrv - ok
13:09:15.0726 1668 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
13:09:15.0804 1668 EFS - ok
13:09:15.0914 1668 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:09:16.0023 1668 ehRecvr - ok
13:09:16.0070 1668 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:09:16.0132 1668 ehSched - ok
13:09:16.0210 1668 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:09:16.0241 1668 elxstor - ok
13:09:16.0257 1668 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
13:09:16.0304 1668 ErrDev - ok
13:09:16.0382 1668 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:09:16.0444 1668 EventSystem - ok
13:09:16.0506 1668 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:09:16.0553 1668 exfat - ok
13:09:16.0569 1668 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:09:16.0631 1668 fastfat - ok
13:09:16.0709 1668 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
13:09:16.0803 1668 Fax - ok
13:09:16.0850 1668 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:09:16.0896 1668 fdc - ok
13:09:16.0928 1668 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:09:16.0974 1668 fdPHost - ok
13:09:17.0006 1668 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:09:17.0068 1668 FDResPub - ok
13:09:17.0099 1668 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:09:17.0115 1668 FileInfo - ok
13:09:17.0162 1668 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:09:17.0224 1668 Filetrace - ok
13:09:17.0255 1668 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:09:17.0286 1668 flpydisk - ok
13:09:17.0302 1668 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:09:17.0333 1668 FltMgr - ok
13:09:17.0411 1668 [ 037DF207489DFFF2527FF81A769C233F ] FontCache C:\Windows\system32\FntCache.dll
13:09:17.0520 1668 FontCache - ok
13:09:17.0614 1668 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:09:17.0645 1668 FontCache3.0.0.0 - ok
13:09:17.0661 1668 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:09:17.0676 1668 FsDepends - ok
13:09:17.0723 1668 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:09:17.0739 1668 Fs_Rec - ok
13:09:17.0801 1668 [ 1F44F8559E61A8306ECC67BB1E168B7C ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:09:17.0832 1668 fvevol - ok
13:09:17.0895 1668 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:09:17.0910 1668 gagp30kx - ok
13:09:17.0973 1668 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:09:17.0988 1668 GEARAspiWDM - ok
13:09:18.0051 1668 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
13:09:18.0129 1668 gpsvc - ok
13:09:18.0300 1668 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:09:18.0332 1668 gupdate - ok
13:09:18.0363 1668 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:09:18.0378 1668 gupdatem - ok
13:09:18.0425 1668 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
13:09:18.0441 1668 hamachi - ok
13:09:18.0519 1668 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:09:18.0581 1668 hcw85cir - ok
13:09:18.0628 1668 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:09:18.0675 1668 HDAudBus - ok
13:09:18.0706 1668 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:09:18.0737 1668 HidBatt - ok
13:09:18.0784 1668 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:09:18.0831 1668 HidBth - ok
13:09:18.0846 1668 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:09:18.0893 1668 HidIr - ok
13:09:18.0956 1668 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
13:09:19.0018 1668 hidserv - ok
13:09:19.0080 1668 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:09:19.0127 1668 HidUsb - ok
13:09:19.0158 1668 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:09:19.0221 1668 hkmsvc - ok
13:09:19.0268 1668 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:09:19.0330 1668 HomeGroupListener - ok
13:09:19.0392 1668 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:09:19.0439 1668 HomeGroupProvider - ok
13:09:19.0502 1668 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
13:09:19.0517 1668 HpSAMD - ok
13:09:19.0548 1668 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:09:19.0658 1668 HTTP - ok
13:09:19.0704 1668 hwdatacard - ok
13:09:19.0720 1668 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:09:19.0736 1668 hwpolicy - ok
13:09:19.0829 1668 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:09:19.0860 1668 i8042prt - ok
13:09:19.0970 1668 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:09:20.0032 1668 IAANTMON - ok
13:09:20.0079 1668 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:09:20.0110 1668 iaStor - ok
13:09:20.0172 1668 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:09:20.0204 1668 iaStorV - ok
13:09:20.0282 1668 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:09:20.0360 1668 idsvc - ok
13:09:20.0562 1668 [ BABD5F9B2BCC82CE556A0BAF1AE208A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:09:20.0937 1668 igfx - ok
13:09:21.0015 1668 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:09:21.0030 1668 iirsp - ok
13:09:21.0140 1668 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
13:09:21.0233 1668 IKEEXT - ok
13:09:21.0264 1668 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
13:09:21.0280 1668 intelide - ok
13:09:21.0342 1668 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:09:21.0374 1668 intelppm - ok
13:09:21.0405 1668 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:09:21.0467 1668 IPBusEnum - ok
13:09:21.0514 1668 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:09:21.0576 1668 IpFilterDriver - ok
13:09:21.0623 1668 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:09:21.0717 1668 iphlpsvc - ok
13:09:21.0748 1668 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:09:21.0795 1668 IPMIDRV - ok
13:09:21.0842 1668 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:09:21.0904 1668 IPNAT - ok
13:09:22.0013 1668 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:09:22.0060 1668 iPod Service - ok
13:09:22.0122 1668 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:09:22.0138 1668 IRENUM - ok
13:09:22.0200 1668 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
13:09:22.0216 1668 isapnp - ok
13:09:22.0232 1668 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:09:22.0263 1668 iScsiPrt - ok
13:09:22.0294 1668 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:09:22.0310 1668 kbdclass - ok
13:09:22.0356 1668 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:09:22.0388 1668 kbdhid - ok
13:09:22.0419 1668 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
13:09:22.0434 1668 KeyIso - ok
13:09:22.0481 1668 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:09:22.0512 1668 KSecDD - ok
13:09:22.0528 1668 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:09:22.0559 1668 KSecPkg - ok
13:09:22.0575 1668 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:09:22.0637 1668 ksthunk - ok
13:09:22.0684 1668 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:09:22.0762 1668 KtmRm - ok
13:09:22.0840 1668 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:09:22.0949 1668 LanmanServer - ok
13:09:22.0996 1668 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:09:23.0074 1668 LanmanWorkstation - ok
13:09:23.0136 1668 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:09:23.0199 1668 lltdio - ok
13:09:23.0230 1668 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:09:23.0292 1668 lltdsvc - ok
13:09:23.0339 1668 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:09:23.0386 1668 lmhosts - ok
13:09:23.0433 1668 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:09:23.0448 1668 LSI_FC - ok
13:09:23.0495 1668 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:09:23.0526 1668 LSI_SAS - ok
13:09:23.0542 1668 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:09:23.0558 1668 LSI_SAS2 - ok
13:09:23.0573 1668 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:09:23.0604 1668 LSI_SCSI - ok
13:09:23.0651 1668 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:09:23.0714 1668 luafv - ok
13:09:23.0760 1668 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:09:23.0792 1668 Mcx2Svc - ok
13:09:23.0823 1668 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:09:23.0838 1668 megasas - ok
13:09:23.0870 1668 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:09:23.0901 1668 MegaSR - ok
13:09:23.0948 1668 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:09:24.0010 1668 MMCSS - ok
13:09:24.0041 1668 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:09:24.0104 1668 Modem - ok
13:09:24.0150 1668 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:09:24.0197 1668 monitor - ok
13:09:24.0213 1668 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:09:24.0228 1668 mouclass - ok
13:09:24.0291 1668 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:09:24.0306 1668 mouhid - ok
13:09:24.0369 1668 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:09:24.0384 1668 mountmgr - ok
13:09:24.0416 1668 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
13:09:24.0431 1668 mpio - ok
13:09:24.0462 1668 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:09:24.0509 1668 mpsdrv - ok
13:09:24.0572 1668 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:09:24.0681 1668 MpsSvc - ok
13:09:24.0712 1668 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:09:24.0759 1668 MRxDAV - ok
13:09:24.0806 1668 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:09:24.0837 1668 mrxsmb - ok
13:09:24.0899 1668 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:09:24.0946 1668 mrxsmb10 - ok
13:09:24.0962 1668 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:09:25.0008 1668 mrxsmb20 - ok
13:09:25.0071 1668 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
13:09:25.0102 1668 msahci - ok
13:09:25.0118 1668 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
13:09:25.0149 1668 msdsm - ok
13:09:25.0196 1668 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:09:25.0258 1668 MSDTC - ok
13:09:25.0305 1668 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:09:25.0336 1668 Msfs - ok
13:09:25.0352 1668 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:09:25.0414 1668 mshidkmdf - ok
13:09:25.0445 1668 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
13:09:25.0461 1668 msisadrv - ok
13:09:25.0523 1668 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:09:25.0570 1668 MSiSCSI - ok
13:09:25.0586 1668 msiserver - ok
13:09:25.0632 1668 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:09:25.0695 1668 MSKSSRV - ok
13:09:25.0726 1668 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:09:25.0788 1668 MSPCLOCK - ok
13:09:25.0804 1668 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:09:25.0866 1668 MSPQM - ok
13:09:25.0976 1668 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:09:26.0007 1668 MsRPC - ok
13:09:26.0022 1668 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:09:26.0038 1668 mssmbios - ok
13:09:26.0054 1668 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:09:26.0116 1668 MSTEE - ok
13:09:26.0147 1668 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:09:26.0178 1668 MTConfig - ok
13:09:26.0210 1668 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:09:26.0225 1668 Mup - ok
13:09:26.0288 1668 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
13:09:26.0381 1668 napagent - ok
13:09:26.0444 1668 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:09:26.0490 1668 NativeWifiP - ok
13:09:26.0537 1668 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
13:09:26.0646 1668 NDIS - ok
13:09:26.0693 1668 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:09:26.0740 1668 NdisCap - ok
13:09:26.0802 1668 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:09:26.0865 1668 NdisTapi - ok
13:09:26.0880 1668 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:09:26.0943 1668 Ndisuio - ok
13:09:26.0974 1668 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:09:27.0036 1668 NdisWan - ok
13:09:27.0052 1668 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:09:27.0114 1668 NDProxy - ok
13:09:27.0192 1668 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
13:09:27.0224 1668 Netaapl - ok
13:09:27.0270 1668 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:09:27.0302 1668 NetBIOS - ok
13:09:27.0364 1668 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:09:27.0442 1668 NetBT - ok
13:09:27.0489 1668 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
13:09:27.0504 1668 Netlogon - ok
13:09:27.0582 1668 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:09:27.0660 1668 Netman - ok
13:09:27.0692 1668 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:09:27.0785 1668 netprofm - ok
13:09:27.0832 1668 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:09:27.0879 1668 NetTcpPortSharing - ok
13:09:27.0941 1668 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:09:27.0972 1668 nfrd960 - ok
13:09:28.0035 1668 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:09:28.0128 1668 NlaSvc - ok
13:09:28.0144 1668 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:09:28.0206 1668 Npfs - ok
13:09:28.0238 1668 npggsvc - ok
13:09:28.0253 1668 NPPTNT2 - ok
13:09:28.0300 1668 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:09:28.0362 1668 nsi - ok
13:09:28.0409 1668 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:09:28.0456 1668 nsiproxy - ok
13:09:28.0534 1668 [ 9A6089B056EA1B83B36424FC9D0A300E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:09:28.0643 1668 Ntfs - ok
13:09:28.0659 1668 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:09:28.0721 1668 Null - ok
13:09:28.0784 1668 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:09:28.0799 1668 nvraid - ok
13:09:28.0862 1668 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:09:28.0893 1668 nvstor - ok
13:09:28.0940 1668 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
13:09:28.0955 1668 nv_agp - ok
13:09:29.0096 1668 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:09:29.0142 1668 odserv - ok
13:09:29.0174 1668 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:09:29.0189 1668 ohci1394 - ok
13:09:29.0252 1668 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:09:29.0283 1668 ose - ok
13:09:29.0345 1668 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:09:29.0408 1668 p2pimsvc - ok
13:09:29.0439 1668 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:09:29.0470 1668 p2psvc - ok
13:09:29.0517 1668 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:09:29.0548 1668 Parport - ok
13:09:29.0595 1668 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:09:29.0610 1668 partmgr - ok
13:09:29.0642 1668 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:09:29.0688 1668 PcaSvc - ok
13:09:29.0720 1668 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
13:09:29.0751 1668 pci - ok
13:09:29.0766 1668 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
13:09:29.0782 1668 pciide - ok
13:09:29.0813 1668 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:09:29.0844 1668 pcmcia - ok
13:09:29.0860 1668 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:09:29.0876 1668 pcw - ok
13:09:29.0907 1668 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:09:29.0985 1668 PEAUTH - ok
13:09:30.0110 1668 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:09:30.0156 1668 PerfHost - ok
13:09:30.0234 1668 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
13:09:30.0359 1668 pla - ok
13:09:30.0422 1668 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:09:30.0500 1668 PlugPlay - ok
13:09:30.0562 1668 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:09:30.0593 1668 PNRPAutoReg - ok
13:09:30.0624 1668 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:09:30.0656 1668 PNRPsvc - ok
13:09:30.0702 1668 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:09:30.0780 1668 PolicyAgent - ok
13:09:30.0874 1668 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:09:30.0936 1668 Power - ok
13:09:30.0999 1668 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:09:31.0061 1668 PptpMiniport - ok
13:09:31.0077 1668 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:09:31.0108 1668 Processor - ok
13:09:31.0155 1668 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
13:09:31.0202 1668 ProfSvc - ok
13:09:31.0217 1668 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:09:31.0233 1668 ProtectedStorage - ok
13:09:31.0280 1668 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:09:31.0342 1668 Psched - ok
13:09:31.0404 1668 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
13:09:31.0420 1668 PxHlpa64 - ok
13:09:31.0482 1668 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:09:31.0560 1668 ql2300 - ok
13:09:31.0607 1668 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:09:31.0638 1668 ql40xx - ok
13:09:31.0685 1668 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:09:31.0716 1668 QWAVE - ok
13:09:31.0732 1668 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:09:31.0794 1668 QWAVEdrv - ok
13:09:31.0857 1668 [ 3F53614E2ECAF0893EED2E70ADF55920 ] RAMDiskVE C:\Windows\system32\Drivers\RAMDiskVE.sys
13:09:31.0872 1668 RAMDiskVE - ok
13:09:31.0919 1668 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:09:31.0982 1668 RasAcd - ok
13:09:32.0044 1668 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:09:32.0091 1668 RasAgileVpn - ok
13:09:32.0153 1668 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:09:32.0200 1668 RasAuto - ok
13:09:32.0216 1668 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:09:32.0294 1668 Rasl2tp - ok
13:09:32.0340 1668 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
13:09:32.0403 1668 RasMan - ok
13:09:32.0418 1668 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:09:32.0481 1668 RasPppoe - ok
13:09:32.0528 1668 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:09:32.0590 1668 RasSstp - ok
13:09:32.0637 1668 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:09:32.0699 1668 rdbss - ok
13:09:32.0730 1668 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:09:32.0762 1668 rdpbus - ok
13:09:32.0777 1668 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:09:32.0824 1668 RDPCDD - ok
13:09:32.0871 1668 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:09:32.0933 1668 RDPENCDD - ok
13:09:32.0964 1668 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:09:33.0011 1668 RDPREFMP - ok
13:09:33.0058 1668 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:09:33.0136 1668 RDPWD - ok
13:09:33.0198 1668 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:09:33.0230 1668 rdyboost - ok
13:09:33.0292 1668 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:09:33.0354 1668 RemoteAccess - ok
13:09:33.0386 1668 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:09:33.0448 1668 RemoteRegistry - ok
13:09:33.0510 1668 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:09:33.0557 1668 RFCOMM - ok
13:09:33.0588 1668 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:09:33.0666 1668 RpcEptMapper - ok
13:09:33.0713 1668 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:09:33.0760 1668 RpcLocator - ok
13:09:33.0791 1668 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
13:09:33.0838 1668 RpcSs - ok
13:09:33.0900 1668 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:09:33.0963 1668 rspndr - ok
13:09:34.0025 1668 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
13:09:34.0056 1668 RSUSBSTOR - ok
13:09:34.0072 1668 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
13:09:34.0088 1668 SamSs - ok
13:09:34.0119 1668 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
13:09:34.0134 1668 sbp2port - ok
13:09:34.0197 1668 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:09:34.0275 1668 SCardSvr - ok
13:09:34.0290 1668 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:09:34.0353 1668 scfilter - ok
13:09:34.0431 1668 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
13:09:34.0524 1668 Schedule - ok
13:09:34.0571 1668 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:09:34.0618 1668 SCPolicySvc - ok
13:09:34.0680 1668 [ 490B0B68BB938D5C628EC4A67277BE75 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
13:09:34.0696 1668 ScreamBAudioSvc - ok
13:09:34.0743 1668 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:09:34.0821 1668 SDRSVC - ok
13:09:34.0946 1668 [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:09:34.0992 1668 SeaPort - ok
13:09:35.0070 1668 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:09:35.0133 1668 secdrv - ok
13:09:35.0195 1668 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
13:09:35.0273 1668 seclogon - ok
13:09:35.0289 1668 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:09:35.0351 1668 SENS - ok
13:09:35.0367 1668 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:09:35.0429 1668 SensrSvc - ok
13:09:35.0476 1668 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:09:35.0523 1668 Serenum - ok
13:09:35.0570 1668 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:09:35.0585 1668 Serial - ok
13:09:35.0616 1668 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:09:35.0632 1668 sermouse - ok
13:09:35.0694 1668 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
13:09:35.0741 1668 SessionEnv - ok
13:09:35.0757 1668 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
13:09:35.0788 1668 sffdisk - ok
13:09:35.0804 1668 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:09:35.0850 1668 sffp_mmc - ok
13:09:35.0866 1668 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
13:09:35.0897 1668 sffp_sd - ok
13:09:35.0913 1668 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:09:35.0960 1668 sfloppy - ok
13:09:36.0069 1668 [ 7F475425582163602EF1589C0071E521 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:09:36.0147 1668 SftService - ok
13:09:36.0209 1668 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:09:36.0272 1668 SharedAccess - ok
13:09:36.0334 1668 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:09:36.0396 1668 ShellHWDetection - ok
13:09:36.0443 1668 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:09:36.0459 1668 SiSRaid2 - ok
13:09:36.0506 1668 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:09:36.0537 1668 SiSRaid4 - ok
13:09:36.0662 1668 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:09:36.0740 1668 SkypeUpdate - ok
13:09:36.0786 1668 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:09:36.0849 1668 Smb - ok
13:09:36.0911 1668 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:09:36.0958 1668 SNMPTRAP - ok
13:09:37.0005 1668 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:09:37.0020 1668 spldr - ok
13:09:37.0083 1668 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
13:09:37.0192 1668 Spooler - ok
13:09:37.0301 1668 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
13:09:37.0488 1668 sppsvc - ok
13:09:37.0520 1668 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:09:37.0582 1668 sppuinotify - ok
13:09:37.0691 1668 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
13:09:37.0722 1668 sprtsvc_DellSupportCenter - ok
13:09:37.0769 1668 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:09:37.0863 1668 srv - ok
13:09:37.0910 1668 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:09:37.0956 1668 srv2 - ok
13:09:37.0988 1668 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:09:38.0034 1668 srvnet - ok
13:09:38.0097 1668 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:09:38.0159 1668 SSDPSRV - ok
13:09:38.0190 1668 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:09:38.0253 1668 SstpSvc - ok
13:09:38.0424 1668 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
13:09:38.0502 1668 STacSV - ok
13:09:38.0549 1668 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:09:38.0580 1668 stexstor - ok
13:09:38.0643 1668 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
13:09:38.0705 1668 STHDA - ok
13:09:38.0768 1668 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
13:09:38.0814 1668 stisvc - ok
13:09:38.0861 1668 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:09:38.0877 1668 swenum - ok
13:09:38.0908 1668 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:09:38.0970 1668 swprv - ok
13:09:39.0017 1668 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
13:09:39.0173 1668 SysMain - ok
13:09:39.0204 1668 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:09:39.0251 1668 TabletInputService - ok
13:09:39.0314 1668 [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
13:09:39.0376 1668 tap0901 - ok
13:09:39.0423 1668 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
13:09:39.0501 1668 TapiSrv - ok
13:09:39.0532 1668 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:09:39.0579 1668 TBS - ok
13:09:39.0672 1668 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:09:39.0813 1668 Tcpip - ok
13:09:39.0891 1668 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:09:39.0938 1668 TCPIP6 - ok
13:09:39.0984 1668 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:09:40.0031 1668 tcpipreg - ok
13:09:40.0062 1668 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:09:40.0125 1668 TDPIPE - ok
13:09:40.0172 1668 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:09:40.0218 1668 TDTCP - ok
13:09:40.0265 1668 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:09:40.0328 1668 tdx - ok
13:09:40.0374 1668 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:09:40.0390 1668 TermDD - ok
13:09:40.0468 1668 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
13:09:40.0562 1668 TermService - ok
13:09:40.0608 1668 [ 142408368385DC9F9EBFDBC872157102 ] Themes C:\Windows\system32\themeservice.dll
13:09:40.0640 1668 Themes ( UnsignedFile.Multi.Generic ) - warning
13:09:40.0640 1668 Themes - detected UnsignedFile.Multi.Generic (1)
13:09:40.0686 1668 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:09:40.0718 1668 THREADORDER - ok
13:09:40.0796 1668 [ 199C2E87D9A5EC58D0BCD94E893BF629 ] TIEHDUSB C:\Windows\system32\DRIVERS\tiehdusb.sys
13:09:40.0889 1668 TIEHDUSB - ok
13:09:40.0936 1668 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:09:41.0030 1668 TrkWks - ok
13:09:41.0123 1668 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:09:41.0170 1668 TrustedInstaller - ok
13:09:41.0201 1668 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:09:41.0264 1668 tssecsrv - ok
13:09:41.0310 1668 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:09:41.0357 1668 tunnel - ok
13:09:41.0388 1668 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:09:41.0404 1668 uagp35 - ok
13:09:41.0435 1668 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:09:41.0498 1668 udfs - ok
13:09:41.0560 1668 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:09:41.0576 1668 UI0Detect - ok
13:09:41.0638 1668 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
13:09:41.0654 1668 uliagpkx - ok
13:09:41.0700 1668 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:09:41.0747 1668 umbus - ok
13:09:41.0778 1668 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:09:41.0810 1668 UmPass - ok
13:09:41.0841 1668 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:09:41.0919 1668 upnphost - ok
13:09:41.0981 1668 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:09:42.0044 1668 USBAAPL64 - ok
13:09:42.0090 1668 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:09:42.0153 1668 usbccgp - ok
13:09:42.0215 1668 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
13:09:42.0262 1668 usbcir - ok
13:09:42.0309 1668 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:09:42.0340 1668 usbehci - ok
13:09:42.0402 1668 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:09:42.0449 1668 usbhub - ok
13:09:42.0480 1668 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:09:42.0512 1668 usbohci - ok
13:09:42.0574 1668 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:09:42.0621 1668 usbprint - ok
13:09:42.0668 1668 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:09:42.0699 1668 usbscan - ok
13:09:42.0746 1668 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
13:09:42.0824 1668 USBSTOR - ok
13:09:42.0855 1668 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:09:42.0886 1668 usbuhci - ok
13:09:42.0964 1668 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:09:43.0089 1668 usbvideo - ok
13:09:43.0136 1668 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:09:43.0214 1668 UxSms - ok
13:09:43.0229 1668 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
13:09:43.0245 1668 VaultSvc - ok
13:09:43.0307 1668 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
13:09:43.0338 1668 vdrvroot - ok
13:09:43.0354 1668 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
13:09:43.0416 1668 vds - ok
13:09:43.0448 1668 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:09:43.0463 1668 vga - ok
13:09:43.0479 1668 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:09:43.0541 1668 VgaSave - ok
13:09:43.0572 1668 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
13:09:43.0604 1668 vhdmp - ok
13:09:43.0619 1668 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
13:09:43.0635 1668 viaide - ok
13:09:43.0666 1668 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
13:09:43.0682 1668 volmgr - ok
13:09:43.0697 1668 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:09:43.0728 1668 volmgrx - ok
13:09:43.0791 1668 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:09:43.0822 1668 volsnap - ok
13:09:43.0869 1668 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:09:43.0900 1668 vsmraid - ok
13:09:43.0978 1668 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
13:09:44.0072 1668 VSS - ok
13:09:44.0103 1668 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:09:44.0118 1668 vwifibus - ok
13:09:44.0165 1668 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:09:44.0212 1668 vwififlt - ok
13:09:44.0290 1668 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:09:44.0337 1668 vwifimp - ok
13:09:44.0399 1668 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:09:44.0462 1668 W32Time - ok
13:09:44.0477 1668 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:09:44.0524 1668 WacomPen - ok
13:09:44.0586 1668 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:09:44.0649 1668 WANARP - ok
13:09:44.0649 1668 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:09:44.0696 1668 Wanarpv6 - ok
13:09:44.0758 1668 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
13:09:44.0867 1668 wbengine - ok
13:09:44.0883 1668 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:09:44.0930 1668 WbioSrvc - ok
13:09:44.0976 1668 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:09:45.0039 1668 wcncsvc - ok
13:09:45.0101 1668 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:09:45.0132 1668 WcsPlugInService - ok
13:09:45.0179 1668 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:09:45.0210 1668 Wd - ok
13:09:45.0273 1668 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:09:45.0335 1668 Wdf01000 - ok
13:09:45.0366 1668 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:09:45.0413 1668 WdiServiceHost - ok
13:09:45.0413 1668 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:09:45.0444 1668 WdiSystemHost - ok
13:09:45.0491 1668 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
13:09:45.0569 1668 WebClient - ok
13:09:45.0600 1668 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:09:45.0663 1668 Wecsvc - ok
13:09:45.0694 1668 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:09:45.0756 1668 wercplsupport - ok
13:09:45.0803 1668 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:09:45.0866 1668 WerSvc - ok
13:09:45.0912 1668 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:09:45.0944 1668 WfpLwf - ok
13:09:46.0006 1668 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
13:09:46.0037 1668 WimFltr - ok
13:09:46.0100 1668 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:09:46.0115 1668 WIMMount - ok
13:09:46.0162 1668 WinDefend - ok
13:09:46.0162 1668 WinHttpAutoProxySvc - ok
13:09:46.0490 1668 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:09:46.0568 1668 Winmgmt - ok
13:09:46.0802 1668 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys
13:09:46.0817 1668 WinRing0_1_2_0 - ok
13:09:47.0067 1668 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
13:09:47.0207 1668 WinRM - ok
13:09:47.0285 1668 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:09:47.0316 1668 WinUsb - ok
13:09:47.0597 1668 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:09:47.0706 1668 Wlansvc - ok
13:09:47.0831 1668 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
13:09:47.0847 1668 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
13:09:47.0847 1668 wltrysvc - detected UnsignedFile.Multi.Generic (1)
13:09:47.0878 1668 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:09:47.0925 1668 WmiAcpi - ok
13:09:47.0972 1668 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:09:48.0018 1668 wmiApSrv - ok
13:09:48.0081 1668 WMPNetworkSvc - ok
13:09:48.0143 1668 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:09:48.0190 1668 WPCSvc - ok
13:09:48.0221 1668 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:09:48.0299 1668 WPDBusEnum - ok
13:09:48.0346 1668 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:09:48.0408 1668 ws2ifsl - ok
13:09:48.0455 1668 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\system32\wscsvc.dll
13:09:48.0533 1668 wscsvc - ok
13:09:48.0533 1668 WSearch - ok
13:09:48.0642 1668 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:09:48.0783 1668 wuauserv - ok
13:09:48.0814 1668 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:09:48.0876 1668 WudfPf - ok
13:09:48.0892 1668 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:09:48.0923 1668 WUDFRd - ok
13:09:48.0970 1668 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:09:49.0017 1668 wudfsvc - ok
13:09:49.0064 1668 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:09:49.0110 1668 WwanSvc - ok
13:09:49.0235 1668 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
13:09:49.0282 1668 xusb21 - ok
13:09:49.0344 1668 [ 79D9CE9614C955DD31AA2556B4014662 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
13:09:49.0454 1668 yukonw7 - ok
13:09:49.0516 1668 ================ Scan global ===============================
13:09:49.0563 1668 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:09:49.0610 1668 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
13:09:49.0641 1668 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
13:09:49.0672 1668 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:09:49.0734 1668 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:09:49.0750 1668 [Global] - ok
13:09:49.0750 1668 ================ Scan MBR ==================================
13:09:49.0766 1668 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
13:09:50.0218 1668 \Device\Harddisk0\DR0 - ok
13:09:50.0218 1668 [ F06A21302510BDF961217702B21B1BBC ] \Device\Harddisk1\DR0
13:09:50.0234 1668 \Device\Harddisk1\DR0 - ok
13:09:50.0249 1668 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR1
13:09:50.0421 1668 \Device\Harddisk2\DR1 - ok
13:09:50.0421 1668 ================ Scan VBR ==================================
13:09:50.0436 1668 [ AE22F4C4833673412566B08C397D046F ] \Device\Harddisk0\DR0\Partition1
13:09:50.0436 1668 \Device\Harddisk0\DR0\Partition1 - ok
13:09:50.0468 1668 [ 33D9E4BC4EEF2F7389178ECE33078AA3 ] \Device\Harddisk0\DR0\Partition2
13:09:50.0468 1668 \Device\Harddisk0\DR0\Partition2 - ok
13:09:50.0483 1668 [ 06548B02AA6B61756F47985AC79C5483 ] \Device\Harddisk2\DR1\Partition1
13:09:50.0483 1668 \Device\Harddisk2\DR1\Partition1 - ok
13:09:50.0483 1668 ============================================================
13:09:50.0483 1668 Scan finished
13:09:50.0483 1668 ============================================================
13:09:50.0499 4204 Detected object count: 4
13:09:50.0499 4204 Actual detected object count: 4
13:10:16.0644 4204 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:16.0644 4204 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:16.0660 4204 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:16.0660 4204 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:16.0660 4204 Themes ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:16.0660 4204 Themes ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:10:16.0660 4204 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:10:16.0660 4204 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
17.05.2013, 12:19
| #33 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Warum fehlt eigentlich das SP1 für dein Windows 7?
__________________JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ |
|
17.05.2013, 12:26
| #34 |
| | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Wass meinst du mit SP1 Windows 7? Ich verstehe das leider nicht. Ansonsten werde ich die anderen Befehle ausführen. |
|
17.05.2013, 12:31
| #35 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Service Pack 1 - das ist ein wichtiges Update! Warum fehlt das?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2013, 12:50
| #36 |
| | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Keine Ahnung. Das Laptop gehört meinem Bruder, der das auch nicht beantworten kann... Scheinbar hat er es einfach vergessen. |
|
17.05.2013, 13:14
| #37 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Das muss später unbedingt installiert werden. Mach erstmal JRT, adwCleaner und danach OTL
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2013, 13:17
| #38 |
| | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Hier also JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by *** on 17.05.2013 at 13:25:14,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\software informer
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D}
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\blabbers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\browsercompanion
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\tdataprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\updatebho.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\wit4ie.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\facemoodssrv_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\facemoodssrv_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\softonic_ggl_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\softonic_ggl_1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT1700389
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2096149
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2269050
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2431245
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2452474
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4C054D48-B2BC-4B3E-B0F6-DD406DEF86F0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\babylon"
Failed to delete: [Folder] "C:\Users\***\AppData\Roaming\browsercompanion"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\registry mechanic"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\software4u"
Successfully deleted: [Folder] "C:\Users\***\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\conduitengine"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\facemoods.com"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\***\appdata\locallow\softonic"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduitengine"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\registry mechanic"
Successfully deleted: [Folder] "C:\Program Files (x86)\software informer"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.05.2013 at 13:29:35,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.301 - Datei am 17/05/2013 um 13:32:13 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzer : *** - LIAMPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Ordner Gelöscht : C:\Program Files (x86)\Eazel-DE
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\***\AppData\Local\APN
Ordner Gelöscht : C:\Users\***\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Eazel-DE
Ordner Gelöscht : C:\Users\***\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\***\AppData\Roaming\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Eazel-DE
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{35926DBC-C911-4D5C-BC17-264375008582}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\Software\Eazel-DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B9BCE477-D9FF-473C-BCAF-1C2F203CE55B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35926DBC-C911-4D5C-BC17-264375008582}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B9BCE477-D9FF-473C-BCAF-1C2F203CE55B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32E1D2A3-BB67-4183-8A01-76EC46BDADD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Eazel-DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Google Chrome v26.0.1410.64
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v [Version kann nicht ermittelt werden]
Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera
*************************
AdwCleaner[S1].txt - [10816 octets] - [17/05/2013 13:32:13]
########## EOF - C:\AdwCleaner[S1].txt - [10877 octets] ##########
|
|
17.05.2013, 13:19
| #39 |
| | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Die erste Datei vom OTL: Code:
ATTFilter OTL Extras logfile created on: 17.05.2013 13:40:46 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,96 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 61,32% Memory free
7,92 Gb Paging File | 6,26 Gb Available in Paging File | 79,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 107,72 Gb Free Space | 23,88% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 826,42 Gb Free Space | 88,72% Space Free | Partition Type: NTFS
Computer Name: LIAMPC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1222923265-286419292-3142266594-1001\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\***\AppData\Roaming\XGDCS2F5WQ.exe" = C:\Users\***\AppData\Roaming\XGDCS2F5WQ.exe:*:Enabled:Windows Messanger
"C:\Users\***\AppData\Roaming\XGDCS2F5WQ.exe" = C:\Users\***\AppData\Roaming\XGDCS2F5WQ.exe:*:Enabled:Windows Messanger
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C841A8-180B-46A5-8B57-E0A80C0E31E8}" = lport=138 | protocol=17 | dir=in | app=system |
"{15A8BEC6-4E30-4C5C-9850-33A780118F23}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25AAE606-BBC1-4547-AB54-AA42A00A6682}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2B0E7CD3-83B3-4630-AFA5-9C1FA185C046}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3FAEA9E2-2DB7-42AB-8198-C1ED5C67491E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{437047FD-D0C5-4168-978C-19C0C60930A0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5D694BF0-E312-4A8B-B7BC-F34BC8532A05}" = lport=2869 | protocol=6 | dir=in | app=system |
"{76AFFB8E-D9D3-45C4-92D1-651033F371DB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79FB7B84-C4AA-4E6F-A211-7AABF3DD0AC1}" = rport=137 | protocol=17 | dir=out | app=system |
"{7D44F330-8D9F-460B-8CD1-8BE99904A14A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E6FD666-7001-4397-A2FE-44127290BCC8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{7F681719-8478-45E6-968A-A3B83FF45B5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8091307E-F4FE-4ADC-B6EF-42E688978489}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A2B12AE-01F4-4B78-B3FB-BD1EACF3E1CF}" = lport=139 | protocol=6 | dir=in | app=system |
"{8CFAD4E2-9E61-4DBC-908A-96B0EA98FB4F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D561732-7F6F-46DA-8FBC-9FA442524B9F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8ECF8971-8F17-4788-BFA6-64608ECA33DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{911AB731-DE84-4F3B-A936-0EBC02F3CBE1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{953F5D1C-7B97-4F84-8F4E-266B75EF5FD6}" = lport=445 | protocol=6 | dir=in | app=system |
"{95C36275-17B0-4C43-B72D-976518D44378}" = lport=137 | protocol=17 | dir=in | app=system |
"{9783FBF0-A0AB-46FD-997E-B4028FA79E87}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9C767840-1813-4B6D-ADEB-E3EAD31A91F3}" = rport=445 | protocol=6 | dir=out | app=system |
"{A7257038-B635-479C-B111-35506410291A}" = rport=139 | protocol=6 | dir=out | app=system |
"{B02EDB32-83BD-41EF-8D68-22B5BC96BE35}" = rport=138 | protocol=17 | dir=out | app=system |
"{C5E46E31-B4A8-498B-9249-564445022066}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{CB155307-418D-457F-8A6D-44957FD7CA1A}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034EC4CE-7009-47F2-AF88-95E0050D9685}" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"{03E4C890-8265-470B-A40C-C079F0FFE255}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4low.exe |
"{046169B2-154A-47CE-A882-512D2777A4AC}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |
"{079C7E25-E08E-4191-A911-A60B54968E9E}" = protocol=17 | dir=in | app=c:\program files (x86)\gamigogames\levelr\levelr.bin |
"{0A2B6E82-B9DE-463F-AB20-2674DDF90F1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{0B2B21D3-E218-4A02-BC43-4E9E69B43AD5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0B55BAEA-C86D-4752-9993-1569247AF2BE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{10C9C4CE-7FB0-4C0D-B7EC-F663D6545D9E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{142595D5-F45E-488C-934E-D35BB96BD2E2}" = dir=in | app=c:\users\***\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{15030797-02C0-4788-8E87-10147AB42DD6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{160E0E6B-95D6-40AF-A060-B24706615520}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{163038CE-D487-450A-9D5E-841E0CE84451}" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"{18B68A6D-65C9-42E0-A21D-9A62D5997B5E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F617DA3-2AAE-458E-BA4E-48F639366CC2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{22427D00-21E2-418B-B941-B36344ACA1F4}" = protocol=17 | dir=in | app=c:\users\***\desktop\desktop\werkzeuge\tinyumbrella-4.32.01.exe |
"{22E92D65-04D5-469B-8817-3EF38767BC07}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{25153FE7-426E-4811-9FA5-25ABCD1F1207}" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe |
"{29ED371A-194D-493B-8E14-A5080079A207}" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{2BA70848-D53C-4F23-AE83-A64D242A3BE2}" = protocol=17 | dir=in | app=c:\program files (x86)\a4proxy\a4proxy.exe |
"{2E226F3F-E923-4AE5-8E8B-92A2AFFC7CA4}" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
"{2EED97C5-78EA-4377-B0F3-B8EFE8489B9C}" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe |
"{315B8A44-E198-4CC1-9060-2FC1CA543722}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii - public demo\launcher.exe |
"{3634C040-277D-448C-B5B5-62186ED169ED}" = protocol=6 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4hi.exe |
"{382F2C56-322F-4F68-9DF4-C59E9F0DE2EF}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{39B06B48-58CC-4F7E-853D-71CB8749EA66}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3B45E89E-DCE6-459A-B636-2197C3A13BA7}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{3D9BD07F-0205-489E-BD82-6ED033523177}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{4519BBF2-A2A4-4A66-A43C-3318073AA3A2}" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"{468B5E3E-128A-4FA0-8CA0-A1D794D26109}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46BA4168-6EE8-49CE-B121-69B0B4620E46}" = protocol=6 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe |
"{4762E7BB-38AF-4F09-9430-299673C00E8E}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{47D42BAB-C385-4509-9EF2-8BA9E6E1F5D2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mafia ii - public demo\launcher.exe |
"{4A852C00-F092-44C9-9920-260676D3D984}" = protocol=6 | dir=in | app=c:\program files (x86)\a4proxy\a4proxy.exe |
"{4A8A8D90-5223-49AB-B4DB-3486F99B29E0}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |
"{4E6D6DAB-7F60-4B05-9D90-C91C3358A278}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{505EBD95-98F0-4C93-8D2C-2A54D6A756F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{508BE521-5FAA-4B37-8A1E-F6D450AFE024}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{5156C585-7553-40E2-AC1F-40BE91F5E01E}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{52150541-A1EE-4EB6-8CAD-F09352717B2B}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{52AE36E6-1A8A-4674-B7AB-59DDC4C9584A}" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"{546EB27B-9499-4D6A-BB14-C3FFA5440DE5}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{556ADBB9-F904-409A-9E36-04CD36B88073}" = protocol=6 | dir=in | app=c:\program files (x86)\gamigogames\levelr\levelr.bin |
"{55F0BC2C-050E-4862-A053-4C40F5123A8F}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |
"{56B3CCA8-23C8-4B4D-84DF-0368A5D469A7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{58EC94E2-5392-4B61-AA65-F4A3B7847218}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{59A62A44-19E2-4F61-8ECA-DBE4BA14C731}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5A175202-6D04-4A4C-9189-6BECA25E1B9B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5A9345FD-6E7A-437A-A861-83B840DA8ADB}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{5B8CA564-7612-40AF-B813-E28767907D87}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{5BCD1434-FB4D-4FD6-9E62-0C4027D5DE8C}" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
"{603D5138-A4D0-4727-88A8-BD51C03EAE06}" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"{61F3940B-C625-4FB1-BE68-A796386D839E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6596D026-7A96-4BA4-A05D-5472620A0059}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{659FF36A-A9A0-401F-9862-06606A844644}" = protocol=17 | dir=in | app=c:\program files (x86)\software4u\idevice manager\software4u.idevicemanager.exe |
"{67AD569F-178A-4E91-961F-9596F463E51D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6BD424A5-1C03-4850-906A-1F34AFD67F2E}" = protocol=6 | dir=in | app=c:\users\***\desktop\downloads\solutoinstaller.exe |
"{738D1BEE-B538-47FC-AE03-8972DCC2EB0A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7B99C9AD-12C5-4661-ABBC-D33CE4358465}" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"{7FE365C1-94FC-40C6-86EE-787B59B97164}" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"{823320DF-8091-40AA-BBED-3DF4AEF690CD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{84A3FAAF-DF33-4557-B931-B8BA694736CE}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"{8C748021-05C6-4524-95CC-B89328901488}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4hi.exe |
"{9393FDF9-F90F-40F2-BDB3-D1D321A5DC95}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{975AFFFB-77E2-4075-893B-11D415C32703}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9996FAFE-D486-44C6-AC38-3D4591268446}" = protocol=17 | dir=in | app=c:\users\***\desktop\downloads\solutoinstaller.exe |
"{9FE2C648-995C-415A-A81F-DC76CDB5A39F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0118A9C-2DDD-4EAE-8F4F-2966D486E037}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |
"{A177A276-33F7-48B1-8FAA-13C62776A3CA}" = protocol=17 | dir=in | app=c:\program files (x86)\alarm für cobra 11 - das syndikat - demo\crashtime4low.exe |
"{A9F2F1AF-764A-4AD9-AEA5-475AA07CEF9E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B376324D-D885-49C2-BFA5-5C1D856277D0}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{BC5EAA3B-9413-4A7C-A98D-551F5A5B3E9F}" = protocol=6 | dir=in | app=c:\users\***\desktop\desktop\werkzeuge\tinyumbrella-4.32.01.exe |
"{BE79158C-C24D-4A6A-BFF1-92609379829D}" = protocol=17 | dir=in | app=c:\program files (x86)\ea play\create demo\pc\create.exe |
"{BEBCE945-68CD-4ADB-A203-4E0C8AA8FF9E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C0941403-1A90-4426-89CC-A6373D68A9AB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{C2526281-A1D3-4ADD-AA60-FA7140E6E7B0}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |
"{C2C848EA-5F9F-4E5A-A9FF-0B1FB4C237F1}" = protocol=6 | dir=in | app=c:\program files (x86)\ea play\create demo\pc\create.exe |
"{C4ADC050-8CB6-4341-89B6-2FC5CFA64E15}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C5269E49-CF75-404B-BEED-0AFBA7DE4007}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D496F7EF-45DA-4F11-91B1-B92269280042}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D6211E5F-631A-48BF-AA55-362D5C9D0678}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D6BF4B01-E33E-4170-8A1D-8FEDF5209D4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D74504A6-09FC-4487-9542-8E5912C8AA02}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DB2C9F41-5E02-4EC5-B2CC-1805D0402AD9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E2D5A011-9845-4776-866B-01DE5E9D164F}" = protocol=6 | dir=out | app=system |
"{E5A88F54-1A54-4F4F-A32A-9671CC730431}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E5F9D242-04E9-473A-A4CD-4F9E691EB956}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{E926C84B-C840-41CE-B842-76C6F9F6A4C1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED9C5026-032E-48EF-B3E0-654304C6D340}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F679E3F5-A291-418D-8413-77D552F4FC78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0F5042E2-9DDD-4EF5-B100-7A1708ABD15A}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
"TCP Query User{1FF537B9-0273-4EEE-8D63-FF460459BE0C}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{2050E07B-14BB-4522-BCB5-B363447E7B66}C:\users\***\desktop\desktop\jailbreak\5.0.1 jb\redsn0w_win_0.9.10b2\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\desktop\jailbreak\5.0.1 jb\redsn0w_win_0.9.10b2\redsn0w.exe |
"TCP Query User{2605588E-AF93-4A83-B0ED-F6B5A8D5CC55}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"TCP Query User{283BC01C-DED9-42B0-BA1A-CC8A4BBD3280}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe |
"TCP Query User{2C20841A-9E10-48F7-9844-CDA2EE48D246}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{5E176105-218D-477E-97CD-6AEA6C1DD332}C:\users\***\desktop\desktop\werkzeuge\tinyumbrella-4.32.01.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\desktop\werkzeuge\tinyumbrella-4.32.01.exe |
"TCP Query User{740DFD5A-8D80-4FA9-8959-5B7F2F93F1DB}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{83C7B4C9-689B-4ECB-9303-1E2D89F18AB9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{A9C2C744-A319-46D5-8F71-44204351B97F}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{BC03225A-6C91-4FB9-B2AC-B78BA3A5C3F2}C:\program files (x86)\a4proxy\a4proxy.exe" = protocol=6 | dir=in | app=c:\program files (x86)\a4proxy\a4proxy.exe |
"TCP Query User{D436A5DA-D3A5-4B1A-B50C-EAE320733A4A}C:\users\***\desktop\desktop\downloads\redsn0w_win_0.9.10b2\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\***\desktop\desktop\downloads\redsn0w_win_0.9.10b2\redsn0w.exe |
"TCP Query User{E5D400F7-9384-4D33-BD65-6AC6A4272BAF}C:\games\paintball2\paintball2.exe" = protocol=6 | dir=in | app=c:\games\paintball2\paintball2.exe |
"TCP Query User{FC98F77A-F7E5-49D6-996B-CCAB3F0FF335}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{01C93D82-62F7-4C83-82AA-75AC61C85E3E}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{09790F24-4561-42DB-83BD-CEDC7BAC926A}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
"UDP Query User{09DB9C2E-AEE1-46BE-BDF7-BAE8EE1D0DA3}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{26588453-1503-41DF-A08B-E052D0C48969}C:\users\***\desktop\desktop\downloads\redsn0w_win_0.9.10b2\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\desktop\downloads\redsn0w_win_0.9.10b2\redsn0w.exe |
"UDP Query User{3CC4655B-9798-4139-8C95-5B3902CF2F5A}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{43707471-2FD8-450A-8F23-E3E5D9403977}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{6233B2AE-452C-4276-82AD-0F9CC6D45395}C:\users\***\desktop\desktop\werkzeuge\tinyumbrella-4.32.01.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\desktop\werkzeuge\tinyumbrella-4.32.01.exe |
"UDP Query User{8437AE5E-DC77-472F-BB0C-EF31265C54B0}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{8AF2DA3C-6A00-4FEF-B5CC-AFADBEEA3C19}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{B3944AD0-B873-4281-BD08-033C05FE0B59}C:\users\***\desktop\desktop\jailbreak\5.0.1 jb\redsn0w_win_0.9.10b2\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\***\desktop\desktop\jailbreak\5.0.1 jb\redsn0w_win_0.9.10b2\redsn0w.exe |
"UDP Query User{B7EF7A50-36B5-4804-BE4D-CC654295466B}C:\program files (x86)\a4proxy\a4proxy.exe" = protocol=17 | dir=in | app=c:\program files (x86)\a4proxy\a4proxy.exe |
"UDP Query User{C79D30F0-ABB2-432A-96D1-4C1A6F20D325}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{E7068BBD-0314-4CB8-AA32-7BF305E923E0}C:\games\paintball2\paintball2.exe" = protocol=17 | dir=in | app=c:\games\paintball2\paintball2.exe |
"UDP Query User{F213C774-40E4-4E01-BE24-1ABA04810C7D}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{039C24E4-07A1-4A1F-AAB0-78FD9B2DB0E0}" = DisplayLink Core Software
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{80E64FDE-029B-11E2-A955-F04DA23A5C58}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90B964AC-CF8E-4B69-935E-A1E620DCBAE2}" = DisplayLink Graphics
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"DriverEasy_is1" = DriverEasy 3.6.0
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.00 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01D5FF1F-BB19-4387-8EF1-C6319037EC12}" = RAMDisk
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{94B8E8AF-7F52-4AEB-8731-450942059E89}" = Boost Libraries for C++Builder 2010
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CF91A5A9-F10D-433D-A677-9505B84EAF1B}" = Stardock Software
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Any Video Converter_is1" = Any Video Converter 3.0.3
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"Boost Libraries for C++Builder 2010" = Boost Libraries for C++Builder 2010
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX-Setup
"FormatFactory" = FormatFactory 2.80
"Fraps" = Fraps (remove only)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.6.221
"Free Audio Converter_is1" = Free Audio Converter version 5.0.11.508
"Game Booster_is1" = Game Booster 3
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LameACM" = Lame ACM MP3 Codec
"LHTTSENG" = L&H TTS3000 British English
"LHTTSGED" = L&H TTS3000 Deutsch
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"NSS" = Norton Security Scan
"RTP 1.32 Add-On for RM2k" = RTP 1.32 Add-On for RM2k
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Software Informer_is1" = Software Informer 1.0 BETA
"Systweak Photoalbum_is1" = Systweak Photoalbum
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1222923265-286419292-3142266594-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
< End of report >
Code:
ATTFilter OTL logfile created on: 17.05.2013 13:40:46 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,96 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 61,32% Memory free 7,92 Gb Paging File | 6,26 Gb Available in Paging File | 79,09% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,07 Gb Total Space | 107,72 Gb Free Space | 23,88% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 826,42 Gb Free Space | 88,72% Space Free | Partition Type: NTFS Computer Name: LIAMPC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\IObit\Game Booster\gbtray.exe (IObit) PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ee4683cbfd60ee35d95e2e6d32fc3981\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9e64c6dea847aec2685eec4da29ea9b0\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cc19e0ff1b36ba7b634efdc5630a6926\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () MOD - C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll () MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Services (SafeList) ========== SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE () SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks) SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe (IDT, Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project) DRV:64bit: - (AirDisplayMirror) -- C:\Windows\SysNative\drivers\AVVideoCardMirror.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AirDisplay) -- C:\Windows\SysNative\drivers\AVVideoCard.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RAMDiskVE) -- C:\Windows\SysNative\drivers\RAMDiskVE.sys () DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC) DRV:64bit: - (TIEHDUSB) -- C:\Windows\SysNative\drivers\tiehdusb.sys (Texas Instruments) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys (OpenLibSys.org) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0455A66E-AE15-441C-A436-F7D1DC499A8B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{43CEDC56-1CD4-4AFD-A8FB-4CEC60334202}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1222923265-286419292-3142266594-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1222923265-286419292-3142266594-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1222923265-286419292-3142266594-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1222923265-286419292-3142266594-1001\..\SearchScopes\{48FB24A4-6558-4272-9D44-4158ACA72AC7}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADSA_de IE - HKU\S-1-5-21-1222923265-286419292-3142266594-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-1222923265-286419292-3142266594-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1222923265-286419292-3142266594-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.07 11:46:23 | 000,000,000 | ---D | M] [2012.10.24 16:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.12.15 20:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.24 16:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.10.23 21:43:17 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.07.16 13:35:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.08.22 23:04:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2012.04.16 20:37:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.16 20:37:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: about:blank CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\***\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Google Docs = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\ CHR - Extension: ProxMate - Improve your Internet! = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.3.1_0\ CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.05.16 16:51:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1222923265-286419292-3142266594-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKU\S-1-5-21-1222923265-286419292-3142266594-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-1222923265-286419292-3142266594-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1222923265-286419292-3142266594-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1222923265-286419292-3142266594-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1222923265-286419292-3142266594-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F5BB01B-FEF2-4237-B260-5A99ED5B6B29}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~2\WINDOW~1\fast64.dll) - File not found O21:64bit: - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:64bit: - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll File not found O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - %SystemRoot%\System32\DreamScene.dll File not found O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - %SystemRoot%\SysWow64\DreamScene.dll File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-1222923265-286419292-3142266594-1001\...com [@ = ComFile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.17 13:25:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.17 13:24:59 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.17 13:24:39 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.05.17 13:08:19 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.05.17 12:22:33 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.05.16 20:36:54 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\frederike-schwester [2013.05.16 19:51:43 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\frederike [2013.05.16 17:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.16 17:48:10 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar [2013.05.16 17:03:32 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.16 16:55:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.05.16 16:31:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.16 16:31:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.16 16:31:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.16 16:31:27 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.16 16:31:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.16 16:13:57 | 005,066,411 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.05.15 23:13:42 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2013.05.15 23:13:42 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2013.05.15 22:39:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.15 22:39:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.15 22:39:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.15 22:39:56 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.15 22:39:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.15 22:39:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.15 22:39:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.15 22:39:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.15 22:39:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.15 22:39:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.15 22:39:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.15 22:39:55 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.15 22:39:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.15 22:39:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.15 22:39:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.15 22:38:03 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013.05.15 22:38:03 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013.05.15 22:38:03 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013.05.15 22:38:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013.05.15 22:37:23 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2013.05.15 22:37:23 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2013.05.15 22:37:23 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2013.05.15 22:37:23 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2013.05.15 22:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.05.15 22:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.05.15 22:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.05.15 22:32:23 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2013.05.15 22:32:23 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2013.05.15 21:42:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.15 19:34:36 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner [2013.05.15 15:58:36 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll [2013.05.15 15:58:29 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.05.15 15:58:29 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.05.15 15:58:27 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2013.05.15 15:58:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2013.05.15 15:58:27 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2013.05.15 15:58:27 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2013.05.15 15:58:26 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2013.05.15 15:58:26 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2013.05.15 15:58:26 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2013.05.15 15:58:26 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2013.05.15 15:58:26 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2013.05.15 15:58:24 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013.05.15 15:58:24 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013.05.15 15:58:24 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013.05.15 15:58:23 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013.05.15 15:58:22 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013.05.15 15:58:01 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.05.15 15:57:59 | 002,691,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.05.15 15:57:59 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013.05.15 15:57:59 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013.05.15 15:57:59 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013.05.15 15:57:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013.05.15 15:56:33 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2013.05.15 15:56:33 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2013.05.15 15:56:32 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll [2013.05.15 15:56:32 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll [2013.05.15 15:56:24 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2013.05.15 15:56:15 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2013.05.15 15:56:14 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2013.05.15 15:55:18 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2013.05.15 15:55:18 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2013.05.15 15:54:45 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013.05.15 15:54:43 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.05.15 15:54:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2013.05.15 15:54:41 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2013.05.15 15:54:41 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2013.05.15 15:54:38 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2013.05.15 15:54:37 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2013.05.15 15:54:36 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2013.05.15 15:54:36 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2013.05.15 15:52:46 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013.05.15 15:52:46 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2013.05.15 15:52:43 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.05.15 15:52:39 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013.05.15 15:52:35 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.05.15 15:52:35 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.05.15 15:52:34 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.05.15 15:52:34 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.05.15 15:52:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.05.15 15:52:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.05.15 15:52:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.05.15 15:52:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.05.15 15:52:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.05.15 15:52:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.05.15 15:52:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.05.15 15:52:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.05.15 15:52:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.05.15 15:52:33 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.05.15 15:52:33 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.05.15 15:52:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.05.15 15:52:33 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.05.15 15:52:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.05.15 15:52:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.05.15 15:52:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.05.15 15:52:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.05.15 15:52:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.05.15 15:52:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.05.15 15:52:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.05.15 15:52:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.05.15 15:52:32 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.05.15 15:52:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.05.15 15:52:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.05.15 15:52:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.05.15 15:52:32 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.05.15 15:52:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.05.15 15:52:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.05.15 15:52:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.05.15 15:52:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.05.15 15:52:32 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.05.15 15:52:32 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.05.15 15:52:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.05.15 15:52:13 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.05.15 15:52:10 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.05.15 15:51:56 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.05.15 15:51:56 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.05.15 15:51:56 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.05.15 15:51:56 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.05.15 15:51:56 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.05.15 15:51:56 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.05.15 15:51:56 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.05.15 15:51:56 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.05.15 15:51:56 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.05.15 15:51:56 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.05.15 15:51:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.05.15 15:51:55 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.05.15 15:51:55 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.05.15 15:51:55 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.05.15 15:51:55 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.05.15 15:51:54 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.05.15 15:51:54 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.05.15 15:51:54 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.05.15 15:51:54 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.05.15 15:51:54 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.05.15 15:51:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.05.15 15:51:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.05.15 15:51:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.05.15 15:51:54 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.05.15 15:51:52 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.05.15 15:51:52 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.05.15 15:51:52 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.05.15 15:51:52 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.05.15 15:51:52 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.05.15 15:51:52 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.05.15 15:51:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.05.15 15:51:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.05.15 15:51:19 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2013.05.15 15:51:19 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2013.05.15 15:51:18 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2013.05.15 15:51:18 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2013.05.15 15:51:18 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2013.05.15 15:51:18 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax [2013.05.15 15:51:18 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2013.05.15 15:51:18 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax [2013.05.15 15:51:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax [2013.05.15 15:51:18 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax [2013.05.15 15:48:54 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2013.05.15 15:48:07 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2013.05.15 15:48:07 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2013.05.15 15:47:35 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2013.05.15 15:47:34 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2013.05.15 15:47:34 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.05.15 15:47:34 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2013.05.15 15:47:34 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2013.05.15 15:47:32 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2013.05.15 15:47:32 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2013.05.15 15:46:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll [2013.05.15 15:46:51 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll [2013.05.15 15:46:51 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll [2013.05.15 15:46:48 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2013.05.15 15:46:48 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2013.05.15 15:46:41 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2013.05.15 15:46:36 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll [2013.05.15 15:46:31 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2013.05.15 15:46:22 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2013.05.15 15:46:22 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2013.05.15 15:46:15 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2013.05.15 15:46:15 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2013.05.15 15:46:11 | 005,497,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.05.15 15:46:09 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.05.15 15:46:09 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.05.15 15:46:08 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013.05.15 15:46:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013.05.15 15:46:07 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013.05.15 15:45:36 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013.05.15 15:45:32 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe [2013.05.15 15:44:34 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.05.15 15:44:33 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.05.15 15:43:15 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll [2013.05.15 15:43:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll [2013.05.15 15:15:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2013.05.15 15:11:41 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.15 15:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.05.15 15:09:44 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.05.15 15:09:44 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.05.15 15:09:44 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.05.15 15:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.15 15:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.05.15 15:07:32 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2013.05.15 15:07:32 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2013.05.15 14:59:44 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2013.05.15 14:59:43 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013.05.15 14:59:43 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.05.15 14:59:21 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013.05.15 14:59:21 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013.05.15 14:59:21 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013.05.15 14:59:08 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.05.15 14:59:08 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013.04.19 17:20:54 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Scanned Documents [2013.04.19 17:20:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Fax [2010.01.07 17:16:16 | 008,656,832 | ---- | C] (Dell, Inc. ) -- C:\Users\***\AppData\Roaming\DataSafeDotNet.exe [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.17 13:44:50 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.17 13:44:50 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.17 13:36:55 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.17 13:36:48 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.05.17 13:36:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.17 13:36:25 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys [2013.05.17 13:31:41 | 000,632,031 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.05.17 13:28:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.17 13:24:35 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.05.17 13:08:16 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.05.17 13:07:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.17 13:05:40 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2013.05.17 12:22:28 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.05.17 11:28:00 | 000,001,190 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1222923265-286419292-3142266594-1001UA.job [2013.05.16 20:28:08 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1222923265-286419292-3142266594-1001Core.job [2013.05.16 17:47:55 | 012,917,756 | ---- | M] () -- C:\Users\***\Desktop\mbar-1.05.0.1001.zip [2013.05.16 17:32:27 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\mit6r5vr.exe [2013.05.16 16:51:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.16 16:13:15 | 005,066,411 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.05.16 14:55:52 | 002,345,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 23:31:41 | 001,548,872 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.15 23:31:41 | 000,664,634 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.15 23:31:41 | 000,624,776 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.15 23:31:41 | 000,134,770 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.15 23:31:41 | 000,110,414 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.15 21:43:03 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.05.15 21:42:07 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2013.05.15 21:41:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.15 15:11:08 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.15 15:10:04 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.15 14:29:45 | 000,000,608 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for ***.job [2013.05.14 21:07:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.14 21:07:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.13 19:29:17 | 000,097,586 | ---- | M] () -- C:\Users\***\Documents\Fragebogen zum Erbau eines Sportplatzes.pdf [2013.05.13 19:27:10 | 000,127,947 | ---- | M] () -- C:\Users\***\Documents\Sportplatz.jpg [2013.05.13 19:26:03 | 000,002,804 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2013.05.05 15:55:08 | 000,016,896 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.04.26 17:23:28 | 000,001,058 | ---- | M] () -- C:\Users\***\Desktop\Dropbox.lnk [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.17 13:31:40 | 000,632,031 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.05.17 13:05:40 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2013.05.16 17:48:01 | 012,917,756 | ---- | C] () -- C:\Users\***\Desktop\mbar-1.05.0.1001.zip [2013.05.16 17:32:37 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\mit6r5vr.exe [2013.05.16 16:31:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.16 16:31:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.16 16:31:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.16 16:31:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.16 16:31:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.15 23:13:46 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.05.15 22:37:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.05.15 21:43:03 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.05.15 21:42:10 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2013.05.15 15:10:04 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.13 19:29:15 | 000,097,586 | ---- | C] () -- C:\Users\***\Documents\Fragebogen zum Erbau eines Sportplatzes.pdf [2013.05.13 19:26:03 | 000,127,947 | ---- | C] () -- C:\Users\***\Documents\Sportplatz.jpg [2013.05.13 19:26:03 | 000,002,804 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2013.03.10 15:10:55 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2012.03.25 21:37:06 | 000,000,316 | ---- | C] () -- C:\Users\***\AppData\Roaming\4356 [2012.01.30 23:49:29 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2011.07.19 15:06:22 | 000,000,258 | ---- | C] () -- C:\Windows\MusicEditor.INI [2011.07.18 22:43:49 | 000,000,028 | ---- | C] () -- C:\Windows\Robota.INI [2011.07.18 22:41:54 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll [2011.05.12 13:32:42 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2011.05.11 19:02:36 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc [2010.11.25 19:12:06 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd [2010.11.06 12:43:05 | 000,000,106 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2010.08.15 14:09:58 | 000,000,879 | ---- | C] () -- C:\Users\***\AppData\Roaming\YtFlvConverter-OneStop-Video-ConverterFlvConverterDefaultSettings.xml [2010.05.27 16:39:08 | 000,007,602 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.03.23 18:10:05 | 000,374,272 | ---- | C] () -- C:\Users\***\mss32.dll [2010.02.07 13:22:52 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2010.02.03 18:39:35 | 000,016,896 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.19 20:16:13 | 000,000,087 | ---- | C] () -- C:\Users\***\jagex_runescape_preferences2.dat [2010.01.19 20:15:23 | 000,000,042 | ---- | C] () -- C:\Users\***\jagex_runescape_preferences.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM @Alternate Data Stream - 1275 bytes -> C:\ProgramData\Microsoft:WahVhIAZ6nAWSAgPS @Alternate Data Stream - 1152 bytes -> C:\Users\***\AppData\Local\KTHRCkAGS5:ddSx6tGD8rUyqeQJgv @Alternate Data Stream - 1152 bytes -> C:\ProgramData\Microsoft:WysBIaPuWGI0OQiqIJIvCLHZiY2 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > |
|
17.05.2013, 13:21
| #40 |
| | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Sorry, doppelt abgeschickt! Geändert von normal (17.05.2013 um 13:28 Uhr) |
|
17.05.2013, 14:16
| #41 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen!Fixen mit OTL
Code:
ATTFilter :OTL
[2013.05.17 13:05:40 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
[2012.03.25 21:37:06 | 000,000,316 | ---- | C] () -- C:\Users\***\AppData\Roaming\4356
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM
@Alternate Data Stream - 1275 bytes -> C:\ProgramData\Microsoft:WahVhIAZ6nAWSAgPS
@Alternate Data Stream - 1152 bytes -> C:\Users\***\AppData\Local\KTHRCkAGS5:ddSx6tGD8rUyqeQJgv
@Alternate Data Stream - 1152 bytes -> C:\ProgramData\Microsoft:WysBIaPuWGI0OQiqIJIvCLHZiY2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2013, 14:31
| #42 |
| | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Ok gemacht! : Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\***\Desktop\MBR.dat moved successfully.
C:\Users\***\AppData\Roaming\4356 moved successfully.
ADS C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM deleted successfully.
ADS C:\ProgramData\Microsoft:WahVhIAZ6nAWSAgPS deleted successfully.
ADS C:\Users\***\AppData\Local\KTHRCkAGS5:ddSx6tGD8rUyqeQJgv deleted successfully.
ADS C:\ProgramData\Microsoft:WysBIaPuWGI0OQiqIJIvCLHZiY2 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\***\Desktop\cmd.bat deleted successfully.
C:\Users\***\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
->Temp folder emptied: 0 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 82921614 bytes
->Temporary Internet Files folder emptied: 492640548 bytes
->Java cache emptied: 24599470 bytes
->Google Chrome cache emptied: 382123206 bytes
->Apple Safari cache emptied: 17888256 bytes
->Opera cache emptied: 6285271 bytes
->Flash cache emptied: 378103 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 769613 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 457068 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 2377523896 bytes
Total Files Cleaned = 3.229,00 mb
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
OTL by OldTimer - Version 3.2.69.0 log created on 05172013_152422
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
17.05.2013, 15:11
| #43 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.05.2013, 19:55
| #44 |
| | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Der Malwarebytes-Scan ergab einen Treffer. Soll ich die gefundene Datei entfernen? Hier die Log-Datei dazu: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.17.05 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: LIAMPC [Administrator] 17.05.2013 16:40:10 mbam-log-2013-05-17 (16-40-10).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 885564 Laufzeit: 4 Stunde(n), 10 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files (x86)\Vlcclassic\Uninstall.exe (Trojan.FakeVLC) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
17.05.2013, 20:56
| #45 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! Woher hast du diesen vlcclassic? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Malware auf externer Festplatte entdeckt! Daten nicht zu öffnen! |
| angeschlossen, daten, entdeck, entdeckt, externe, externer, festplatte, freue, gen, gerettet, geschlossen, hoffe, konnte, malware, ordner, ordnern, platte, troja, verknüpfungen, öffnen |
Textbox. 
Linear-Darstellung
