|
Log-Analyse und Auswertung: Delta Search BabylonWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.05.2013, 11:55 | #1 |
| Delta Search Babylon Hallo liebes Team von Trojaner-Board, ich bin bei der Internetrecherche nach meinem Problem direkt auf eurer Seite bzw. bei diesem Post gelandet http://www.trojaner-board.de/132461-delta-search.html und wende mich daher hilfesuchend an euch. Wenn ich in Firefox ein neues Fenster öffnen will, erscheint stets nur die Seite von Delta Search. In meiner laienhaften Unwissenheit hab ich erstmal das Programm "Delta Search" deinstalliert, weil ich dachte das löst das Problem - falsch gedacht. Ich habe die beiden Schritte im oben genannten Post (ESET und SecurityCheck) bereits wie beschrieben (mit allen Unterpunkten und in der richtige Reihenfolge) durchgeführt. Hier die Ergebnisse: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=71bcd6f49217bd49a167c7a94a07b268 # engine=13891 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-23 10:24:29 # local_time=2013-05-23 12:24:29 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=5893 16776574 100 94 3933512 28810780 0 0 # scanned=259587 # found=2 # cleaned=0 # scan_time=11483 sh=8B2D5D03121F1CEF583DC5547A74808EC3AABCC9 ft=1 fh=5816e48e95d2682b vn="a variant of Win32/Adware.AddLyrics.B application" ac=I fn="C:\Users\Katrin\AppData\Local\Temp\is357113909\LyricsFinder.exe" sh=DA602313EC344E31F340105C29DF699267F73B84 ft=1 fh=34999f3f19837452 vn="multiple threats" ac=I fn="C:\Users\Katrin\AppData\Local\Temp\is357113909\yontoo-C4.exe" Results of screen317's Security Check version 0.99.63 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Adobe Reader XI ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Ich hoffe ihr könnt mir helfen! Viele Grüße Katrin |
23.05.2013, 11:56 | #2 |
/// Malware-holic | Delta Search Babylon hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
23.05.2013, 12:30 | #3 |
| Delta Search Babylon Hallo,
__________________der Link zum OLT-Download funktioniert bei mir nicht. VG |
23.05.2013, 12:34 | #4 |
/// Malware-holic | Delta Search Babylon da sind 2 links., nimm bitte den Zweiten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
23.05.2013, 13:49 | #5 |
| Delta Search Babylon Okay, hat funktioniert: OLT.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2013 13:46:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16580) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,70 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 61,93% Memory free 4,32 Gb Paging File | 2,69 Gb Available in Paging File | 62,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,95 Gb Total Space | 372,25 Gb Free Space | 82,55% Space Free | Partition Type: NTFS Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\****\.thinkbuzan\imindmap6\preload\iMindMap6_Preloader.exe () PRC - C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\ThinkBuzan\iMindMap 6\iMindMap 6.exe (ThinkBuzan) PRC - C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE (Microsoft Corporation) PRC - C:\Programme\Microsoft Office 15\root\office15\MSOSYNC.EXE (Microsoft Corporation) PRC - C:\Users\****\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.) PRC - C:\Programme\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation) PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6c54b85a401b0379a9b775a644fad1b7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa29c7539bd729147a7d1f1ae0ce5670\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\024a883cc8b0013f72a77d594c278f4d\System.Core.ni.dll () MOD - C:\Users\****\.thinkbuzan\imindmap6\preload\iMindMap6_Preloader.exe () MOD - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll () MOD - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll () MOD - C:\Programme\Microsoft Office 15\root\office15\c2r32.dll () MOD - C:\Programme\Microsoft Office 15\root\office15\appvisvstream32.dll () MOD - C:\Users\****\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e1ec8b9a6d4f9af9d6065c4187fb1b5f\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\780ee51b01c636cf43ec0011100a8cbc\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\bbebe831e3b0761ad47dcc09231cbc29\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\cb1bedf1f9e8972aa76ad73f725b964b\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\38638a559066bf7f2325a53ed53629bc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\cc1fac6c6b0786c2f207370cf737c9bc\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a7811936e59aaee26b1d9d467174d6d4\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\d6c3813f8784ba727c402f06663a400b\Accessibility.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\374a0cc6603f58864831897ef723bd4a\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Users\****\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll () ========== Services (SafeList) ========== SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (OfficeSvc) -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation) SRV - (GoToMyPC) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (RfButtonDriverService) -- C:\Windows\RfBtnSvc64.exe (Dritek System INC.) SRV - (ETDService) -- C:\Programme\Elantech\ETDService.exe (ELAN Microelectronics Corp.) SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation) SRV - (DeviceFastLaneService) -- C:\Programme\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe (Acer Incorporated) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Qualcomm Atheros Commnucations) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. ) ========== Driver Services (SafeList) ========== DRV:64bit: - (GemCCID) -- C:\Windows\SysNative\Drivers\GemCCID.sys (Gemalto) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\Drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\Drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\Drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (monblanking) -- C:\Windows\SysNative\Drivers\monblanking.sys (Citrix Systems, Inc.) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athw8x.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (Ps2Kb2Hid) -- C:\Windows\SysNative\Drivers\aPs2Kb2Hid.sys (Dritek System Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\Drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\Drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\Drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\Drivers\btfilter.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\Drivers\btath_rcp.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\Drivers\btath_hcrp.sys (Qualcomm Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\Drivers\btath_flt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\Drivers\btath_lwflt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\Drivers\btath_a2dp.sys (Qualcomm Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\Drivers\btath_avdt.sys (Qualcomm Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\Drivers\btath_bus.sys (Qualcomm Atheros) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices) DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\Drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\Drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS (Broadcom Corporation) DRV:64bit: - (QRDCIO) -- C:\Windows\SysNative\Drivers\QRDCIO.sys (QUANTA) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\Drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\Drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {844E06C9-CCCE-4FD3-8DFC-115F466B5DD5} IE:64bit: - HKLM\..\SearchScopes\{844E06C9-CCCE-4FD3-8DFC-115F466B5DD5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {844E06C9-CCCE-4FD3-8DFC-115F466B5DD5} IE - HKLM\..\SearchScopes\{844E06C9-CCCE-4FD3-8DFC-115F466B5DD5}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\..\SearchScopes,DefaultScope = {844E06C9-CCCE-4FD3-8DFC-115F466B5DD5} IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119357&tt=gc_&babsrc=SP_ss&mntrId=72501A9423A374C9 IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\..\SearchScopes\{4FD3A71F-0BED-4E33-BF7C-392EF7220A53}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\..\SearchScopes\{679E13FD-8A9A-4565-9327-3AAE15D1069A}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\..\SearchScopes\{A8638B91-5411-4062-B81C-ED36D9705D96}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\..\SearchScopes\{CC07F895-C6AA-44F1-9A47-753BE8C743F6}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms} IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013.05.21 10:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LManager] File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-819108653-2580796249-2928164313-1001..\Run: [Outlook Sync] C:\Program Files (x86)\CodeTwo\Outlook Sync\C2OutlookSync.exe File not found O4 - HKU\S-1-5-21-819108653-2580796249-2928164313-1001..\Run: [SkyDrive] C:\Users\****\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-819108653-2580796249-2928164313-1001..\Run: [Spotify Web Helper] C:\Users\****\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk = C:\Programme\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap6 Preloader.lnk = C:\Users\****\.thinkbuzan\imindmap6\preload\iMindMap6_Preloader.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-819108653-2580796249-2928164313-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.251.36.6 137.251.36.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{609739CE-D1D8-4C1E-9BBE-A391AB5DC558}: DhcpNameServer = 40.34.1.201 40.34.1.203 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4688273-9E95-4B97-9F54-CE14BB215258}: DhcpNameServer = 137.251.36.6 137.251.36.4 O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\x-owacid2 - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b90781c8-7ff6-11e2-be7c-689423a374c9}\Shell - "" = AutoRun O33 - MountPoints2\{b90781c8-7ff6-11e2-be7c-689423a374c9}\Shell\AutoRun\command - "" = "D:\AutoRun.exe" O33 - MountPoints2\{b9078207-7ff6-11e2-be7c-689423a374c9}\Shell - "" = AutoRun O33 - MountPoints2\{b9078207-7ff6-11e2-be7c-689423a374c9}\Shell\AutoRun\command - "" = "D:\AutoRun.exe" O33 - MountPoints2\{c3695ba6-8636-11e2-be84-689423a374c9}\Shell - "" = AutoRun O33 - MountPoints2\{c3695ba6-8636-11e2-be84-689423a374c9}\Shell\AutoRun\command - "" = "D:\Startme.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {74166507-F39E-305E-A972-2C3478E47350} - .NET Framework ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U %SystemRoot%\System32\shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {3A8403F3-90B5-35DC-8926-EB9B907209F9} - .NET Framework ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.05.23 13:40:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.05.21 12:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft [2013.05.21 10:44:34 | 000,000,000 | ---D | C] -- C:\Users\****\.thinkbuzan [2013.05.21 10:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\JSoft [2013.05.21 10:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\ThinkBuzan [2013.05.21 10:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThinkBuzan [2013.05.21 10:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMindMap 6 [2013.05.21 10:38:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Downloaded Installations [2013.05.21 10:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.05.21 10:37:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.05.21 10:37:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.05.21 10:37:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.21 10:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.05.21 10:36:45 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\DealPly [2013.05.21 10:36:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image Converter [2013.05.21 10:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013.05.21 10:36:34 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Babylon [2013.05.21 10:36:33 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\DSite [2013.05.14 18:19:27 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\My Offline Maps [2013.05.14 17:55:09 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\MindomoDesktop [2013.05.13 09:59:54 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\NYC_neu [2013.05.08 10:35:43 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.02 08:43:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.05.02 08:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2013.05.02 08:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.05.01 11:01:12 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Meine iMindMap-Dateien [2013.05.01 11:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BOL [2013.05.01 11:00:58 | 000,000,000 | ---D | C] -- C:\Users\****\.imindmap [2013.05.01 10:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Buzan Online [2013.04.27 06:08:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Apple Computer [2013.04.27 06:08:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Apple Computer [2013.04.27 06:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.04.27 06:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.04.27 06:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.04.27 06:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.04.27 06:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.04.27 06:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.04.27 06:06:46 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Apple [2013.04.27 06:06:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.04.27 06:06:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.04.27 06:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.04.27 06:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.04.27 06:05:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.04.27 06:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.04.24 07:12:06 | 000,129,792 | ---- | C] (Gemalto) -- C:\Windows\SysNative\drivers\GemCCID.sys [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.23 13:40:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2013.05.23 13:36:00 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\DSite.job [2013.05.23 13:18:14 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.23 12:11:52 | 001,783,300 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.23 12:11:52 | 000,772,388 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.23 12:11:52 | 000,717,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.23 12:11:52 | 000,161,464 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.23 12:11:52 | 000,137,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.23 08:58:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.23 08:56:48 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.23 08:56:09 | 000,421,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.23 08:55:51 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.05.23 08:55:46 | 3176,136,704 | -HS- | M] () -- C:\hiberfil.sys [2013.05.21 12:43:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf [2013.05.21 10:47:00 | 000,002,103 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap6 Preloader.lnk [2013.05.21 10:44:06 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\iMindMap 6.lnk [2013.05.21 10:24:21 | 000,001,016 | ---- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.05.21 10:23:37 | 000,000,986 | ---- | M] () -- C:\Users\****\Desktop\Dropbox.lnk [2013.05.14 18:34:33 | 000,158,787 | ---- | M] () -- C:\Users\****\Desktop\NYC org chart.png [2013.05.14 18:25:00 | 000,066,358 | ---- | M] () -- C:\Users\****\Desktop\citywide_org_chart.pdf [2013.05.08 10:35:19 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.02 06:43:53 | 003,027,514 | ---- | M] () -- C:\Users\****\Documents\Arbeitseinstellung.pdf [2013.05.01 12:04:44 | 000,212,841 | ---- | M] () -- C:\Users\****\Documents\mm_Ziele.pdf [2013.04.27 06:08:29 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.27 05:52:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2013.04.27 05:21:36 | 000,002,174 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk [2013.04.27 05:21:36 | 000,001,248 | ---- | M] () -- C:\Users\Public\Desktop\Google Calendar.lnk [2013.04.24 07:12:06 | 000,129,792 | ---- | M] (Gemalto) -- C:\Windows\SysNative\drivers\GemCCID.sys [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.23 08:55:54 | 000,421,880 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.21 12:43:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf [2013.05.21 10:47:00 | 000,002,103 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap6 Preloader.lnk [2013.05.21 10:44:06 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\iMindMap 6.lnk [2013.05.21 10:36:35 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\DSite.job [2013.05.21 09:47:06 | 000,387,688 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.05.14 18:31:40 | 000,158,787 | ---- | C] () -- C:\Users\****\Desktop\NYC org chart.png [2013.05.14 18:25:00 | 000,066,358 | ---- | C] () -- C:\Users\****\Desktop\citywide_org_chart.pdf [2013.05.14 17:46:26 | 000,002,451 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Buzan's iMindMap V4.lnk [2013.05.02 08:43:00 | 000,001,007 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2013.05.02 06:44:46 | 003,027,514 | ---- | C] () -- C:\Users\****\Documents\Arbeitseinstellung.pdf [2013.05.01 12:04:56 | 000,212,841 | ---- | C] () -- C:\Users\****\Documents\mm_Ziele.pdf [2013.04.27 06:08:29 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.27 06:06:45 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.04.27 05:52:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2013.04.27 05:21:36 | 000,001,248 | ---- | C] () -- C:\Users\Public\Desktop\Google Calendar.lnk [2013.02.24 00:35:15 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2013.02.23 22:23:48 | 001,774,862 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.10.23 14:44:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.09.01 06:18:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.09.01 06:18:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.09.01 06:18:49 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll ========== ZeroAccess Check ========== [2013.02.21 03:55:20 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.06 08:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.06 07:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.21 10:36:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Babylon [2013.02.23 22:23:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CodeTwo [2013.05.02 08:43:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013.05.21 10:36:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DealPly [2013.05.23 08:59:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Dropbox [2013.05.21 10:36:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DSite [2013.02.20 22:13:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\lm [2013.05.14 17:55:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MindomoDesktop [2013.04.16 15:37:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Spotify [2013.02.26 17:19:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Swiss Academic Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.02.20 22:14:49 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.07.26 09:22:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2013.02.21 03:56:08 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.02.20 22:16:18 | 000,000,000 | -H-D | M] -- C:\OEM [2012.07.26 09:33:46 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.05.21 16:41:36 | 000,000,000 | R--D | M] -- C:\Program Files [2013.05.23 12:35:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2013.05.22 13:26:51 | 000,000,000 | -H-D | M] -- C:\ProgramData [2013.02.21 03:56:08 | 000,000,000 | -HSD | M] -- C:\Programme [2013.04.01 11:40:01 | 000,000,000 | -H-D | M] -- C:\SkyDriveTemp [2012.10.24 00:21:51 | 000,000,000 | ---D | M] -- C:\sources [2013.05.23 13:50:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.02.20 22:09:54 | 000,000,000 | R--D | M] -- C:\Users [2013.03.02 19:20:26 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2012.07.26 05:21:04 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2012.09.20 07:55:30 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2012.09.20 07:55:30 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2012.07.26 05:21:04 | 000,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2012.07.26 05:21:04 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2012.07.26 09:22:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2013.02.21 04:03:05 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013.02.21 04:03:07 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2013.05.21 10:36:35 | 000,000,304 | ---- | C] () -- C:\Windows\Tasks\DSite.job < MD5 for: AGP440.SYS > [2012.07.26 07:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\SysNative\drivers\AGP440.sys [2012.07.26 07:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_81a4c6c9cc9d86a0\AGP440.sys [2012.07.26 07:00:49 | 000,063,216 | ---- | M] (Microsoft Corporation) MD5=01590377A5AB19E792528C628A2A68F9 -- C:\Windows\WinSxS\amd64_machine.inf_31bf3856ad364e35_6.2.9200.16384_none_12dc94a048750f71\AGP440.sys < MD5 for: ATAPI.SYS > [2012.07.26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\drivers\atapi.sys [2012.07.26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_69660e2be041f47b\atapi.sys [2012.07.26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_b733d17ea1e7f604\atapi.sys [2012.07.26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16384_none_3601cf7eab4e0493\atapi.sys [2012.07.26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.16548_none_36311422ab29f479\atapi.sys [2012.07.26 07:00:48 | 000,025,840 | ---- | M] (Microsoft Corporation) MD5=A721FF570C2387E383BDDEA9632863C9 -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.2.9200.20652_none_36a9df45c455182a\atapi.sys < MD5 for: EXPLORER.EXE > [2012.10.11 07:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe [2012.10.11 10:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe [2012.07.26 05:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe [2012.07.26 06:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe [2012.10.11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\SysWOW64\explorer.exe [2012.10.11 07:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe [2012.10.11 09:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\explorer.exe [2012.10.11 09:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe < MD5 for: IASTORV.SYS > [2012.07.26 07:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\SysNative\drivers\iaStorV.sys [2012.07.26 07:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_819876bbe5c3b25f\iaStorV.sys [2012.07.26 07:00:52 | 000,411,888 | ---- | M] (Intel Corporation) MD5=5E394EBD26FD68AA9300332C46BEDD62 -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.2.9200.16384_none_07daf9dd118c3086\iaStorV.sys < MD5 for: NETLOGON.DLL > [2012.07.26 05:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\SysWOW64\netlogon.dll [2012.07.26 05:19:22 | 000,634,368 | ---- | M] (Microsoft Corporation) MD5=EEF9DA64D7B1DD51FB8AB9EFCC560E3E -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_60d608f9f61ee049\netlogon.dll [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\SysNative\netlogon.dll [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) MD5=FDC70965F0FC9DFEBC919627DED5DDFF -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.2.9200.16384_none_56815ea7c1be1e4e\netlogon.dll < MD5 for: NVSTOR.SYS > [2012.07.26 07:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\drivers\nvstor.sys [2012.07.26 07:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_7ba65ba4b222e751\nvstor.sys [2012.07.26 07:00:55 | 000,168,176 | ---- | M] (NVIDIA Corporation) MD5=27AFC428D1D32ABD04A86763A4EDDEA9 -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.2.9200.16384_none_92a46a8c48c2da5e\nvstor.sys < MD5 for: SCECLI.DLL > [2012.07.26 05:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\SysNative\scecli.dll [2012.07.26 05:07:07 | 000,224,768 | ---- | M] (Microsoft Corporation) MD5=4F6E1CA672370A9BCAC049CE3AB7F666 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_90d789c062dfa509\scecli.dll [2012.07.26 05:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\SysWOW64\scecli.dll [2012.07.26 05:19:52 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=B95DC83FF580DD92F487C2F4D0854B6A -- C:\Windows\WinSxS\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.2.9200.16384_none_9b2c341297406704\scecli.dll < MD5 for: USER32.DLL > [2012.07.26 05:07:39 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=1D08594400EE1B500B93256795FE30AE -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_260213a5f720b529\user32.dll [2012.09.20 06:09:35 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=7A4FD11444ABFA9C5D3E17123ABBD8A4 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_311e3b534471206a\user32.dll [2012.07.26 02:02:48 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=8A93F57772FD24959F76A65FF79D282D -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16384_none_3056bdf82b817724\user32.dll [2012.09.20 08:33:05 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=A99AD14F26BDA7D7F27F76BC91B7EED7 -- C:\Windows\SysNative\user32.dll [2012.09.20 08:33:05 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=A99AD14F26BDA7D7F27F76BC91B7EED7 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_263ef3ebf6f3a54e\user32.dll [2012.09.20 08:32:34 | 001,342,464 | ---- | M] (Microsoft Corporation) MD5=AC192A41414561DA0CABD0D36F54FB22 -- C:\Windows\WinSxS\amd64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.20521_none_26c9910110105e6f\user32.dll [2012.09.20 06:10:09 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=BA1C3ACD929A71E88B49C2B6E38F92B3 -- C:\Windows\SysWOW64\user32.dll [2012.09.20 06:10:09 | 001,126,912 | ---- | M] (Microsoft Corporation) MD5=BA1C3ACD929A71E88B49C2B6E38F92B3 -- C:\Windows\WinSxS\wow64_microsoft-windows-user32_31bf3856ad364e35_6.2.9200.16420_none_30939e3e2b546749\user32.dll < MD5 for: USERINIT.EXE > [2012.07.26 05:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe [2012.07.26 05:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe [2012.07.26 05:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe [2012.07.26 05:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe < MD5 for: WINLOGON.EXE > [2012.09.20 08:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe [2012.09.20 08:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe [2012.07.26 05:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe [2012.10.11 07:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe [2012.10.11 07:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe [2012.10.11 07:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe < MD5 for: WS2IFSL.SYS > [2012.07.26 04:29:29 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=58D492F986EC519ECDD54D93618758F8 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.16384_none_a85048395191dc38\ws2ifsl.sys [2012.09.20 08:09:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BC8B5CB336E63BB25EAD1CE8EDD34B81 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2012.09.20 08:09:50 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BC8B5CB336E63BB25EAD1CE8EDD34B81 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.16420_none_a88d287f5164cc5d\ws2ifsl.sys [2012.09.20 08:08:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=FC56FEC8FB233ABC32D110D031CBC8B0 -- C:\Windows\WinSxS\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.2.9200.20521_none_a917c5946a81857e\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2012.10.11 07:06:08 | 000,550,912 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < %USERPROFILE%\*.* > [2013.05.22 16:06:56 | 002,883,584 | -HS- | M] () -- C:\Users\****\NTUSER.DAT [2013.02.20 22:09:55 | 001,130,496 | -HS- | M] () -- C:\Users\****\ntuser.dat.LOG1 [2013.02.20 22:09:55 | 000,000,000 | -HS- | M] () -- C:\Users\****\ntuser.dat.LOG2 [2013.05.03 06:58:34 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{ef2bc4c2-d686-11e1-aed0-782bcb39b999}.TM.blf [2013.05.03 06:58:34 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{ef2bc4c2-d686-11e1-aed0-782bcb39b999}.TMContainer00000000000000000001.regtrans-ms [2013.02.20 22:10:17 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{ef2bc4c2-d686-11e1-aed0-782bcb39b999}.TMContainer00000000000000000002.regtrans-ms [2013.02.20 22:09:55 | 000,000,020 | -HS- | M] () -- C:\Users\****\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > und Extra.txt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.05.2013 13:46:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16580) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,70 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 61,93% Memory free 4,32 Gb Paging File | 2,69 Gb Available in Paging File | 62,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,95 Gb Total Space | 372,25 Gb Free Space | 82,55% Space Free | Partition Type: NTFS Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{462CBB38-5E4E-4E25-B5D8-1BA0B20EAE6C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0028A808-58DC-4628-A9C6-C5DEF1281AE0}" = dir=out | name=taptiles | "{0385B554-EA81-4EAD-8FC1-517BE8C061D6}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{03C9FE5A-10D6-4298-A123-98683728FC9B}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{05BA9105-A51A-441C-9C3C-3ED32DCC72D2}" = dir=out | name=7digital music store | "{0697304B-D027-4742-A49D-4C55F8930A66}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | "{0787257D-958F-40EB-9CF9-A66DA3E75145}" = dir=out | name=abfahrtsmonitor | "{135227B1-5701-483C-B52E-33D61840E7F0}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{15ADF715-0634-4846-91C5-F7A7BFB190E8}" = dir=out | name=social jogger | "{166F15FE-4211-4DD5-8F49-853AAA042178}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe | "{1A3496DB-4E8C-449F-99D3-0C9506FD6907}" = dir=in | name=evernote touch | "{1E7F9FFC-4B05-4642-8017-C880D41F5A61}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | "{1FB4C8AE-017E-43D0-9534-3526A245A018}" = dir=in | app=c:\users\****\appdata\local\microsoft\skydrive\skydrive.exe | "{24486BDF-6ED6-46F3-8B31-124ABEFBA918}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{26D08E62-B0AE-47FB-883B-F154907505C2}" = dir=out | name=@{babbel.com.learnenglishwithbabbel.com_1.0.1.10_x64__qy1gdghayqfcm?ms-resource://babbel.com.learnenglishwithbabbel.com/apptitles/app_title} | "{2CE4C24D-E46C-478E-935F-38C3CC75B212}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | "{2D9109EF-8774-48F9-A4EE-1361A724F231}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | "{33C2151C-D07A-4B08-85E1-0834C2EB5E68}" = dir=in | name=ebay | "{38837E82-785C-4326-B90C-B608E02D7AE1}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{3EA96328-8BE6-454C-8653-35763DE309FA}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | "{4C1DD3DA-27F8-4797-9D6B-9ECDA11E6AF0}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{4D4D16F5-F684-41E1-B253-0CE59996F41D}" = dir=out | name=@{44352gadgetwe.unitconversion_1.0.1.4_neutral__wrnqd43hr7tc6?ms-resource://44352gadgetwe.unitconversion/resources/appstorename} | "{4F074E7B-42EB-4C0D-8DAD-639CD958BD4A}" = dir=out | name=canon inkjet print utility | "{53B279EC-9398-4491-9BDB-861EB48DE5F9}" = dir=out | name=open parlament | "{5476B231-E593-460C-B8B1-4C88117E31C5}" = dir=out | name=ebay | "{55EDEBFF-6113-46BA-BF39-1B3CE342A318}" = dir=out | name=windows_ie_ac_001 | "{5622E8CE-96AC-4BC7-BF64-039CB7F30BE7}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{5CBF1022-8952-4B56-8352-81F67F39A146}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{5CCC98B8-873D-43EE-9CCE-4C2FE8DC3D97}" = dir=out | name=cut the rope | "{5E2EE78E-3C15-4018-B719-F4A4A189024E}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | "{5F3D9E76-749C-4E8D-A55F-8FDDC7E12268}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{616349C1-B759-422E-A191-9512DDC96C11}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{6685371E-20E3-4F89-89A3-01F451D68441}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "{732DF4B4-5491-4F3E-8798-3F7347D1676B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | "{760327DA-19CB-4C46-A518-A15E124A558E}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{762FCD47-8325-4E93-A43B-C6590F8CF5D4}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | "{7889828A-91F2-4566-97B8-5F7892827712}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | "{7C17EF79-FEA8-4E4E-9FC5-C14A156A89B3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{7C56CACA-15B0-4D89-927A-E1E2C8C164B5}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | "{7CBC6EE2-D982-4FA9-9B46-1E62D0346B55}" = dir=out | name=kindle | "{7EC5E834-E2C1-434A-A8ED-B77985C87218}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{80B5DE6A-B9BA-4455-BDFA-6493C66CEBCD}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe | "{815EF485-B911-4566-89B1-8E062A98EB7B}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{86F01CA9-DC55-4CE0-990A-49DCADB3530D}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | "{8E1AD217-DC53-4EB9-83CC-6D5A48BE5B82}" = dir=out | name=evernote touch | "{90254326-C0D9-496F-98DA-FA6F5996425A}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe | "{92D43822-6528-4FF3-B3D7-CD7662D1B874}" = dir=out | name=amazon | "{97A4C780-B22F-48EC-B0E0-8B1476ECABA2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{990E6C44-515A-46E8-9D60-E5E5D88F45C6}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{9AA8882A-DDF3-4FF7-9411-3106988385A6}" = dir=out | name=txtr reader | "{9B44ACC5-8682-4C37-B176-9B23F34E85C0}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{9DA0ED78-B56C-4247-A410-42349324932F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{9EE55D6A-A89B-4C62-BCC0-D22F447E37F9}" = dir=out | name=microsoft mahjong | "{A3D4BCE2-D771-4446-8A0E-D4FA7651C7D2}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{A7AA219D-B5A9-4E01-9A1D-623F45BCD245}" = dir=out | name=acer explorer | "{A7EBC048-70C4-4F53-9F5C-ACD0AEE5C95D}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{AE5063DE-5ECB-48D8-B068-0B79AC9CC4BF}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | "{B04EBDF7-FDF0-4529-9E0E-0C05AE517CBE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B34374FB-D57C-433A-99B8-8DAA36129186}" = dir=out | name=newsxpresso metro | "{B6CD2F1D-9ECE-4A95-AC64-9BA06077AD69}" = dir=out | name=microsoft minesweeper | "{B8712D2F-9FF6-4A95-9BDD-64D62CF2ED45}" = dir=out | name=google search | "{BB42A541-009F-4C43-97F1-6436673D79D1}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe | "{BF7A83AF-BC0C-4AFD-AD2A-B7302D4369C9}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{C0CDA847-7367-4836-B83F-AF87AF22DD74}" = dir=out | name=post mobil | "{C211D90A-329A-40E9-A94A-A461B82901FF}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{C2BA1E0D-B0CB-43F9-BDA0-69B206CC0816}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "{C363B401-1615-4439-A9CE-190C4B7C4B2E}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe | "{C44A4E32-C5C3-4E34-A162-BAD684F7CADB}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{C4C16FF8-F247-457C-8D2A-69B1DEE88ACB}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | "{C806F73A-4ADB-4ADF-AC3A-E81B55A809AA}" = dir=out | name=acer crystal eye | "{C855239C-19C9-45AF-B952-5AE5E6FAA2AA}" = dir=out | name=tunein radio | "{C907167F-E90F-414D-82B8-C38261346DF4}" = dir=out | name=microsoft solitaire collection | "{CAAADC53-0F89-4202-B3A2-9317C439E7B7}" = dir=in | app=c2outlooksync.exe | "{D078EBD5-669D-4912-A87B-CD3DB33C453F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{D95B1E73-4EB0-457D-AE2D-A05D65B76B09}" = dir=out | name=espresso mind map light | "{DBB44F89-7023-48DE-BCA4-86F0A3F0239C}" = dir=out | name=skitch | "{DF2C274D-849B-455E-9434-DACD78854095}" = dir=out | name=weatherbug | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E7F15E9A-906D-464C-8676-5C54F71F09C2}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | "{EA5E1948-1FF1-44DF-A888-86877C2DA515}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F0BE0ADA-A446-4BB2-9CED-202F350E03E7}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | "{F50976F3-D5D8-4AD5-9BFB-EBBD482C0A6F}" = dir=out | name=@{31026mc2.crosswordsclassicbydynamindstudio_1.0.0.16_neutral__fxfta2ss2hbe6?ms-resource://31026mc2.crosswordsclassicbydynamindstudio/resources/appname} | "{FBF8FD0A-040D-49A2-81D5-0327681487D9}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{FD3CF9FE-488A-4D6E-B5E3-C5D05C70DA76}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | "{FFED52E2-C26E-4AEF-A261-A261715AF567}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | "TCP Query User{66A7C0A9-DD59-402F-BCA4-0F9837E4928D}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | "UDP Query User{49D295DF-A524-499F-AF37-FBEB71959EA8}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{23170F69-40C1-2702-0930-000001000000}" = 7-Zip 9.30 (x64 edition) "{2F1EB597-74DA-2C71-C065-BF4C6B89062C}" = AMD Accelerated Video Transcoding "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7BABDF85-566A-FCC6-E6FE-12DCFF3F9FEB}" = AMD Catalyst Install Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component "{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management "{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64) "{CE02F046-9083-701A-0996-96190306DD5E}" = ccc-utility64 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "1DDB4A6E49CF5EAED4A0629D104ACFC2CC28EFED" = Windows-Treiberpaket - Citrix Systems monblanking Citrix Driver (06/27/2012 6.3.0.48) "CutePDF Writer Installation" = CutePDF Writer 3.0 "Elantech" = ETDWare PS/2-X64 11.6.8.001_WHQL "O365HomePremRetail - de-de" = Microsoft Office 365 Home Premium - de-de [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{09051A99-111D-4497-8657-EA8A07B47E0B}" = Microsoft S/MIME "{0CB90E9C-E1C9-4A83-04D3-BF7A6CB9C376}" = CCC Help Japanese "{0CCE1791-4AD2-0202-2FE9-308D47482C46}" = CCC Help Spanish "{0F4A9F62-336C-A3DB-3DCB-5E35CCF908D3}" = CCC Help Finnish "{11759AFC-C44B-4C88-AEFA-235687FBC88F}" = GoToMyPC "{136F0577-FF5A-3978-4535-3F8034697982}" = AMD VISION Engine Control Center "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{234378F3-28CC-9038-8732-DE44FCD53384}" = CCC Help German "{25347987-6E58-A41F-19D8-D55EACF69DAF}" = CCC Help French "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation "{32DD0880-9000-988D-28FA-CBEC75ADE655}" = CCC Help Swedish "{33FA327B-E7E2-4E38-BF1A-67DCE285BD5C}" = Catalyst Control Center - Branding "{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2 "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4 "{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card "{3EADFC9D-5747-1F40-B2C9-35EDB21C3B7A}" = CCC Help Portuguese "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{4993BB61-D98D-8AC1-3F15-1DF54E51192C}" = CCC Help Danish "{4B79E2D3-C5CF-3A41-929E-4FD8D90EE1C3}" = CCC Help Korean "{4D421EC9-86D0-473B-9F7A-0F1220A8E4DF}" = iMindMap 6 "{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant "{679F4771-F0E8-BB49-1CB7-6FEEA109DE6A}" = CCC Help Thai "{698B2C9E-A1B6-37F7-C1E1-EEE252ADC1D0}" = CCC Help Czech "{6EC7E0E1-5BCA-A74E-CA99-79E765BB271E}" = Catalyst Control Center Localization All "{700EC2DC-84AC-1C3E-0106-CB11B5B4F7D3}" = CCC Help Dutch "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74D10916-2A98-A824-3CA2-9668D64A0231}" = CCC Help Greek "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component "{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component "{9100F286-8053-6382-2DF1-8F50F9E17597}" = CCC Help Italian "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4 "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A0E1F04B-9B85-5EEB-86C4-435567588EC3}" = CCC Help Norwegian "{A3DD31D0-9B99-7222-B038-7D7EF43ED72C}" = Catalyst Control Center InstallProxy "{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud "{A6ACFAF3-71E6-88DC-083B-C21F15D2C334}" = CCC Help Russian "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{B58AC487-F6E9-336E-204C-DD48F0057CDD}" = CCC Help English "{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo "{B860F5DA-9908-FF57-005C-3BBABDB60E7A}" = CCC Help Chinese Standard "{C19CF633-FAD0-47EC-8276-10F3734D217B}" = Alcor Micro USB Card Reader "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs "{D0F2B581-5AE4-70B3-95D0-E761BC89E686}" = CCC Help Hungarian "{D3EAAC35-98A9-8231-2648-0C3BB84606A6}" = CCC Help Polish "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E99A5F3B-50D0-F66F-6FDB-C0DC1B90973E}" = CCC Help Turkish "{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media "{EB8920E9-5534-2E03-BE4B-B050C9736676}" = Catalyst Control Center Graphics Previews Common "{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2 "{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2F8656A-BDEC-0852-D9FB-8088B9357EA5}" = CCC Help Chinese Traditional "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung "Adobe AIR" = Adobe AIR "AmUStor" = Alcor Micro USB Card Reader "AudibleManager" = AudibleManager "Avira AntiVir Desktop" = Avira Antivirus Premium "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "f42012" = f4 2012 "Google Calendar Sync" = Google Calendar Sync "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager "LManager" = Launch Manager "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Mobile Partner" = Mobile Partner "Spotify" = Spotify "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-819108653-2580796249-2928164313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "DSite" = Update for Image Editor "SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.05.2013 04:02:00 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 06:56:10 | Computer Name = **** | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second [ System Events ] Error - 16.04.2013 00:04:52 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 00:09:37 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 00:09:43 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 00:14:37 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 00:23:19 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 09:18:29 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 09:18:29 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 09:18:29 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 17:15:33 | Computer Name = **** | Source = DCOM | ID = 10016 Description = Error - 16.04.2013 17:15:41 | Computer Name = **** | Source = DCOM | ID = 10016 Description = < End of report > |
23.05.2013, 13:51 | #6 |
| Delta Search Babylon und Extra.txt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.05.2013 13:46:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16580) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,70 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 61,93% Memory free 4,32 Gb Paging File | 2,69 Gb Available in Paging File | 62,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,95 Gb Total Space | 372,25 Gb Free Space | 82,55% Space Free | Partition Type: NTFS Computer Name: **** | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{462CBB38-5E4E-4E25-B5D8-1BA0B20EAE6C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0028A808-58DC-4628-A9C6-C5DEF1281AE0}" = dir=out | name=taptiles | "{0385B554-EA81-4EAD-8FC1-517BE8C061D6}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{03C9FE5A-10D6-4298-A123-98683728FC9B}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{05BA9105-A51A-441C-9C3C-3ED32DCC72D2}" = dir=out | name=7digital music store | "{0697304B-D027-4742-A49D-4C55F8930A66}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | "{0787257D-958F-40EB-9CF9-A66DA3E75145}" = dir=out | name=abfahrtsmonitor | "{135227B1-5701-483C-B52E-33D61840E7F0}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{15ADF715-0634-4846-91C5-F7A7BFB190E8}" = dir=out | name=social jogger | "{166F15FE-4211-4DD5-8F49-853AAA042178}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe | "{1A3496DB-4E8C-449F-99D3-0C9506FD6907}" = dir=in | name=evernote touch | "{1E7F9FFC-4B05-4642-8017-C880D41F5A61}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | "{1FB4C8AE-017E-43D0-9534-3526A245A018}" = dir=in | app=c:\users\****\appdata\local\microsoft\skydrive\skydrive.exe | "{24486BDF-6ED6-46F3-8B31-124ABEFBA918}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{26D08E62-B0AE-47FB-883B-F154907505C2}" = dir=out | name=@{babbel.com.learnenglishwithbabbel.com_1.0.1.10_x64__qy1gdghayqfcm?ms-resource://babbel.com.learnenglishwithbabbel.com/apptitles/app_title} | "{2CE4C24D-E46C-478E-935F-38C3CC75B212}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | "{2D9109EF-8774-48F9-A4EE-1361A724F231}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | "{33C2151C-D07A-4B08-85E1-0834C2EB5E68}" = dir=in | name=ebay | "{38837E82-785C-4326-B90C-B608E02D7AE1}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{3EA96328-8BE6-454C-8653-35763DE309FA}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | "{4C1DD3DA-27F8-4797-9D6B-9ECDA11E6AF0}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{4D4D16F5-F684-41E1-B253-0CE59996F41D}" = dir=out | name=@{44352gadgetwe.unitconversion_1.0.1.4_neutral__wrnqd43hr7tc6?ms-resource://44352gadgetwe.unitconversion/resources/appstorename} | "{4F074E7B-42EB-4C0D-8DAD-639CD958BD4A}" = dir=out | name=canon inkjet print utility | "{53B279EC-9398-4491-9BDB-861EB48DE5F9}" = dir=out | name=open parlament | "{5476B231-E593-460C-B8B1-4C88117E31C5}" = dir=out | name=ebay | "{55EDEBFF-6113-46BA-BF39-1B3CE342A318}" = dir=out | name=windows_ie_ac_001 | "{5622E8CE-96AC-4BC7-BF64-039CB7F30BE7}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{5CBF1022-8952-4B56-8352-81F67F39A146}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{5CCC98B8-873D-43EE-9CCE-4C2FE8DC3D97}" = dir=out | name=cut the rope | "{5E2EE78E-3C15-4018-B719-F4A4A189024E}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | "{5F3D9E76-749C-4E8D-A55F-8FDDC7E12268}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{616349C1-B759-422E-A191-9512DDC96C11}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{6685371E-20E3-4F89-89A3-01F451D68441}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "{732DF4B4-5491-4F3E-8798-3F7347D1676B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | "{760327DA-19CB-4C46-A518-A15E124A558E}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{762FCD47-8325-4E93-A43B-C6590F8CF5D4}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | "{7889828A-91F2-4566-97B8-5F7892827712}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | "{7C17EF79-FEA8-4E4E-9FC5-C14A156A89B3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{7C56CACA-15B0-4D89-927A-E1E2C8C164B5}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\dropbox\bin\dropbox.exe | "{7CBC6EE2-D982-4FA9-9B46-1E62D0346B55}" = dir=out | name=kindle | "{7EC5E834-E2C1-434A-A8ED-B77985C87218}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{80B5DE6A-B9BA-4455-BDFA-6493C66CEBCD}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\backupmanager.exe | "{815EF485-B911-4566-89B1-8E062A98EB7B}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{86F01CA9-DC55-4CE0-990A-49DCADB3530D}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | "{8E1AD217-DC53-4EB9-83CC-6D5A48BE5B82}" = dir=out | name=evernote touch | "{90254326-C0D9-496F-98DA-FA6F5996425A}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\ischedulesvc.exe | "{92D43822-6528-4FF3-B3D7-CD7662D1B874}" = dir=out | name=amazon | "{97A4C780-B22F-48EC-B0E0-8B1476ECABA2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{990E6C44-515A-46E8-9D60-E5E5D88F45C6}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{9AA8882A-DDF3-4FF7-9411-3106988385A6}" = dir=out | name=txtr reader | "{9B44ACC5-8682-4C37-B176-9B23F34E85C0}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{9DA0ED78-B56C-4247-A410-42349324932F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{9EE55D6A-A89B-4C62-BCC0-D22F447E37F9}" = dir=out | name=microsoft mahjong | "{A3D4BCE2-D771-4446-8A0E-D4FA7651C7D2}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{A7AA219D-B5A9-4E01-9A1D-623F45BCD245}" = dir=out | name=acer explorer | "{A7EBC048-70C4-4F53-9F5C-ACD0AEE5C95D}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{AE5063DE-5ECB-48D8-B068-0B79AC9CC4BF}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | "{B04EBDF7-FDF0-4529-9E0E-0C05AE517CBE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{B34374FB-D57C-433A-99B8-8DAA36129186}" = dir=out | name=newsxpresso metro | "{B6CD2F1D-9ECE-4A95-AC64-9BA06077AD69}" = dir=out | name=microsoft minesweeper | "{B8712D2F-9FF6-4A95-9BDD-64D62CF2ED45}" = dir=out | name=google search | "{BB42A541-009F-4C43-97F1-6436673D79D1}" = dir=in | app=c:\program files (x86)\nti\acer backup manager\fileexplorer.exe | "{BF7A83AF-BC0C-4AFD-AD2A-B7302D4369C9}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{C0CDA847-7367-4836-B83F-AF87AF22DD74}" = dir=out | name=post mobil | "{C211D90A-329A-40E9-A94A-A461B82901FF}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{C2BA1E0D-B0CB-43F9-BDA0-69B206CC0816}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | "{C363B401-1615-4439-A9CE-190C4B7C4B2E}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe | "{C44A4E32-C5C3-4E34-A162-BAD684F7CADB}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{C4C16FF8-F247-457C-8D2A-69B1DEE88ACB}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | "{C806F73A-4ADB-4ADF-AC3A-E81B55A809AA}" = dir=out | name=acer crystal eye | "{C855239C-19C9-45AF-B952-5AE5E6FAA2AA}" = dir=out | name=tunein radio | "{C907167F-E90F-414D-82B8-C38261346DF4}" = dir=out | name=microsoft solitaire collection | "{CAAADC53-0F89-4202-B3A2-9317C439E7B7}" = dir=in | app=c2outlooksync.exe | "{D078EBD5-669D-4912-A87B-CD3DB33C453F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{D95B1E73-4EB0-457D-AE2D-A05D65B76B09}" = dir=out | name=espresso mind map light | "{DBB44F89-7023-48DE-BCA4-86F0A3F0239C}" = dir=out | name=skitch | "{DF2C274D-849B-455E-9434-DACD78854095}" = dir=out | name=weatherbug | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E7F15E9A-906D-464C-8676-5C54F71F09C2}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | "{EA5E1948-1FF1-44DF-A888-86877C2DA515}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F0BE0ADA-A446-4BB2-9CED-202F350E03E7}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | "{F50976F3-D5D8-4AD5-9BFB-EBBD482C0A6F}" = dir=out | name=@{31026mc2.crosswordsclassicbydynamindstudio_1.0.0.16_neutral__fxfta2ss2hbe6?ms-resource://31026mc2.crosswordsclassicbydynamindstudio/resources/appname} | "{FBF8FD0A-040D-49A2-81D5-0327681487D9}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{FD3CF9FE-488A-4D6E-B5E3-C5D05C70DA76}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | "{FFED52E2-C26E-4AEF-A261-A261715AF567}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | "TCP Query User{66A7C0A9-DD59-402F-BCA4-0F9837E4928D}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | "UDP Query User{49D295DF-A524-499F-AF37-FBEB71959EA8}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes "{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{23170F69-40C1-2702-0930-000001000000}" = 7-Zip 9.30 (x64 edition) "{2F1EB597-74DA-2C71-C065-BF4C6B89062C}" = AMD Accelerated Video Transcoding "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}" = Acer Device Fast-lane "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7BABDF85-566A-FCC6-E6FE-12DCFF3F9FEB}" = AMD Catalyst Install Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component "{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management "{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64) "{CE02F046-9083-701A-0996-96190306DD5E}" = ccc-utility64 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "1DDB4A6E49CF5EAED4A0629D104ACFC2CC28EFED" = Windows-Treiberpaket - Citrix Systems monblanking Citrix Driver (06/27/2012 6.3.0.48) "CutePDF Writer Installation" = CutePDF Writer 3.0 "Elantech" = ETDWare PS/2-X64 11.6.8.001_WHQL "O365HomePremRetail - de-de" = Microsoft Office 365 Home Premium - de-de [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{09051A99-111D-4497-8657-EA8A07B47E0B}" = Microsoft S/MIME "{0CB90E9C-E1C9-4A83-04D3-BF7A6CB9C376}" = CCC Help Japanese "{0CCE1791-4AD2-0202-2FE9-308D47482C46}" = CCC Help Spanish "{0F4A9F62-336C-A3DB-3DCB-5E35CCF908D3}" = CCC Help Finnish "{11759AFC-C44B-4C88-AEFA-235687FBC88F}" = GoToMyPC "{136F0577-FF5A-3978-4535-3F8034697982}" = AMD VISION Engine Control Center "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{234378F3-28CC-9038-8732-DE44FCD53384}" = CCC Help German "{25347987-6E58-A41F-19D8-D55EACF69DAF}" = CCC Help French "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation "{32DD0880-9000-988D-28FA-CBEC75ADE655}" = CCC Help Swedish "{33FA327B-E7E2-4E38-BF1A-67DCE285BD5C}" = Catalyst Control Center - Branding "{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2 "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4 "{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card "{3EADFC9D-5747-1F40-B2C9-35EDB21C3B7A}" = CCC Help Portuguese "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{4993BB61-D98D-8AC1-3F15-1DF54E51192C}" = CCC Help Danish "{4B79E2D3-C5CF-3A41-929E-4FD8D90EE1C3}" = CCC Help Korean "{4D421EC9-86D0-473B-9F7A-0F1220A8E4DF}" = iMindMap 6 "{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant "{679F4771-F0E8-BB49-1CB7-6FEEA109DE6A}" = CCC Help Thai "{698B2C9E-A1B6-37F7-C1E1-EEE252ADC1D0}" = CCC Help Czech "{6EC7E0E1-5BCA-A74E-CA99-79E765BB271E}" = Catalyst Control Center Localization All "{700EC2DC-84AC-1C3E-0106-CB11B5B4F7D3}" = CCC Help Dutch "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74D10916-2A98-A824-3CA2-9668D64A0231}" = CCC Help Greek "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component "{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component "{9100F286-8053-6382-2DF1-8F50F9E17597}" = CCC Help Italian "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Backup Manager v4 "{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR "{A0E1F04B-9B85-5EEB-86C4-435567588EC3}" = CCC Help Norwegian "{A3DD31D0-9B99-7222-B038-7D7EF43ED72C}" = Catalyst Control Center InstallProxy "{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud "{A6ACFAF3-71E6-88DC-083B-C21F15D2C334}" = CCC Help Russian "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{B58AC487-F6E9-336E-204C-DD48F0057CDD}" = CCC Help English "{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo "{B860F5DA-9908-FF57-005C-3BBABDB60E7A}" = CCC Help Chinese Standard "{C19CF633-FAD0-47EC-8276-10F3734D217B}" = Alcor Micro USB Card Reader "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs "{D0F2B581-5AE4-70B3-95D0-E761BC89E686}" = CCC Help Hungarian "{D3EAAC35-98A9-8231-2648-0C3BB84606A6}" = CCC Help Polish "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E99A5F3B-50D0-F66F-6FDB-C0DC1B90973E}" = CCC Help Turkish "{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media "{EB8920E9-5534-2E03-BE4B-B050C9736676}" = Catalyst Control Center Graphics Previews Common "{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2 "{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2F8656A-BDEC-0852-D9FB-8088B9357EA5}" = CCC Help Chinese Traditional "1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = GMX Softwareaktualisierung "Adobe AIR" = Adobe AIR "AmUStor" = Alcor Micro USB Card Reader "AudibleManager" = AudibleManager "Avira AntiVir Desktop" = Avira Antivirus Premium "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "f42012" = f4 2012 "Google Calendar Sync" = Google Calendar Sync "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite "InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}" = Acer Backup Manager "LManager" = Launch Manager "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Mobile Partner" = Mobile Partner "Spotify" = Spotify "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-819108653-2580796249-2928164313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "DSite" = Update for Image Editor "SkyDriveSetup.exe" = Microsoft SkyDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 13.05.2013 04:02:00 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:10 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 04:02:22 | Computer Name = **** | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Die Daten sind unzulässig. . Error - 13.05.2013 06:56:10 | Computer Name = **** | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second [ System Events ] Error - 16.04.2013 00:04:52 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 00:09:37 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 00:09:43 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 00:14:37 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 00:23:19 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 09:18:29 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 09:18:29 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 09:18:29 | Computer Name = **** | Source = Schannel | ID = 36888 Description = Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 51. Der Windows-SChannel-Fehlerstatus lautet: 900. Error - 16.04.2013 17:15:33 | Computer Name = **** | Source = DCOM | ID = 10016 Description = Error - 16.04.2013 17:15:41 | Computer Name = **** | Source = DCOM | ID = 10016 Description = < End of report > |
23.05.2013, 13:55 | #7 |
/// Malware-holic | Delta Search Babylon Hi, Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
23.05.2013, 14:09 | #8 |
| Delta Search Babylon Hat keine threats gefunden :-) Ist mein PC nun wieder sauber? |
23.05.2013, 14:21 | #9 |
/// Malware-holic | Delta Search Babylon log bitte posten. steht ja auch in der Anleitung.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
23.05.2013, 14:26 | #10 |
| Delta Search Babylon Log sagt: 15:06:01.0021 5704 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 15:06:01.0021 5704 UEFI system 15:06:01.0208 5704 ============================================================ 15:06:01.0208 5704 Current date / time: 2013/05/23 15:06:01.0208 15:06:01.0208 5704 SystemInfo: 15:06:01.0208 5704 15:06:01.0208 5704 OS Version: 6.2.9200 ServicePack: 0.0 15:06:01.0208 5704 Product type: Workstation 15:06:01.0208 5704 ComputerName: KATRIN 15:06:01.0208 5704 UserName: Katrin 15:06:01.0208 5704 Windows directory: C:\Windows 15:06:01.0208 5704 System windows directory: C:\Windows 15:06:01.0208 5704 Running under WOW64 15:06:01.0208 5704 Processor architecture: Intel x64 15:06:01.0208 5704 Number of processors: 2 15:06:01.0208 5704 Page size: 0x1000 15:06:01.0208 5704 Boot type: Normal boot 15:06:01.0208 5704 ============================================================ 15:06:02.0300 5704 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:06:02.0331 5704 ============================================================ 15:06:02.0331 5704 \Device\Harddisk0\DR0: 15:06:02.0331 5704 GPT partitions: 15:06:02.0331 5704 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {FA076E81-C6A8-48C3-A376-874912BFA43F}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000 15:06:02.0331 5704 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {45D4D8E9-2A63-4025-85F3-57408FEE6A3A}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000 15:06:02.0331 5704 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EB95D7A0-88D3-43EC-B826-8BC6E3F41315}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000 15:06:02.0331 5704 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {FBF29170-E8C7-4413-961C-0AB7794FBE0A}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x385E7800 15:06:02.0331 5704 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {1C28F99C-30D9-4AAA-AB47-6DC71C8D2161}, Name: Basic data partition, StartLBA 0x38786000, BlocksNum 0x1C00000 15:06:02.0331 5704 MBR partitions: 15:06:02.0331 5704 ============================================================ 15:06:02.0347 5704 C: <-> \Device\Harddisk0\DR0\Partition4 15:06:02.0347 5704 ============================================================ 15:06:02.0347 5704 Initialize success 15:06:02.0347 5704 ============================================================ 15:07:52.0766 2900 ============================================================ 15:07:52.0766 2900 Scan started 15:07:52.0766 2900 Mode: Manual; SigCheck; TDLFS; 15:07:52.0766 2900 ============================================================ 15:07:53.0452 2900 ================ Scan system memory ======================== 15:07:53.0452 2900 System memory - ok 15:07:53.0452 2900 ================ Scan services ============================= 15:07:53.0624 2900 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys 15:07:53.0764 2900 1394ohci - ok 15:07:53.0780 2900 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys 15:07:53.0826 2900 3ware - ok 15:07:53.0873 2900 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys 15:07:53.0920 2900 ACPI - ok 15:07:53.0967 2900 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys 15:07:53.0998 2900 acpiex - ok 15:07:54.0029 2900 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys 15:07:54.0076 2900 acpipagr - ok 15:07:54.0107 2900 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys 15:07:54.0170 2900 AcpiPmi - ok 15:07:54.0170 2900 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys 15:07:54.0232 2900 acpitime - ok 15:07:54.0295 2900 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:07:54.0326 2900 AdobeARMservice - ok 15:07:54.0357 2900 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 15:07:54.0419 2900 adp94xx - ok 15:07:54.0435 2900 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys 15:07:54.0482 2900 adpahci - ok 15:07:54.0497 2900 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 15:07:54.0544 2900 adpu320 - ok 15:07:54.0607 2900 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:07:54.0669 2900 AeLookupSvc - ok 15:07:54.0716 2900 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys 15:07:54.0809 2900 AFD - ok 15:07:54.0841 2900 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:07:54.0887 2900 agp440 - ok 15:07:54.0919 2900 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe 15:07:55.0012 2900 ALG - ok 15:07:55.0043 2900 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll 15:07:55.0106 2900 AllUserInstallAgent - ok 15:07:55.0137 2900 [ 873A771EB58CE14BBFFBB290ACF5D4E4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 15:07:55.0246 2900 AMD External Events Utility - ok 15:07:55.0293 2900 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys 15:07:55.0355 2900 AmdK8 - ok 15:07:55.0636 2900 [ 5C4BB6AC06160C06DE04A3463DC8786B ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 15:07:56.0026 2900 amdkmdag - ok 15:07:56.0073 2900 [ E03813F54EBF5F3B5DF8AD010D883C23 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 15:07:56.0151 2900 amdkmdap - ok 15:07:56.0182 2900 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys 15:07:56.0213 2900 AmdPPM - ok 15:07:56.0245 2900 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys 15:07:56.0291 2900 amdsata - ok 15:07:56.0323 2900 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 15:07:56.0369 2900 amdsbs - ok 15:07:56.0385 2900 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys 15:07:56.0432 2900 amdxata - ok 15:07:56.0463 2900 [ C7BE7FBB9B6BDE11E12A0F204384C1D6 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS 15:07:56.0525 2900 AmUStor - ok 15:07:56.0588 2900 [ 05676A56207CA37F3E76FAB3CEB97BD7 ] AntiVirMailService C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe 15:07:56.0619 2900 AntiVirMailService - ok 15:07:56.0650 2900 [ 90C69DF5FB36F8B74109583652575BD3 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 15:07:56.0666 2900 AntiVirSchedulerService - ok 15:07:56.0697 2900 [ B6F85597831F63C27FD278F4E05C3020 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 15:07:56.0728 2900 AntiVirService - ok 15:07:56.0775 2900 [ 3370240F20C2AA5E17CD73F065D02FC1 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 15:07:56.0806 2900 AntiVirWebService - ok 15:07:56.0853 2900 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys 15:07:56.0931 2900 AppID - ok 15:07:56.0962 2900 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll 15:07:57.0025 2900 AppIDSvc - ok 15:07:57.0071 2900 [ 4F750B7EFCB6520AE01E01D082D7D476 ] Appinfo C:\Windows\System32\appinfo.dll 15:07:57.0134 2900 Appinfo - ok 15:07:57.0212 2900 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 15:07:57.0243 2900 Apple Mobile Device - ok 15:07:57.0259 2900 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys 15:07:57.0290 2900 arc - ok 15:07:57.0321 2900 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys 15:07:57.0352 2900 arcsas - ok 15:07:57.0368 2900 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:07:57.0415 2900 AsyncMac - ok 15:07:57.0430 2900 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys 15:07:57.0461 2900 atapi - ok 15:07:57.0493 2900 [ 4885C14A6AB6969B5773A42DA0BA3DA4 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys 15:07:57.0508 2900 AthBTPort - ok 15:07:57.0571 2900 [ 7CA5397A47843B0BD36898F32F2D403B ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 15:07:57.0586 2900 AtherosSvc - ok 15:07:57.0711 2900 [ 8A869761F8A024DD2EA77E155BFAABFF ] athr C:\Windows\system32\DRIVERS\athw8x.sys 15:07:57.0914 2900 athr - ok 15:07:57.0961 2900 [ 506907D2E7F3A5B67DBD39C00A788B7C ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW86.sys 15:07:57.0976 2900 AtiHDAudioService - ok 15:07:58.0023 2900 [ BCD7A47EF587DC00DD61D12D9C2D1E44 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll 15:07:58.0101 2900 AudioEndpointBuilder - ok 15:07:58.0148 2900 [ 810F30FF8490ED5ED510621DF10DE320 ] Audiosrv C:\Windows\System32\Audiosrv.dll 15:07:58.0210 2900 Audiosrv - ok 15:07:58.0257 2900 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 15:07:58.0273 2900 avgntflt - ok 15:07:58.0304 2900 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 15:07:58.0319 2900 avipbb - ok 15:07:58.0351 2900 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 15:07:58.0366 2900 avkmgr - ok 15:07:58.0413 2900 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll 15:07:58.0491 2900 AxInstSV - ok 15:07:58.0538 2900 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 15:07:58.0600 2900 b06bdrv - ok 15:07:58.0631 2900 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys 15:07:58.0694 2900 BasicDisplay - ok 15:07:58.0709 2900 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys 15:07:58.0756 2900 BasicRender - ok 15:07:58.0897 2900 [ 2FE2E0EBCDF1EF22A34B44CED1E59893 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl63a.sys 15:07:59.0178 2900 BCM43XX - ok 15:07:59.0240 2900 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll 15:07:59.0287 2900 BDESVC - ok 15:07:59.0318 2900 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys 15:07:59.0365 2900 Beep - ok 15:07:59.0427 2900 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll 15:07:59.0490 2900 BFE - ok 15:07:59.0552 2900 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll 15:07:59.0630 2900 BITS - ok 15:07:59.0692 2900 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 15:07:59.0724 2900 Bonjour Service - ok 15:07:59.0755 2900 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:07:59.0848 2900 bowser - ok 15:07:59.0895 2900 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll 15:07:59.0942 2900 BrokerInfrastructure - ok 15:07:59.0973 2900 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll 15:08:00.0036 2900 Browser - ok 15:08:00.0083 2900 [ 942F3F6286056D6BBB5B02ED2B7088BD ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys 15:08:00.0114 2900 BTATH_A2DP - ok 15:08:00.0129 2900 [ 43C965027229D9FF6E52E4C71C03B09E ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys 15:08:00.0160 2900 btath_avdt - ok 15:08:00.0192 2900 [ 23CEDCD7527A26B222732A158F76EB24 ] BTATH_BUS C:\Windows\System32\drivers\btath_bus.sys 15:08:00.0223 2900 BTATH_BUS - ok 15:08:00.0238 2900 [ 3DD64966A764BCAFF07C9DC064BD410E ] BTATH_HCRP C:\Windows\System32\drivers\btath_hcrp.sys 15:08:00.0270 2900 BTATH_HCRP - ok 15:08:00.0301 2900 [ B68EE0721EAC305AB1C9C989CDF1AEFF ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys 15:08:00.0316 2900 BTATH_LWFLT - ok 15:08:00.0332 2900 [ EC7BB341229E9E6B04349580F55218B2 ] BTATH_RCP C:\Windows\System32\drivers\btath_rcp.sys 15:08:00.0363 2900 BTATH_RCP - ok 15:08:00.0394 2900 [ CBF4EF7E9FE86CE0CAB0A6472DE34A1C ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys 15:08:00.0472 2900 BtFilter - ok 15:08:00.0519 2900 [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys 15:08:00.0566 2900 BthAvrcpTg - ok 15:08:00.0613 2900 [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum C:\Windows\System32\drivers\BthEnum.sys 15:08:00.0660 2900 BthEnum - ok 15:08:00.0706 2900 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys 15:08:00.0769 2900 BthHFEnum - ok 15:08:00.0816 2900 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys 15:08:00.0878 2900 bthhfhid - ok 15:08:00.0909 2900 [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum C:\Windows\system32\DRIVERS\BthLEEnum.sys 15:08:00.0987 2900 BthLEEnum - ok 15:08:01.0018 2900 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys 15:08:01.0096 2900 BTHMODEM - ok 15:08:01.0128 2900 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 15:08:01.0174 2900 BthPan - ok 15:08:01.0237 2900 [ 13795CAA34239D97A7211E7F9D96E012 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 15:08:01.0330 2900 BTHPORT - ok 15:08:01.0346 2900 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll 15:08:01.0393 2900 bthserv - ok 15:08:01.0424 2900 [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 15:08:01.0471 2900 BTHUSB - ok 15:08:01.0580 2900 [ CFA963D67CF8791B2145ED9E2B89ED95 ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe 15:08:01.0705 2900 CCDMonitorService - ok 15:08:01.0736 2900 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:08:01.0814 2900 cdfs - ok 15:08:01.0845 2900 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys 15:08:01.0892 2900 cdrom - ok 15:08:01.0939 2900 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll 15:08:01.0986 2900 CertPropSvc - ok 15:08:02.0017 2900 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys 15:08:02.0095 2900 circlass - ok 15:08:02.0126 2900 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys 15:08:02.0189 2900 CLFS - ok 15:08:02.0235 2900 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys 15:08:02.0298 2900 CmBatt - ok 15:08:02.0345 2900 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys 15:08:02.0423 2900 CNG - ok 15:08:02.0438 2900 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys 15:08:02.0516 2900 CompositeBus - ok 15:08:02.0532 2900 COMSysApp - ok 15:08:02.0563 2900 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys 15:08:02.0625 2900 condrv - ok 15:08:02.0657 2900 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:08:02.0703 2900 CryptSvc - ok 15:08:02.0719 2900 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys 15:08:02.0766 2900 dam - ok 15:08:02.0813 2900 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll 15:08:02.0891 2900 DcomLaunch - ok 15:08:02.0937 2900 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll 15:08:03.0031 2900 defragsvc - ok 15:08:03.0078 2900 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll 15:08:03.0156 2900 DeviceAssociationService - ok 15:08:03.0218 2900 [ 91E80E3783883DA59A065E16AC031C3B ] DeviceFastLaneService C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe 15:08:03.0249 2900 DeviceFastLaneService - ok 15:08:03.0296 2900 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll 15:08:03.0343 2900 DeviceInstall - ok 15:08:03.0390 2900 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys 15:08:03.0421 2900 Dfsc - ok 15:08:03.0483 2900 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll 15:08:03.0561 2900 Dhcp - ok 15:08:03.0577 2900 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys 15:08:03.0639 2900 discache - ok 15:08:03.0655 2900 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys 15:08:03.0702 2900 disk - ok 15:08:03.0717 2900 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys 15:08:03.0795 2900 dmvsc - ok 15:08:03.0842 2900 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:08:03.0889 2900 Dnscache - ok 15:08:03.0920 2900 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll 15:08:03.0983 2900 dot3svc - ok 15:08:03.0998 2900 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll 15:08:04.0061 2900 DPS - ok 15:08:04.0108 2900 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:08:04.0170 2900 drmkaud - ok 15:08:04.0232 2900 [ 4E2C9C48316B2156B45B58687C7435AC ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe 15:08:04.0263 2900 DsiWMIService - ok 15:08:04.0279 2900 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll 15:08:04.0373 2900 DsmSvc - ok 15:08:04.0451 2900 [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:08:04.0560 2900 DXGKrnl - ok 15:08:04.0591 2900 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll 15:08:04.0638 2900 Eaphost - ok 15:08:04.0747 2900 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys 15:08:04.0965 2900 ebdrv - ok 15:08:05.0012 2900 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe 15:08:05.0075 2900 EFS - ok 15:08:05.0106 2900 [ AD23FC5DB336CA89A6FC2DA1F70E421C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe 15:08:05.0121 2900 EgisTec Ticket Service - ok 15:08:05.0168 2900 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys 15:08:05.0199 2900 EhStorClass - ok 15:08:05.0215 2900 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys 15:08:05.0262 2900 EhStorTcgDrv - ok 15:08:05.0340 2900 [ 3D897AAAAC4BC8D6F069DA3BB65D136D ] ePowerSvc C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe 15:08:05.0371 2900 ePowerSvc - ok 15:08:05.0387 2900 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys 15:08:05.0433 2900 ErrDev - ok 15:08:05.0465 2900 [ 733A4767D59459282B55B6C780239F47 ] ETD C:\Windows\system32\DRIVERS\ETD.sys 15:08:05.0511 2900 ETD - ok 15:08:05.0543 2900 [ 4D9102900BAF1E64596731F18C229C73 ] ETDService C:\Program Files\Elantech\ETDService.exe 15:08:05.0558 2900 ETDService - ok 15:08:05.0605 2900 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll 15:08:05.0683 2900 EventSystem - ok 15:08:05.0714 2900 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys 15:08:05.0777 2900 exfat - ok 15:08:05.0808 2900 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:08:05.0855 2900 fastfat - ok 15:08:05.0901 2900 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe 15:08:05.0964 2900 Fax - ok 15:08:05.0979 2900 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys 15:08:06.0026 2900 fdc - ok 15:08:06.0073 2900 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll 15:08:06.0151 2900 fdPHost - ok 15:08:06.0167 2900 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll 15:08:06.0229 2900 FDResPub - ok 15:08:06.0276 2900 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll 15:08:06.0323 2900 fhsvc - ok 15:08:06.0354 2900 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:08:06.0401 2900 FileInfo - ok 15:08:06.0416 2900 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:08:06.0479 2900 Filetrace - ok 15:08:06.0510 2900 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys 15:08:06.0557 2900 flpydisk - ok 15:08:06.0588 2900 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:08:06.0650 2900 FltMgr - ok 15:08:06.0713 2900 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll 15:08:06.0822 2900 FontCache - ok 15:08:06.0900 2900 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:08:06.0916 2900 FontCache3.0.0.0 - ok 15:08:06.0947 2900 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 15:08:06.0978 2900 FsDepends - ok 15:08:07.0025 2900 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:08:07.0056 2900 Fs_Rec - ok 15:08:07.0103 2900 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 15:08:07.0165 2900 fvevol - ok 15:08:07.0197 2900 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys 15:08:07.0243 2900 FxPPM - ok 15:08:07.0259 2900 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 15:08:07.0290 2900 gagp30kx - ok 15:08:07.0337 2900 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 15:08:07.0368 2900 GEARAspiWDM - ok 15:08:07.0399 2900 [ BF8BE103547EDDAA278BC52D565491A5 ] GemCCID C:\Windows\system32\DRIVERS\GemCCID.sys 15:08:07.0446 2900 GemCCID - ok 15:08:07.0462 2900 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys 15:08:07.0493 2900 gencounter - ok 15:08:07.0586 2900 [ BA9265336BE256E6138AE0A0CC09AE46 ] GoToMyPC C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe 15:08:07.0664 2900 GoToMyPC - ok 15:08:07.0711 2900 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys 15:08:07.0758 2900 GPIOClx0101 - ok 15:08:07.0820 2900 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll 15:08:07.0930 2900 gpsvc - ok 15:08:08.0008 2900 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:08:08.0039 2900 gupdate - ok 15:08:08.0039 2900 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 15:08:08.0070 2900 gupdatem - ok 15:08:08.0101 2900 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 15:08:08.0132 2900 gusvc - ok 15:08:08.0179 2900 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:08:08.0226 2900 HdAudAddService - ok 15:08:08.0273 2900 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys 15:08:08.0335 2900 HDAudBus - ok 15:08:08.0366 2900 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys 15:08:08.0398 2900 HidBatt - ok 15:08:08.0445 2900 [ 085F150D002B7F0153D3C06DDF33A143 ] HidBth C:\Windows\System32\drivers\hidbth.sys 15:08:08.0491 2900 HidBth - ok 15:08:08.0522 2900 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys 15:08:08.0585 2900 hidi2c - ok 15:08:08.0616 2900 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys 15:08:08.0678 2900 HidIr - ok 15:08:08.0725 2900 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll 15:08:08.0756 2900 hidserv - ok 15:08:08.0803 2900 [ 9E11EE0F2E117B2D5A835B2B91752827 ] HidUsb C:\Windows\System32\drivers\hidusb.sys 15:08:08.0850 2900 HidUsb - ok 15:08:08.0881 2900 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:08:08.0928 2900 hkmsvc - ok 15:08:08.0975 2900 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll 15:08:09.0037 2900 HomeGroupListener - ok 15:08:09.0084 2900 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll 15:08:09.0147 2900 HomeGroupProvider - ok 15:08:09.0178 2900 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 15:08:09.0209 2900 HpSAMD - ok 15:08:09.0271 2900 [ F4A91D985EB9D1D2717D538F3424603C ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:08:09.0349 2900 HTTP - ok 15:08:09.0396 2900 [ CDAA8E257BB625B2387219E605DDE37D ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 15:08:09.0443 2900 hwdatacard - ok 15:08:09.0474 2900 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 15:08:09.0505 2900 hwpolicy - ok 15:08:09.0537 2900 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys 15:08:09.0583 2900 hyperkbd - ok 15:08:09.0583 2900 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys 15:08:09.0630 2900 HyperVideo - ok 15:08:09.0661 2900 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys 15:08:09.0708 2900 i8042prt - ok 15:08:09.0739 2900 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 15:08:09.0802 2900 iaStorV - ok 15:08:09.0817 2900 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys 15:08:09.0849 2900 iirsp - ok 15:08:09.0911 2900 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll 15:08:10.0020 2900 IKEEXT - ok 15:08:10.0145 2900 [ 9CC645EB9697AA4F2D5A39835C80A0A2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 15:08:10.0348 2900 IntcAzAudAddService - ok 15:08:10.0363 2900 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys 15:08:10.0395 2900 intelide - ok 15:08:10.0426 2900 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys 15:08:10.0473 2900 intelppm - ok 15:08:10.0488 2900 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:08:10.0535 2900 IpFilterDriver - ok 15:08:10.0597 2900 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:08:10.0675 2900 iphlpsvc - ok 15:08:10.0675 2900 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys 15:08:10.0738 2900 IPMIDRV - ok 15:08:10.0753 2900 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 15:08:10.0816 2900 IPNAT - ok 15:08:10.0878 2900 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 15:08:10.0909 2900 iPod Service - ok 15:08:10.0925 2900 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:08:11.0003 2900 IRENUM - ok 15:08:11.0019 2900 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:08:11.0081 2900 isapnp - ok 15:08:11.0128 2900 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys 15:08:11.0175 2900 iScsiPrt - ok 15:08:11.0190 2900 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys 15:08:11.0221 2900 kbdclass - ok 15:08:11.0237 2900 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys 15:08:11.0284 2900 kbdhid - ok 15:08:11.0315 2900 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys 15:08:11.0362 2900 kdnic - ok 15:08:11.0393 2900 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe 15:08:11.0424 2900 KeyIso - ok 15:08:11.0456 2900 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:08:11.0502 2900 KSecDD - ok 15:08:11.0533 2900 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 15:08:11.0580 2900 KSecPkg - ok 15:08:11.0612 2900 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 15:08:11.0643 2900 ksthunk - ok 15:08:11.0689 2900 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll 15:08:11.0736 2900 KtmRm - ok 15:08:11.0768 2900 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll 15:08:11.0830 2900 LanmanServer - ok 15:08:11.0861 2900 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:08:11.0923 2900 LanmanWorkstation - ok 15:08:11.0955 2900 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:08:12.0017 2900 lltdio - ok 15:08:12.0064 2900 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:08:12.0126 2900 lltdsvc - ok 15:08:12.0142 2900 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:08:12.0204 2900 lmhosts - ok 15:08:12.0235 2900 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 15:08:12.0267 2900 LSI_SAS - ok 15:08:12.0314 2900 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 15:08:12.0345 2900 LSI_SAS2 - ok 15:08:12.0360 2900 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 15:08:12.0407 2900 LSI_SCSI - ok 15:08:12.0423 2900 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys 15:08:12.0469 2900 LSI_SSS - ok 15:08:12.0516 2900 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\Windows\System32\lsm.dll 15:08:12.0579 2900 LSM - ok 15:08:12.0594 2900 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys 15:08:12.0657 2900 luafv - ok 15:08:12.0672 2900 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys 15:08:12.0719 2900 megasas - ok 15:08:12.0735 2900 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 15:08:12.0797 2900 MegaSR - ok 15:08:12.0859 2900 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll 15:08:12.0906 2900 MMCSS - ok 15:08:12.0922 2900 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys 15:08:12.0984 2900 Modem - ok 15:08:13.0047 2900 [ B3918AF7EFFE7DF596AEA647CE939F1A ] monblanking C:\Windows\system32\DRIVERS\monblanking.sys 15:08:13.0062 2900 monblanking - ok 15:08:13.0109 2900 [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor C:\Windows\System32\drivers\monitor.sys 15:08:13.0172 2900 monitor - ok 15:08:13.0218 2900 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys 15:08:13.0250 2900 mouclass - ok 15:08:13.0265 2900 [ C0ADEBED913295803B579ED288936CBB ] mouhid C:\Windows\System32\drivers\mouhid.sys 15:08:13.0343 2900 mouhid - ok 15:08:13.0359 2900 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 15:08:13.0406 2900 mountmgr - ok 15:08:13.0437 2900 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:08:13.0499 2900 mpsdrv - ok 15:08:13.0562 2900 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll 15:08:13.0624 2900 MpsSvc - ok 15:08:13.0671 2900 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:08:13.0718 2900 MRxDAV - ok 15:08:13.0749 2900 [ 93179D48066918323628CB016D8C94DC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:08:13.0827 2900 mrxsmb - ok 15:08:13.0858 2900 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:08:13.0889 2900 mrxsmb10 - ok 15:08:13.0952 2900 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:08:13.0998 2900 mrxsmb20 - ok 15:08:14.0030 2900 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys 15:08:14.0092 2900 MsBridge - ok 15:08:14.0123 2900 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe 15:08:14.0154 2900 MSDTC - ok 15:08:14.0201 2900 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:08:14.0248 2900 Msfs - ok 15:08:14.0279 2900 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys 15:08:14.0310 2900 msgpiowin32 - ok 15:08:14.0342 2900 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 15:08:14.0373 2900 mshidkmdf - ok 15:08:14.0388 2900 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys 15:08:14.0420 2900 mshidumdf - ok 15:08:14.0451 2900 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:08:14.0482 2900 msisadrv - ok 15:08:14.0513 2900 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:08:14.0560 2900 MSiSCSI - ok 15:08:14.0560 2900 msiserver - ok 15:08:14.0591 2900 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:08:14.0654 2900 MSKSSRV - ok 15:08:14.0669 2900 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys 15:08:14.0716 2900 MsLldp - ok 15:08:14.0732 2900 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:08:14.0778 2900 MSPCLOCK - ok 15:08:14.0794 2900 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:08:14.0841 2900 MSPQM - ok 15:08:14.0856 2900 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:08:14.0919 2900 MsRPC - ok 15:08:14.0950 2900 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys 15:08:14.0981 2900 mssmbios - ok 15:08:15.0012 2900 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:08:15.0059 2900 MSTEE - ok 15:08:15.0075 2900 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys 15:08:15.0106 2900 MTConfig - ok 15:08:15.0137 2900 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys 15:08:15.0168 2900 Mup - ok 15:08:15.0184 2900 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys 15:08:15.0215 2900 mvumis - ok 15:08:15.0231 2900 [ C009123B206C56854F4E88596035231D ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 15:08:15.0262 2900 mwlPSDFilter - ok 15:08:15.0278 2900 [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 15:08:15.0309 2900 mwlPSDNServ - ok 15:08:15.0324 2900 [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 15:08:15.0340 2900 mwlPSDVDisk - ok 15:08:15.0387 2900 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll 15:08:15.0449 2900 napagent - ok 15:08:15.0480 2900 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:08:15.0527 2900 NativeWifiP - ok 15:08:15.0574 2900 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll 15:08:15.0605 2900 NcaSvc - ok 15:08:15.0636 2900 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll 15:08:15.0699 2900 NcdAutoSetup - ok 15:08:15.0761 2900 [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS C:\Windows\system32\drivers\ndis.sys 15:08:15.0855 2900 NDIS - ok 15:08:15.0886 2900 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 15:08:15.0948 2900 NdisCap - ok 15:08:15.0964 2900 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys 15:08:16.0026 2900 NdisImPlatform - ok 15:08:16.0058 2900 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:08:16.0104 2900 NdisTapi - ok 15:08:16.0136 2900 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:08:16.0182 2900 Ndisuio - ok 15:08:16.0198 2900 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:08:16.0245 2900 NdisWan - ok 15:08:16.0260 2900 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys 15:08:16.0307 2900 NDISWANLEGACY - ok 15:08:16.0354 2900 [ 3730942D7DB2F8BB5F84542B7FF6F650 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:08:16.0401 2900 NDProxy - ok 15:08:16.0432 2900 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys 15:08:16.0479 2900 Ndu - ok 15:08:16.0510 2900 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:08:16.0557 2900 NetBIOS - ok 15:08:16.0604 2900 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 15:08:16.0666 2900 NetBT - ok 15:08:16.0682 2900 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe 15:08:16.0713 2900 Netlogon - ok 15:08:16.0760 2900 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll 15:08:16.0838 2900 Netman - ok 15:08:16.0885 2900 [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm C:\Windows\System32\netprofmsvc.dll 15:08:16.0962 2900 netprofm - ok 15:08:17.0009 2900 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 15:08:17.0056 2900 NetTcpPortSharing - ok 15:08:17.0087 2900 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 15:08:17.0118 2900 nfrd960 - ok 15:08:17.0181 2900 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:08:17.0259 2900 NlaSvc - ok 15:08:17.0274 2900 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:08:17.0321 2900 Npfs - ok 15:08:17.0337 2900 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys 15:08:17.0384 2900 npsvctrig - ok 15:08:17.0415 2900 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll 15:08:17.0462 2900 nsi - ok 15:08:17.0493 2900 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:08:17.0540 2900 nsiproxy - ok 15:08:17.0633 2900 [ 76929F4A69E425911A63B407E26C2589 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:08:17.0774 2900 Ntfs - ok 15:08:17.0836 2900 [ 24802A206925A340DBA52ABF83C21315 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe 15:08:17.0867 2900 NTI IScheduleSvc - ok 15:08:17.0899 2900 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\windows\system32\drivers\NTIDrvr.sys 15:08:17.0914 2900 NTIDrvr - ok 15:08:17.0930 2900 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys 15:08:17.0976 2900 Null - ok 15:08:18.0008 2900 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:08:18.0055 2900 nvraid - ok 15:08:18.0070 2900 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:08:18.0101 2900 nvstor - ok 15:08:18.0117 2900 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:08:18.0164 2900 nv_agp - ok 15:08:18.0273 2900 [ E0506331F0454C347B28B2AE4BD14636 ] OfficeSvc C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe 15:08:18.0367 2900 OfficeSvc - ok 15:08:18.0460 2900 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:08:18.0491 2900 ose - ok 15:08:18.0523 2900 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 15:08:18.0601 2900 p2pimsvc - ok 15:08:18.0632 2900 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll 15:08:18.0694 2900 p2psvc - ok 15:08:18.0741 2900 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys 15:08:18.0772 2900 Parport - ok 15:08:18.0819 2900 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:08:18.0850 2900 partmgr - ok 15:08:18.0913 2900 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll 15:08:18.0975 2900 PcaSvc - ok 15:08:19.0006 2900 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys 15:08:19.0053 2900 pci - ok 15:08:19.0068 2900 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys 15:08:19.0115 2900 pciide - ok 15:08:19.0131 2900 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 15:08:19.0178 2900 pcmcia - ok 15:08:19.0209 2900 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys 15:08:19.0240 2900 pcw - ok 15:08:19.0271 2900 [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc C:\Windows\system32\drivers\pdc.sys 15:08:19.0318 2900 pdc - ok 15:08:19.0365 2900 [ 61FE70659CD43E07F94DA4DC31DEC493 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:08:19.0443 2900 PEAUTH - ok 15:08:19.0521 2900 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe 15:08:19.0583 2900 PerfHost - ok 15:08:19.0661 2900 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll 15:08:19.0771 2900 pla - ok 15:08:19.0817 2900 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:08:19.0849 2900 PlugPlay - ok 15:08:19.0880 2900 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 15:08:19.0927 2900 PNRPAutoReg - ok 15:08:19.0958 2900 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 15:08:20.0005 2900 PNRPsvc - ok 15:08:20.0036 2900 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:08:20.0114 2900 PolicyAgent - ok 15:08:20.0161 2900 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll 15:08:20.0207 2900 Power - ok 15:08:20.0223 2900 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:08:20.0285 2900 PptpMiniport - ok 15:08:20.0410 2900 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll 15:08:20.0551 2900 PrintNotify - ok 15:08:20.0598 2900 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys 15:08:20.0629 2900 Processor - ok 15:08:20.0660 2900 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll 15:08:20.0722 2900 ProfSvc - ok 15:08:20.0754 2900 [ AF038FA3D3748B7595FE7096AD803696 ] Ps2Kb2Hid C:\Windows\System32\drivers\aPs2Kb2Hid.sys 15:08:20.0785 2900 Ps2Kb2Hid - ok 15:08:20.0800 2900 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys 15:08:20.0863 2900 Psched - ok 15:08:20.0910 2900 [ A5B22EACF1DA28E19CC9F80D37978657 ] QRDCIO C:\Windows\System32\drivers\QRDCIO.sys 15:08:20.0956 2900 QRDCIO - ok 15:08:20.0972 2900 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll 15:08:21.0034 2900 QWAVE - ok 15:08:21.0081 2900 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:08:21.0112 2900 QWAVEdrv - ok 15:08:21.0144 2900 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:08:21.0190 2900 RasAcd - ok 15:08:21.0206 2900 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 15:08:21.0268 2900 RasAgileVpn - ok 15:08:21.0300 2900 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll 15:08:21.0362 2900 RasAuto - ok 15:08:21.0393 2900 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:08:21.0455 2900 Rasl2tp - ok 15:08:21.0487 2900 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll 15:08:21.0549 2900 RasMan - ok 15:08:21.0580 2900 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:08:21.0627 2900 RasPppoe - ok 15:08:21.0658 2900 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:08:21.0705 2900 RasSstp - ok 15:08:21.0736 2900 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:08:21.0799 2900 rdbss - ok 15:08:21.0830 2900 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys 15:08:21.0861 2900 rdpbus - ok 15:08:21.0892 2900 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 15:08:21.0955 2900 RDPDR - ok 15:08:22.0017 2900 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 15:08:22.0048 2900 RdpVideoMiniport - ok 15:08:22.0079 2900 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:08:22.0126 2900 RDPWD - ok 15:08:22.0142 2900 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 15:08:22.0189 2900 rdyboost - ok 15:08:22.0220 2900 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:08:22.0298 2900 RemoteAccess - ok 15:08:22.0345 2900 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:08:22.0407 2900 RemoteRegistry - ok 15:08:22.0454 2900 [ CF59781FCB68F859EB6C835ED285211D ] RfButtonDriverService C:\Windows\RfBtnSvc64.exe 15:08:22.0469 2900 RfButtonDriverService - ok 15:08:22.0516 2900 [ CCBFCABDFE2BC22F0645CEAADDB36004 ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys 15:08:22.0563 2900 RFCOMM - ok 15:08:22.0610 2900 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 15:08:22.0657 2900 RpcEptMapper - ok 15:08:22.0688 2900 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe 15:08:22.0735 2900 RpcLocator - ok 15:08:22.0782 2900 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll 15:08:22.0844 2900 RpcSs - ok 15:08:22.0875 2900 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:08:22.0922 2900 rspndr - ok 15:08:22.0953 2900 [ 34DA0D14F5C3F1883A331AFB975AB434 ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys 15:08:23.0015 2900 RTL8168 - ok 15:08:23.0031 2900 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys 15:08:23.0062 2900 s3cap - ok 15:08:23.0109 2900 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe 15:08:23.0140 2900 SamSs - ok 15:08:23.0172 2900 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:08:23.0203 2900 sbp2port - ok 15:08:23.0234 2900 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:08:23.0312 2900 SCardSvr - ok 15:08:23.0328 2900 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 15:08:23.0374 2900 scfilter - ok 15:08:23.0437 2900 [ ED40ED9A65F3E79A8C43DD50C5FDADBF ] Schedule C:\Windows\system32\schedsvc.dll 15:08:23.0546 2900 Schedule - ok 15:08:23.0593 2900 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll 15:08:23.0624 2900 SCPolicySvc - ok 15:08:23.0671 2900 [ 047315E75392CEA447ACC86257824C16 ] sdbus C:\Windows\System32\drivers\sdbus.sys 15:08:23.0718 2900 sdbus - ok 15:08:23.0749 2900 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:08:23.0827 2900 SDRSVC - ok 15:08:23.0874 2900 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys 15:08:23.0905 2900 sdstor - ok 15:08:23.0936 2900 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:08:23.0983 2900 secdrv - ok 15:08:24.0014 2900 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll 15:08:24.0061 2900 seclogon - ok 15:08:24.0092 2900 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll 15:08:24.0154 2900 SENS - ok 15:08:24.0170 2900 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll 15:08:24.0232 2900 SensrSvc - ok 15:08:24.0248 2900 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys 15:08:24.0295 2900 SerCx - ok 15:08:24.0310 2900 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys 15:08:24.0342 2900 Serenum - ok 15:08:24.0357 2900 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys 15:08:24.0404 2900 Serial - ok 15:08:24.0420 2900 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys 15:08:24.0451 2900 sermouse - ok 15:08:24.0498 2900 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll 15:08:24.0576 2900 SessionEnv - ok 15:08:24.0591 2900 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys 15:08:24.0622 2900 sfloppy - ok 15:08:24.0669 2900 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:08:24.0716 2900 SharedAccess - ok 15:08:24.0747 2900 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:08:24.0872 2900 ShellHWDetection - ok 15:08:24.0872 2900 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 15:08:24.0919 2900 SiSRaid2 - ok 15:08:24.0934 2900 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 15:08:24.0981 2900 SiSRaid4 - ok 15:08:25.0012 2900 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:08:25.0075 2900 SNMPTRAP - ok 15:08:25.0122 2900 [ 872E937681910E2456A054331C7D5A18 ] spaceport C:\Windows\system32\drivers\spaceport.sys 15:08:25.0168 2900 spaceport - ok 15:08:25.0184 2900 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys 15:08:25.0231 2900 SpbCx - ok 15:08:25.0262 2900 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe 15:08:25.0356 2900 Spooler - ok 15:08:25.0496 2900 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe 15:08:25.0714 2900 sppsvc - ok 15:08:25.0746 2900 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys 15:08:25.0808 2900 srv - ok 15:08:25.0855 2900 [ 56218A571ECF8D55E0CDFF8DF2546CF1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:08:25.0948 2900 srv2 - ok 15:08:25.0980 2900 [ 14FC338B80CFF7E04215133B568D15C4 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:08:26.0011 2900 srvnet - ok 15:08:26.0058 2900 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:08:26.0104 2900 SSDPSRV - ok 15:08:26.0120 2900 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:08:26.0182 2900 SstpSvc - ok 15:08:26.0214 2900 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys 15:08:26.0260 2900 stexstor - ok 15:08:26.0292 2900 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll 15:08:26.0354 2900 stisvc - ok 15:08:26.0401 2900 [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci C:\Windows\system32\drivers\storahci.sys 15:08:26.0432 2900 storahci - ok 15:08:26.0463 2900 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys 15:08:26.0494 2900 storflt - ok 15:08:26.0510 2900 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll 15:08:26.0588 2900 StorSvc - ok 15:08:26.0619 2900 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys 15:08:26.0635 2900 storvsc - ok 15:08:26.0666 2900 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll 15:08:26.0728 2900 svsvc - ok 15:08:26.0744 2900 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys 15:08:26.0791 2900 swenum - ok 15:08:26.0822 2900 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll 15:08:26.0900 2900 swprv - ok 15:08:26.0963 2900 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll 15:08:27.0072 2900 SysMain - ok 15:08:27.0119 2900 [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll 15:08:27.0181 2900 SystemEventsBroker - ok 15:08:27.0212 2900 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll 15:08:27.0259 2900 TabletInputService - ok 15:08:27.0290 2900 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll 15:08:27.0337 2900 TapiSrv - ok 15:08:27.0415 2900 [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:08:27.0587 2900 Tcpip - ok 15:08:27.0649 2900 [ B6D52E2C38B49A156E58FF5B9C6CA8BE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 15:08:27.0789 2900 TCPIP6 - ok 15:08:27.0821 2900 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:08:27.0883 2900 tcpipreg - ok 15:08:27.0914 2900 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:08:27.0961 2900 tdx - ok 15:08:27.0992 2900 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys 15:08:28.0023 2900 terminpt - ok 15:08:28.0070 2900 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll 15:08:28.0133 2900 TermService - ok 15:08:28.0148 2900 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll 15:08:28.0211 2900 Themes - ok 15:08:28.0257 2900 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll 15:08:28.0304 2900 THREADORDER - ok 15:08:28.0351 2900 [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll 15:08:28.0398 2900 TimeBroker - ok 15:08:28.0445 2900 [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM C:\Windows\system32\drivers\tpm.sys 15:08:28.0476 2900 TPM - ok 15:08:28.0507 2900 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll 15:08:28.0554 2900 TrkWks - ok 15:08:28.0616 2900 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:08:28.0663 2900 TrustedInstaller - ok 15:08:28.0710 2900 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 15:08:28.0757 2900 TsUsbFlt - ok 15:08:28.0772 2900 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys 15:08:28.0803 2900 TsUsbGD - ok 15:08:28.0835 2900 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:08:28.0897 2900 tunnel - ok 15:08:28.0913 2900 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys 15:08:28.0944 2900 uagp35 - ok 15:08:28.0959 2900 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys 15:08:29.0006 2900 UASPStor - ok 15:08:29.0006 2900 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\windows\system32\drivers\UBHelper.sys 15:08:29.0037 2900 UBHelper - ok 15:08:29.0069 2900 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys 15:08:29.0115 2900 UCX01000 - ok 15:08:29.0147 2900 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:08:29.0225 2900 udfs - ok 15:08:29.0256 2900 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:08:29.0318 2900 UI0Detect - ok 15:08:29.0349 2900 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:08:29.0396 2900 uliagpkx - ok 15:08:29.0412 2900 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys 15:08:29.0459 2900 umbus - ok 15:08:29.0474 2900 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys 15:08:29.0505 2900 UmPass - ok 15:08:29.0552 2900 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll 15:08:29.0599 2900 UmRdpService - ok 15:08:29.0646 2900 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll 15:08:29.0708 2900 upnphost - ok 15:08:29.0739 2900 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\System32\Drivers\usbaapl64.sys 15:08:29.0786 2900 USBAAPL64 - ok 15:08:29.0818 2900 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys 15:08:29.0880 2900 usbccgp - ok 15:08:29.0895 2900 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys 15:08:29.0973 2900 usbcir - ok 15:08:30.0020 2900 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys 15:08:30.0051 2900 usbehci - ok 15:08:30.0083 2900 [ 4875DC63E548812C75D4FDEF84970C89 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 15:08:30.0098 2900 usbfilter - ok 15:08:30.0161 2900 [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub C:\Windows\System32\drivers\usbhub.sys 15:08:30.0223 2900 usbhub - ok 15:08:30.0254 2900 [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys 15:08:30.0317 2900 USBHUB3 - ok 15:08:30.0332 2900 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys 15:08:30.0379 2900 usbohci - ok 15:08:30.0410 2900 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys 15:08:30.0473 2900 usbprint - ok 15:08:30.0504 2900 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS 15:08:30.0535 2900 USBSTOR - ok 15:08:30.0566 2900 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys 15:08:30.0597 2900 usbuhci - ok 15:08:30.0629 2900 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 15:08:30.0691 2900 usbvideo - ok 15:08:30.0754 2900 [ 11C0CF143D246E2F0E9BDBF17A0CC70B ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS 15:08:30.0816 2900 USBXHCI - ok 15:08:30.0831 2900 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe 15:08:30.0863 2900 VaultSvc - ok 15:08:30.0909 2900 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 15:08:30.0941 2900 vdrvroot - ok 15:08:31.0003 2900 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe 15:08:31.0081 2900 vds - ok 15:08:31.0097 2900 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys 15:08:31.0144 2900 VerifierExt - ok 15:08:31.0175 2900 [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys 15:08:31.0237 2900 vhdmp - ok 15:08:31.0253 2900 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys 15:08:31.0300 2900 viaide - ok 15:08:31.0315 2900 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys 15:08:31.0346 2900 vmbus - ok 15:08:31.0362 2900 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys 15:08:31.0393 2900 VMBusHID - ok 15:08:31.0440 2900 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll 15:08:31.0487 2900 vmicheartbeat - ok 15:08:31.0502 2900 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll 15:08:31.0549 2900 vmickvpexchange - ok 15:08:31.0565 2900 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll 15:08:31.0612 2900 vmicrdv - ok 15:08:31.0627 2900 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll 15:08:31.0658 2900 vmicshutdown - ok 15:08:31.0674 2900 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll 15:08:31.0721 2900 vmictimesync - ok 15:08:31.0736 2900 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll 15:08:31.0783 2900 vmicvss - ok 15:08:31.0814 2900 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:08:31.0846 2900 volmgr - ok 15:08:31.0877 2900 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:08:31.0939 2900 volmgrx - ok 15:08:31.0955 2900 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:08:32.0002 2900 volsnap - ok 15:08:32.0033 2900 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys 15:08:32.0064 2900 vpci - ok 15:08:32.0111 2900 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 15:08:32.0142 2900 vsmraid - ok 15:08:32.0220 2900 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe 15:08:32.0314 2900 VSS - ok 15:08:32.0345 2900 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys 15:08:32.0392 2900 VSTXRAID - ok 15:08:32.0407 2900 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 15:08:32.0454 2900 vwifibus - ok 15:08:32.0470 2900 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 15:08:32.0516 2900 vwififlt - ok 15:08:32.0548 2900 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 15:08:32.0579 2900 vwifimp - ok 15:08:32.0610 2900 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll 15:08:32.0672 2900 W32Time - ok 15:08:32.0688 2900 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys 15:08:32.0735 2900 WacomPen - ok 15:08:32.0782 2900 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 15:08:32.0828 2900 Wanarp - ok 15:08:32.0844 2900 [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:08:32.0875 2900 Wanarpv6 - ok 15:08:32.0938 2900 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe 15:08:33.0062 2900 wbengine - ok 15:08:33.0094 2900 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 15:08:33.0140 2900 WbioSrvc - ok 15:08:33.0156 2900 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll 15:08:33.0203 2900 Wcmsvc - ok 15:08:33.0250 2900 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:08:33.0312 2900 wcncsvc - ok 15:08:33.0343 2900 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:08:33.0406 2900 WcsPlugInService - ok 15:08:33.0421 2900 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys 15:08:33.0452 2900 Wd - ok 15:08:33.0499 2900 [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys 15:08:33.0562 2900 WdBoot - ok 15:08:33.0624 2900 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:08:33.0686 2900 Wdf01000 - ok 15:08:33.0702 2900 [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter C:\Windows\system32\drivers\WdFilter.sys 15:08:33.0749 2900 WdFilter - ok 15:08:33.0780 2900 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:08:33.0858 2900 WdiServiceHost - ok 15:08:33.0858 2900 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:08:33.0920 2900 WdiSystemHost - ok 15:08:33.0952 2900 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll 15:08:34.0014 2900 WebClient - ok 15:08:34.0045 2900 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:08:34.0108 2900 Wecsvc - ok 15:08:34.0139 2900 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:08:34.0264 2900 wercplsupport - ok 15:08:34.0295 2900 [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc C:\Windows\System32\WerSvc.dll 15:08:34.0388 2900 WerSvc - ok 15:08:34.0420 2900 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys 15:08:34.0451 2900 WFPLWFS - ok 15:08:34.0482 2900 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll 15:08:34.0513 2900 WiaRpc - ok 15:08:34.0545 2900 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 15:08:34.0576 2900 WIMMount - ok 15:08:34.0623 2900 WinDefend - ok 15:08:34.0700 2900 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll 15:08:34.0778 2900 WinHttpAutoProxySvc - ok 15:08:34.0841 2900 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:08:34.0888 2900 Winmgmt - ok 15:08:34.0981 2900 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll 15:08:35.0137 2900 WinRM - ok 15:08:35.0184 2900 [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 15:08:35.0262 2900 WinUsb - ok 15:08:35.0324 2900 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll 15:08:35.0418 2900 WlanSvc - ok 15:08:35.0512 2900 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\Windows\system32\wlidsvc.dll 15:08:35.0621 2900 wlidsvc - ok 15:08:35.0668 2900 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys 15:08:35.0699 2900 WmiAcpi - ok 15:08:35.0730 2900 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:08:35.0777 2900 wmiApSrv - ok 15:08:35.0808 2900 WMPNetworkSvc - ok 15:08:35.0839 2900 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys 15:08:35.0902 2900 wpcfltr - ok 15:08:35.0949 2900 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:08:35.0995 2900 WPCSvc - ok 15:08:36.0042 2900 [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:08:36.0105 2900 WPDBusEnum - ok 15:08:36.0136 2900 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys 15:08:36.0182 2900 WpdUpFltr - ok 15:08:36.0214 2900 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:08:36.0245 2900 ws2ifsl - ok 15:08:36.0292 2900 [ 012CFE7F0F95266F554EE3B91EE2128A ] wscsvc C:\Windows\System32\wscsvc.dll 15:08:36.0339 2900 wscsvc - ok 15:08:36.0385 2900 [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys 15:08:36.0432 2900 WSDPrintDevice - ok 15:08:36.0448 2900 [ FA07DF46070F0826139709EF4D31FB71 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys 15:08:36.0495 2900 WSDScan - ok 15:08:36.0510 2900 WSearch - ok 15:08:36.0619 2900 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll 15:08:36.0807 2900 WSService - ok 15:08:36.0916 2900 [ 79F95469604B77296346DE7DB463EA2A ] wuauserv C:\Windows\system32\wuaueng.dll 15:08:37.0087 2900 wuauserv - ok 15:08:37.0119 2900 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 15:08:37.0165 2900 WudfPf - ok 15:08:37.0197 2900 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys 15:08:37.0228 2900 WUDFRd - ok 15:08:37.0275 2900 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:08:37.0306 2900 wudfsvc - ok 15:08:37.0321 2900 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys 15:08:37.0368 2900 WUDFWpdFs - ok 15:08:37.0384 2900 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys 15:08:37.0415 2900 WUDFWpdMtp - ok 15:08:37.0462 2900 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll 15:08:37.0540 2900 WwanSvc - ok 15:08:37.0587 2900 ================ Scan global =============================== 15:08:37.0618 2900 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll 15:08:37.0665 2900 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll 15:08:37.0711 2900 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll 15:08:37.0727 2900 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe 15:08:37.0743 2900 [Global] - ok 15:08:37.0743 2900 ================ Scan MBR ================================== 15:08:37.0774 2900 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0 15:08:37.0883 2900 \Device\Harddisk0\DR0 - ok 15:08:37.0883 2900 ================ Scan VBR ================================== 15:08:37.0930 2900 [ 949F4EC49DEC12730FA5EDE3267FE7F0 ] \Device\Harddisk0\DR0\Partition1 15:08:37.0930 2900 \Device\Harddisk0\DR0\Partition1 - ok 15:08:37.0945 2900 [ 544444B693E784A190EA47F6630CFE37 ] \Device\Harddisk0\DR0\Partition2 15:08:37.0945 2900 \Device\Harddisk0\DR0\Partition2 - ok 15:08:37.0961 2900 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3 15:08:37.0961 2900 \Device\Harddisk0\DR0\Partition3 - ok 15:08:37.0992 2900 [ 172B2F924116EA43188397B2E0CD0B7B ] \Device\Harddisk0\DR0\Partition4 15:08:37.0992 2900 \Device\Harddisk0\DR0\Partition4 - ok 15:08:38.0023 2900 [ DEED9003224E47F066750F2FAB071879 ] \Device\Harddisk0\DR0\Partition5 15:08:38.0039 2900 \Device\Harddisk0\DR0\Partition5 - ok 15:08:38.0039 2900 ============================================================ 15:08:38.0039 2900 Scan finished 15:08:38.0039 2900 ============================================================ 15:08:38.0070 4064 Detected object count: 0 15:08:38.0070 4064 Actual detected object count: 0 15:09:03.0924 5760 Deinitialize success |
23.05.2013, 14:27 | #11 |
/// Malware-holic | Delta Search Babylon Sehr gut. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.05.2013, 10:19 | #12 |
| Delta Search Babylon Hallo, hab nun Malwarebytes durchgeführt, Log: Malwarebytes Anti-Malware 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.05.27.01 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16580 **** :: **** [Administrator] 27.05.2013 09:39:58 mbam-log-2013-05-27 (09-39-58).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 449715 Laufzeit: 1 Stunde(n), 28 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\****\AppData\Local\Temp\is357113909\49822882_Setup.EXE (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
27.05.2013, 18:28 | #13 |
/// Malware-holic | Delta Search Babylon Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.05.2013, 09:18 | #14 |
| Delta Search Babylon 7-Zip 9.30 (x64 edition) Igor Pavlov 22.02.2013 4,33MB 9.30.00.0 notwendig Acer Backup Manager NTI Corporation 31.08.2012 178MB 4.0.0.0059 notwendig Acer Device Fast-lane Acer Incorporated 31.08.2012 2,43MB 1.00.3007 notwendig Acer Device Fast-lane Acer Incorporated 31.08.2012 1.00.3007 notwendig Acer Power Management Acer Incorporated 23.10.2012 17,2MB 7.00.3006 notwendig Acer Power Management Acer Incorporated 23.10.2012 7.00.3006 notwendig Acer Recovery Management Acer Incorporated 31.08.2012 9,84MB 6.00.3011 notwendig AcerCloud Acer Incorporated 23.10.2012 2.01.3115 notwendig AcerCloud Acer Incorporated 23.10.2012 2.01.3115 notwendig AcerCloud Docs Acer Incorporated 23.10.2012 38,5MB 1.00.3201 notwendig AcerCloud Docs Acer Incorporated 23.10.2012 1.00.3201 notwendig Adobe AIR Adobe Systems Incorporated 02.05.2013 3.7.0.1530 notwendig Adobe Download Assistant Adobe Systems Incorporated 02.05.2013 1.2.5 notwendig Adobe Reader XI (11.0.02) - Deutsch Adobe Systems Incorporated 21.02.2013 133MB 11.0.02 notwendig Alcor Micro USB Card Reader Alcor Micro Corp. 23.10.2012 2,97MB 3.4.42.61513 notwendig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 23.10.2012 26,3MB 8.0.881.0 unbekannt Apple Application Support Apple Inc. 27.04.2013 62,7MB 2.3.3 notwendig Apple Mobile Device Support Apple Inc. 27.04.2013 27,5MB 6.1.0.13 notwendig Apple Software Update Apple Inc. 27.04.2013 2,38MB 2.1.3.127 notwendig AudibleManager Audible, Inc. 06.04.2013 18414980.4759644.48.2004352386 notwendig Avira Antivirus Premium Avira 08.05.2013 144MB 13.0.0.3640 notwendig Bonjour Apple Inc. 27.04.2013 2,00MB 3.0.0.10 unbekannt Canon MG5200 series MP Drivers 07.04.2013 notwendig CCleaner Piriform 24.05.2013 4.02 notwendig Citavi Swiss Academic Software 21.02.2013 71,0MB 3.4.0.2 notwendig clear.fi Media Acer Incorporated 23.10.2012 2.01.3108 notwendig clear.fi Media Acer Incorporated 23.10.2012 2.01.3108 notwendig clear.fi Photo Acer Incorporated 23.10.2012 2.01.3108 notwendig clear.fi Photo Acer Incorporated 23.10.2012 2.01.3108 notwendig CutePDF Writer 3.0 CutePDF.com 21.02.2013 3.0 notwendig Dropbox Dropbox, Inc. 21.05.2013 2.0.16 notwendig ETDWare PS/2-X64 11.6.8.001_WHQL ELAN Microelectronic Corp. 23.10.2012 11.6.8.001 notwendig f4 2012 audiotranskription.de 10.04.2013 unnötig GMX Softwareaktualisierung 1&1 Mail & Media GmbH 16.04.2013 3.0.0.53 unnötig Google Calendar Sync 20.04.2013 notwendig Google Chrome Google Inc. 28.05.2013 27.0.1453.94 notwendig Google Toolbar for Internet Explorer Google Inc. 21.02.2013 7.4.3607.2246 notwendig GoToMyPC Citrix Online 22.04.2013 32,5MB 8.0.943 notwendig Identity Card Acer Incorporated 31.08.2012 1,83MB 2.00.3004 notwendig iMindMap 6 ThinkBuzan 21.05.2013 214MB 6.0.641 notwendig iTunes Apple Inc. 27.04.2013 187MB 11.0.2.26 notwendig Launch Manager Acer Inc. 23.10.2012 7.0.4 notwendig Live Updater Acer Incorporated 31.08.2012 3,41MB 2.00.3004 notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 27.05.2013 19,3MB 1.75.0.1300 notwendig Microsoft Office 365 Home Premium - de-de Microsoft Corporation 15.04.2013 15.0.4481.1510 notwendig Microsoft S/MIME Microsoft Corporation 21.05.2013 2,20MB 14.2.247.1 unbekannt Microsoft Silverlight Microsoft Corporation 21.05.2013 22,6MB 5.0.61118.0 unbekannt Microsoft SkyDrive Microsoft Corporation 20.03.2013 26,5MB 17.0.2006.0314 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 23.10.2012 4,84MB 8.0.59193 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 23.10.2012 13,1MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 23.10.2012 8,85MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 23.10.2012 10,1MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 23.10.2012 12,1MB 10.0.30319 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 06.04.2013 11,1MB 10.0.40219 unbekannt Mobile Partner Huawei Technologies Co.,Ltd 26.02.2013 11.300.05.00.382 notwendig MyWinLocker Suite Egis Technology Inc. 31.08.2012 6,32MB 4.0.14.24 unbekannt Qualcomm Atheros Bluetooth Suite (64) Ihr Firmenname 23.10.2012 111MB 8.0.0.206 notwendig Qualcomm Atheros WiFi Driver Installation Qualcomm Atheros 20.02.2013 11.31 notwendig Realtek Ethernet Controller Driver Realtek 23.10.2012 8.3.730.2012 notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 23.10.2012 6.0.1.6657 notwendig Recovery Management Acer Incorporated 31.08.2012 9,84MB 6.00.3011 notwendig Shared C Run-time for x64 McAfee 31.08.2012 2,78MB 10.0.0 unbekannt Spotify Spotify AB 23.10.2012 0.8.4.99.ga249b5f1 notwendig Update for Image Editor 21.05.2013 unbekannt Visual Studio 2005 Tools for Office Second Edition Runtime Microsoft Corporation 23.10.2012 notwendig Visual Studio Tools for the Office system 3.0 Runtime Microsoft Corporation 23.10.2012 notwendig Windows-Treiberpaket - Citrix Systems monblanking Citrix Driver (06/27/2012 6.3.0.48) Citrix Systems 22.04.2013 06/27/2012 6.3.0.48 notwendig |
28.05.2013, 09:50 | #15 |
/// Malware-holic | Delta Search Babylon adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: f4 GMX Google Toolbar : finger bitte weg von Toolbars, sind nur ein unnützes Risiko und können den Browser verlangsamen. Öffne bitte CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Delta Search Babylon |
adobe, adobe reader xi, appdata, avg, avira antivir, defender, desktop, downloader, escan, eset, explorer, falsch, firefox, folge, internet explorer, log, problem, programm, screen, seite, system, temp, total, variant, win, win32/adware.addlyrics.b, öffnen |