| |
| |||||||
Log-Analyse und Auswertung: PC "hängt" sich bei jedem zweiten Start aufWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.05.2013, 13:18
| #1 |
 |  PC "hängt" sich bei jedem zweiten Start auf Hallo, ich habe folgendes Problem: Seit einigen Tagen hängt sich mein PC bei jedem zweiten Neustart auf. Sobald die Windows Oberfläche erscheint, wird alles unglaublich langsam bis dann letzten endes gar nichts mehr geht. Daraufhin habe ich Spybot gestartet und prompt einige Schädlinge gefunden, welche ich dann auch entfernen ließ. Jedoch war das Problem nicht behoben, sondern nach dem nächsten Start erneut vorhanden. Bei Spybot waren dann die gleichen Schädlinge erneut vorhanden. Da liegt die vermutung nahe, dass da ein größerer Schädling am Werke ist... Hier erst mal ein Screenshot von Spybot:  OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.05.2013 12:33:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,79 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 53,88% Memory free 7,59 Gb Paging File | 5,31 Gb Available in Paging File | 69,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 116,44 Gb Total Space | 27,85 Gb Free Space | 23,92% Space Free | Partition Type: NTFS Drive D: | 329,79 Gb Total Space | 303,18 Gb Free Space | 91,93% Space Free | Partition Type: NTFS Computer Name: xxx| User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.23 12:12:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.03.31 14:57:08 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.10.31 19:50:37 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe PRC - [2011.06.15 14:59:50 | 000,737,016 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe PRC - [2011.06.05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.07.23 10:58:28 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2010.01.13 18:19:42 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.01.13 18:11:52 | 007,109,248 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.01.05 22:59:12 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.10.21 21:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.09.16 02:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2009.07.31 19:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2009.07.06 23:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2012.12.05 19:09:41 | 002,148,376 | ---- | M] () -- c:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll MOD - [2010.10.16 20:55:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2009.11.24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009.09.16 02:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Services (SafeList) ========== SRV:64bit: - [2010.03.05 19:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2010.03.05 19:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2010.03.05 19:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2009.09.17 20:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009.08.06 23:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013.05.15 18:51:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.02.07 14:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.31 19:50:37 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP) SRV - [2012.05.20 09:46:14 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.06.15 14:59:50 | 000,737,016 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2011.06.05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.31 19:51:07 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012.08.17 10:19:09 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.08.17 10:19:09 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.06.05 07:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.04.29 11:20:20 | 000,182,912 | ---- | M] (Etron) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETdrv.sys -- (usbet) DRV:64bit: - [2010.04.28 09:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.04.16 20:45:50 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010.03.18 07:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2010.02.27 01:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.03 15:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009.12.17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.11.05 14:43:20 | 000,171,328 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF05BDA.sys -- (AF05BDA) DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.27 08:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.10.27 08:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.10.15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:64bit: - [2009.09.04 07:39:07 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009.08.21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.08.20 20:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009.08.06 23:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009.07.21 03:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.18 21:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009.03.02 15:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT) DRV:64bit: - [2009.03.02 15:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp) DRV:64bit: - [2009.01.19 20:32:22 | 000,334,344 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV:64bit: - [2008.03.17 11:06:14 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = xxx://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = xxx://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = xxx://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = xxx://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = xxx://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = xxx://search.babylon.com/?affID=109727&tt=4912_6&babsrc=HP_ss&mntrId=0280c9fa00000000000000ffbca58e77 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = xxx://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = xxx://www.google.de/ IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {36377DD7-B3EB-42f5-986F-680BAF59BA9D} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = xxx://search.babylon.com/?q={searchTerms}&affID=109727&tt=4912_6&babsrc=SP_ss&mntrId=0280c9fa00000000000000ffbca58e77 IE - HKCU\..\SearchScopes\{3155F970-9B3E-42A3-B160-3BFCC7E60A5E}: "URL" = xxx://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = xxx://start.iplay.com.anonymize-me.de/?anonymto=687474703A2F2F73746172742E69706C61792E636F6D2F736561726368726573756C74732E617370783F6F3D6368726F6D6526713D7B7365617263685465726D737D&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{467DA644-740C-4174-B277-417C777C8B4E}: "URL" = xxx://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{4DC23A62-8D0A-4816-B3F0-F1B6D011A9F4}: "URL" = xxx://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = xxx://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F736F7572636569643D69653726713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26726C7A3D31493741535554&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = xxx://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{9B8AE43E-E413-4740-B106-16347206B225}: "URL" = xxx://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{9D74131B-069E-4B23-A3B6-72D98F8B829D}: "URL" = xxx://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{B54A8AB4-D861-46A1-9BCC-D057C638DE56}: "URL" = xxx://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=43686F3E-7569-40CC-9452-50F7B306650D&apn_sauid=DB71A1F1-BB3E-4055-A2D4-4E839BCD3E5B IE - HKCU\..\SearchScopes\{FCC17968-013D-42DA-B93A-319875F1A04D}: "URL" = xxx://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=07a7b54a-a63f-4bbc-b580-27f007a0faea&pid=freewarede&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.05 17:26:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.31 19:51:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.31 19:51:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.31 19:51:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.05 17:26:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.08 19:43:58 | 000,000,000 | ---D | M] O1 HOSTS File: ([2013.05.17 22:53:33 | 000,444,830 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15276 more lines... O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Preispilot) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll () O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class) O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://192.168.2.104/codebase/DVM_IPCam2.ocx (DVM_IPCam2 Control) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{163805D3-6748-4978-BC33-7C22BDF6E1DA}: NameServer = 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97A8A01B-E4B8-4AA0-853D-B81DF7BBDE11}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll () O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0f529238-3a25-11e1-b307-20cf3024c27f}\Shell - "" = AutoRun O33 - MountPoints2\{0f529238-3a25-11e1-b307-20cf3024c27f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0f52923b-3a25-11e1-b307-20cf3024c27f}\Shell - "" = AutoRun O33 - MountPoints2\{0f52923b-3a25-11e1-b307-20cf3024c27f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0f52923e-3a25-11e1-b307-20cf3024c27f}\Shell - "" = AutoRun O33 - MountPoints2\{0f52923e-3a25-11e1-b307-20cf3024c27f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{cbb3191e-6c5d-11e1-8df4-20cf3024c27f}\Shell - "" = AutoRun O33 - MountPoints2\{cbb3191e-6c5d-11e1-8df4-20cf3024c27f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{df39c492-d6c1-11e0-aa72-20cf3024c27f}\Shell - "" = AutoRun O33 - MountPoints2\{df39c492-d6c1-11e0-aa72-20cf3024c27f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{df39c496-d6c1-11e0-aa72-20cf3024c27f}\Shell - "" = AutoRun O33 - MountPoints2\{df39c496-d6c1-11e0-aa72-20cf3024c27f}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.23 12:12:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2013.05.23 09:06:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2013.05.16 21:26:28 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2013.05.06 18:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearProg [2013.05.06 18:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClearProg [2013.05.06 17:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.05.06 17:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.05.06 17:41:13 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.05.06 17:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.05.06 17:40:41 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Programs [2013.05.03 14:26:43 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.04.27 14:11:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks [2013.04.27 14:07:28 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2013.04.23 17:35:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\APN [2013.04.23 17:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2013.04.23 17:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.04.23 17:25:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.23 17:25:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2008.08.12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.23 12:21:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.23 12:12:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe [2013.05.23 12:10:55 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable [2013.05.23 12:09:34 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe [2013.05.23 11:57:24 | 003,626,248 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.23 11:57:24 | 001,511,850 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.23 11:57:24 | 001,080,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.23 11:57:24 | 000,963,776 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.23 11:57:24 | 000,005,398 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.23 11:51:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.23 10:58:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.23 09:06:09 | 000,002,939 | ---- | M] () -- C:\Users\xxx\Desktop\HiJackThis.lnk [2013.05.23 08:25:34 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 08:25:34 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.23 08:18:18 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.23 08:17:52 | 3055,706,112 | -HS- | M] () -- C:\hiberfil.sys [2013.05.22 21:06:15 | 000,000,809 | ---- | M] () -- C:\Windows\wininit.ini [2013.05.20 09:52:18 | 000,687,616 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520095155.Avi [2013.05.20 09:46:11 | 005,267,968 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520094504.Avi [2013.05.20 09:44:30 | 005,190,656 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520094324.Avi [2013.05.20 09:40:10 | 005,268,992 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520093903.Avi [2013.05.20 09:37:49 | 004,963,328 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520093645.Avi [2013.05.20 09:35:41 | 005,220,352 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520093434.Avi [2013.05.20 09:31:33 | 005,848,064 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520093018.Avi [2013.05.20 09:26:51 | 005,157,888 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520092544.Avi [2013.05.20 09:25:37 | 005,232,128 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520092430.Avi [2013.05.20 09:24:05 | 005,235,712 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520092258.Avi [2013.05.20 09:22:36 | 005,568,512 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520092124.Avi [2013.05.20 09:20:22 | 005,238,784 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520091915.Avi [2013.05.20 09:18:53 | 005,190,144 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520091746.Avi [2013.05.20 09:16:23 | 005,223,936 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520091516.Avi [2013.05.20 09:10:33 | 005,203,968 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520090926.Avi [2013.05.20 09:05:07 | 005,210,112 | ---- | M] () -- C:\Users\Public\Documents\encam_20130520090400.Avi [2013.05.18 12:40:22 | 010,056,192 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518123804.Avi [2013.05.18 12:21:15 | 009,410,048 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518121903.Avi [2013.05.18 11:34:37 | 005,140,992 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518113330.Avi [2013.05.18 11:10:25 | 005,128,192 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518110918.Avi [2013.05.18 11:08:33 | 005,127,168 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518110727.Avi [2013.05.18 11:02:08 | 005,135,872 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518110100.Avi [2013.05.18 10:45:47 | 005,136,896 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518104440.Avi [2013.05.18 10:07:54 | 005,088,256 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518100648.Avi [2013.05.18 09:50:06 | 005,089,280 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518094900.Avi [2013.05.18 09:48:05 | 005,133,824 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518094657.Avi [2013.05.18 09:41:16 | 005,135,360 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518094009.Avi [2013.05.18 09:34:07 | 005,170,176 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518093257.Avi [2013.05.18 09:31:20 | 005,095,936 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518093013.Avi [2013.05.18 09:28:52 | 005,157,376 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518092745.Avi [2013.05.18 09:19:08 | 005,091,328 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518091802.Avi [2013.05.18 09:17:01 | 005,325,824 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518091551.Avi [2013.05.18 08:57:26 | 005,359,104 | ---- | M] () -- C:\Users\Public\Documents\encam_20130518085616.Avi [2013.05.17 22:53:33 | 000,444,830 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.05.17 16:53:32 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2013.05.17 13:43:47 | 000,418,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.13 18:51:05 | 000,444,830 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130517-225333.backup [2013.05.12 15:10:21 | 000,101,067 | ---- | M] () -- C:\Users\xxx\Documents\xxx [2013.05.07 16:29:42 | 000,002,132 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini [2013.05.07 16:29:41 | 000,001,737 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013.05.06 18:03:31 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\ClearProg.lnk [2013.05.06 17:41:18 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.27 14:07:28 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.23 12:10:55 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable [2013.05.23 12:09:34 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe [2013.05.23 09:06:09 | 000,002,939 | ---- | C] () -- C:\Users\xxx\Desktop\HiJackThis.lnk [2013.05.22 21:06:15 | 000,000,809 | ---- | C] () -- C:\Windows\wininit.ini [2013.05.20 09:51:55 | 000,687,616 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520095155.Avi [2013.05.20 09:45:04 | 005,267,968 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520094504.Avi [2013.05.20 09:43:24 | 005,190,656 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520094324.Avi [2013.05.20 09:39:03 | 005,268,992 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520093903.Avi [2013.05.20 09:36:45 | 004,963,328 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520093645.Avi [2013.05.20 09:34:34 | 005,220,352 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520093434.Avi [2013.05.20 09:30:18 | 005,848,064 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520093018.Avi [2013.05.20 09:25:45 | 005,157,888 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520092544.Avi [2013.05.20 09:24:30 | 005,232,128 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520092430.Avi [2013.05.20 09:22:58 | 005,235,712 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520092258.Avi [2013.05.20 09:21:25 | 005,568,512 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520092124.Avi [2013.05.20 09:19:15 | 005,238,784 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520091915.Avi [2013.05.20 09:17:47 | 005,190,144 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520091746.Avi [2013.05.20 09:15:17 | 005,223,936 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520091516.Avi [2013.05.20 09:09:27 | 005,203,968 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520090926.Avi [2013.05.20 09:04:00 | 005,210,112 | ---- | C] () -- C:\Users\Public\Documents\encam_20130520090400.Avi [2013.05.18 12:38:04 | 010,056,192 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518123804.Avi [2013.05.18 12:19:03 | 009,410,048 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518121903.Avi [2013.05.18 11:33:30 | 005,140,992 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518113330.Avi [2013.05.18 11:09:18 | 005,128,192 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518110918.Avi [2013.05.18 11:07:27 | 005,127,168 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518110727.Avi [2013.05.18 11:01:00 | 005,135,872 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518110100.Avi [2013.05.18 10:44:40 | 005,136,896 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518104440.Avi [2013.05.18 10:06:48 | 005,088,256 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518100648.Avi [2013.05.18 09:49:00 | 005,089,280 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518094900.Avi [2013.05.18 09:46:58 | 005,133,824 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518094657.Avi [2013.05.18 09:40:09 | 005,135,360 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518094009.Avi [2013.05.18 09:32:57 | 005,170,176 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518093257.Avi [2013.05.18 09:30:14 | 005,095,936 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518093013.Avi [2013.05.18 09:27:45 | 005,157,376 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518092745.Avi [2013.05.18 09:18:02 | 005,091,328 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518091802.Avi [2013.05.18 09:15:51 | 005,325,824 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518091551.Avi [2013.05.18 08:56:16 | 005,359,104 | ---- | C] () -- C:\Users\Public\Documents\encam_20130518085616.Avi [2013.05.06 18:03:31 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\ClearProg.lnk [2013.05.06 17:41:18 | 000,002,191 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.05.06 17:41:18 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2012.11.23 20:18:05 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2012.10.05 09:12:33 | 000,005,400 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.06.29 20:50:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.06.29 16:42:07 | 000,000,994 | ---- | C] () -- C:\Windows\eReg.dat [2011.06.21 17:55:08 | 000,017,408 | ---- | C] () -- C:\Users\xxx\AppData\Local\WebpageIcons.db [2011.06.11 15:41:01 | 000,010,231 | ---- | C] () -- C:\Users\xxx\xxx [2010.07.23 10:26:40 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009.04.08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.03.11 10:55:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Amazon [2010.11.27 23:13:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Asus WebStorage [2012.12.08 19:44:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DesktopIconForAmazon [2012.02.17 20:47:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\xxx [2012.04.03 16:39:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Engelmann Media [2012.01.20 19:13:50 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mount&Blade [2012.12.08 19:43:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OCS [2012.12.08 19:43:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Opera [2011.05.14 19:34:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ProtectDisc [2011.09.30 18:48:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TerraTec [2011.06.29 19:08:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TS3Client [2011.06.29 19:06:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ts3overlay [2011.07.01 15:43:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Tunngle [2012.11.19 18:28:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ubisoft ========== Purity Check ========== < End of report > Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.05.2013 12:33:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\xxx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,79 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 53,88% Memory free
7,59 Gb Paging File | 5,31 Gb Available in Paging File | 69,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 27,85 Gb Free Space | 23,92% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 303,18 Gb Free Space | 91,93% Space Free | Partition Type: NTFS
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08D0FC38-F516-4D25-9402-E48A399B1D5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{11B22F6B-790F-40C3-B9D0-FD5C0D6D71A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{153E73BC-F086-4BAE-8B55-202961E3D409}" = rport=138 | protocol=17 | dir=out | app=system |
"{21150084-2D5F-4263-AE60-D594FFE6D1F8}" = lport=138 | protocol=17 | dir=in | app=system |
"{24151A21-345F-4DC3-8A8D-51E578FCF876}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36EF1B52-8493-4578-8E10-CA8969B10362}" = lport=139 | protocol=6 | dir=in | app=system |
"{394668A8-05A1-45B3-ACF9-DEB31F0A8605}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4651B61B-0481-4DBC-8E6E-20E7308F39B3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49C3DFE2-56F3-4420-AF55-C692E05CC276}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{503DA5EF-FF5D-4945-8622-5BF1083010C3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5C16CCE0-050A-4165-9D0C-EA5A97EC1796}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{635919B7-0001-4C04-BFE5-21C9B47D1C4E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67E71F9C-BE0E-4D3E-854C-62D100EFB12B}" = rport=137 | protocol=17 | dir=out | app=system |
"{7223F021-0D1E-4502-888F-F72C18AC554B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72A81A22-9367-4564-9737-E7D765B28218}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{83FD5066-AF65-4EEC-8058-F85C9EACB509}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{849D143F-12BB-4C95-8A61-A704BF721E1A}" = lport=445 | protocol=6 | dir=in | app=system |
"{9EAA4C45-D416-4600-A7C9-E5C3BB8B3ED5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BBD51A93-406C-4422-BF46-D2DFC32417B0}" = rport=139 | protocol=6 | dir=out | app=system |
"{BF66A77B-00C9-4823-9BC0-39DACC87F5EC}" = lport=137 | protocol=17 | dir=in | app=system |
"{BF6E2B4C-E617-4C97-B1F5-743BB678282E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D841D261-F4F4-481D-809A-E120E558CDDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E34EA894-B4A3-41D1-B99C-6C78F305C6E8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E67B7FA4-02CA-41DA-A00D-3BCA080E0259}" = rport=445 | protocol=6 | dir=out | app=system |
"{E8162B2C-FC58-4131-8EEA-E3C9B51353CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB8A2FE5-C3AD-47C8-9255-C21AA6C05286}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003BFBF1-C65F-4CE4-815A-F2A3F9C870C4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0066CE7D-4936-42E1-AC7D-0F504059DF4A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{02C84413-8FB3-4817-B320-79484A0F9A24}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{03131940-7A30-42D0-93D0-42AD87D19466}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{0A17C5EA-59B9-432F-A2B1-1EC1E9B0FF38}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{0DC8669F-4E65-4536-8082-5B14BCA714CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10B9065E-AA98-4B98-A66D-C629B957E90F}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{12A35CAB-A36F-4DAA-8BCD-A669361E66A8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{203861C0-32B0-4926-AFC8-D83780714CD7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21E1182F-7CB4-463A-9D7D-71AAC95C7121}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24B4CE9E-EC3C-4191-9446-4F8065D65DD1}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{251A60CC-6FC1-4E38-94BC-A2F11BB96610}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{28C0C0A8-86D7-4CE4-B5B6-DA8A25236991}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{28D7F5BE-D6B8-401A-B414-5BCDC4D71897}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{317E8863-8FE4-4462-B341-D6430B327961}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{3372C2AB-ED50-4E7A-B6D3-32F2D4EB1E7B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{354FB9E5-7AE8-48A9-A57D-5C67AB3B9E03}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{390F2A6B-5AC6-457A-B363-7B2B20AB4AED}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{39E4450B-7B04-4470-994C-FF856ADE61CD}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{3AB3F615-767D-4731-A75A-DBBDD016F594}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{3CAFC1EC-7990-44B9-8246-FA7C6C277FAF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{3E02FDE2-688A-448D-8AEF-EB97C08E593D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{3E9BF2FF-8557-4B9D-B62B-D4ED469943BD}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{3FAA9E0E-7234-4067-8401-246FC5DA9B15}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{40104FFA-22B2-44DD-9490-6201B669BB55}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\i am alive\iamalive_launcher.exe |
"{4187F6F8-1534-4807-95F5-F2450463918B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{43A3062C-5D58-4886-8961-402092DCAABE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{498294DC-40D8-492C-B0D0-B4687EDC8CE0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\i am alive\src\system\iamalive_game.exe |
"{4C559ECC-6B28-4E32-9EB5-5AF962470412}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{4DC673F1-E31D-4AF8-A00E-937BE9257AD7}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{4FFAFB29-F286-4164-B728-BDBA3D954A4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{51CA2534-FA76-431A-942A-6A63FF8DF1A2}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{567F4B15-D058-4473-9664-5F207186CBC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56D8CA98-0EC9-48DE-AF9B-E15BD37CB796}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3x.exe |
"{5D4240C4-BB1A-4814-9DC6-096FBDBEBB06}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{5EAB8425-495A-447B-9583-2C2117D0432F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{692FB3A7-0075-4C2B-A47F-A410A64548CD}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{69608033-816B-4917-A5A1-4B190D03247D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\i am alive\iamalive_launcher.exe |
"{73710C3A-3ABE-4080-9C61-A52CA14AD0D4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{79634D19-3D88-4145-AAF6-4777518FDE6E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{7E849A5B-FCB1-43D7-8EF6-61C3B49B6180}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7FA31A9D-647C-4AFF-8CE7-1EBBE5007A7B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\memoir '44 online\memoir'44 online.exe |
"{80620736-4BA3-4CDB-910C-7029B63B55AD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{80E79A21-2209-4757-B3EE-8A0D89DC7E9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{811B638D-3805-4544-A337-AC1660F4BD63}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{82F9966C-92C8-4733-8C22-015EDF0DA50F}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{8B996DC3-847F-4F3C-8D25-FB0A4D7EDE89}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe |
"{8C7A8567-612A-4DDD-9533-0BE52FEF8151}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{8CD9341A-6955-4251-9F27-07804B508F04}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"{95358B8F-4120-487B-A4A9-D807C359D193}" = protocol=6 | dir=out | app=system |
"{9569DA8E-AAC1-4350-970E-8328E21ACA81}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\memoir '44 online\memoir'44 online.exe |
"{96376737-66AE-499F-9879-9609D8C1F2BA}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{97A7D4A9-5873-48AA-98DA-C59D7DE92F49}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9E985084-2620-4247-9EBB-294C31042FED}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{A2E4650F-CCBD-44A4-A844-46070C6112A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A6E3AC2A-126F-431C-B4D8-5CBC56119007}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\insttool.exe |
"{A6E97BC9-8428-40BA-AAA7-BE659CA27A16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A86F50CF-A294-4886-BA2C-37E8082DED54}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ABF50765-9DAF-4B16-A0AE-40B98739F62C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{ACD32809-B328-4A4C-B54A-BB2E05F8078C}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{B01CF3D4-8C3F-4396-998A-73053CD48B4E}" = protocol=6 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{B53EFE69-DD38-4F72-8865-595826EDDC66}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{B710423F-D73F-46B7-91DC-CAD97593D2D7}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\cinergydvr.exe |
"{B8355FEC-2013-46E7-BBE4-C31902C4F08F}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{C7BEC6EB-F2AC-486F-AE0A-1C67EFDD8589}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{C80B704A-026F-4D19-B1C9-0F0AC7079F4D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{CA5F54C5-1C6C-417B-8A62-601CA6716D5B}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{CF074FCE-C5BB-406B-820C-CFAD334BC28F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D34593DC-3ED1-4790-8B91-71D9EEC82EDA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{D4C8B0E0-E8C9-49E4-AFC7-38BE932E02C3}" = protocol=17 | dir=in | app=c:\program files (x86)\terratec\terratec home cinema\versioncheck\versioncheck.exe |
"{D732D261-E8FC-4E3A-B76E-6134D28A2015}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\i am alive\src\system\iamalive_game.exe |
"{E0F52677-208A-4F69-986C-914B0A512172}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{E2FB3FA2-8E96-4694-9C19-C643EAE5599F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E5617384-A196-474E-B07D-0BD800CE7350}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE4D1DFB-F732-4F16-A20B-6EFB2F22F9F7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{F0D263BA-22AF-4F9F-BCF6-6D63B46DE15B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F28C7EC7-BBCF-4925-BCD5-DF77A3E5846C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3y.exe |
"{F4A80621-7C25-4610-AD6A-2BF46B5553C8}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{F57DB5DB-E2DC-4181-8581-C2F0EF3DA518}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{FB843A9B-56A4-4B97-BBFA-772AE5386E84}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D9917CE-1C77-4B58-A153-DCB5A854ED82}" = Intel(R) Wireless Display
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}" = HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"DesktopIconAmazon" = Desktop Icon für Amazon
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SearchAnonymizer" = SearchAnonymizer
"Shop for HP Supplies" = Shop for HP Supplies
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1A2606DD-5E86-4ADA-954B-D98012A174E0}" = ocxinstall
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42E2EEB2-D48E-4A47-B181-32ECA031D93B}" = DJ_AIO_06_F2400_SW_Min
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6BAA71B6-8F43-4C72-931A-3354ABB0258A}" = F2400
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A00F8237-F496-44D2-0001-E3CCF8CD58AE}" = Photomizer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C4415769-1588-4AD6-9624-B2E69DB78D1A}" = Preispilot
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED1674F5-5165-49BF-B546-AE5343111540}" = WebCam
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"ASUS_N_Series_Screensaver" = ASUS_N_Series_Screensaver
"Cinergy T USB XE" = Cinergy T USB XE V6.11.23.01
"ClearProg" = ClearProg 1.6.0 Final
"ElsterFormular für Privatanwender 12.1.1.6214p" = ElsterFormular-Upgrade
"Google Chrome" = Google Chrome
"InstaCodecs_is1" = InstaCodecs
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"IP Camera" = IP Camera
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mobile Partner" = Mobile Partner
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Samsung ML-1510_700 Series" = Samsung ML-1510_700 Series
"Steam App 108210" = Memoir '44 Online
"Tunngle beta_is1" = Tunngle beta
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.05.2013 14:36:11 | Computer Name = xxx | Source = SecurityCenter | ID = 4
Description = Es konnten keine Instanzen von FirewallProduct aus der WMI geladen
werden.
Error - 20.05.2013 14:36:11 | Computer Name = xxx | Source = SecurityCenter | ID = 5
Description = Es konnten keine Instanzen von AntivirusProduct aus der WMI geladen
werden.
Error - 20.05.2013 14:36:11 | Computer Name = xxx | Source = SecurityCenter | ID = 6
Description = Es konnten keine Instanzen von AntiSpywareProduct aus der WMI geladen
werden.
Error - 23.05.2013 05:47:27 | Computer Name = xxx | Source = Application Error | ID = 1000
Error - 23.05.2013 05:47:47 | Computer Name = xxx | Source = Application Error
| ID = 1000
Error - 23.05.2013 05:47:58 | Computer Name = xxx | Source = Application Error | ID = 1000
Error - 23.05.2013 05:49:55 | Computer Name = xxx | Source = Microsoft-Windows-LoadPerf
| ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 23.05.2013 05:49:55 | Computer Name = xxx | Source = Microsoft-Windows-LoadPerf
| ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 23.05.2013 05:49:55 | Computer Name = xxx | Source = Microsoft-Windows-LoadPerf
| ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 23.05.2013 05:57:21 | Computer Name = xxx | Source = Microsoft-Windows-LoadPerf
| ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 23.05.2013 05:57:21 | Computer Name = xxx | Source = Microsoft-Windows-LoadPerf
| ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 23.05.2013 05:57:21 | Computer Name = xxx | Source = Microsoft-Windows-LoadPerf
| ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error encountered while reading event logs.
< End of report >
Gmer:  Geändert von enca (23.05.2013 um 13:29 Uhr) |
|
23.05.2013, 13:23
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PC "hängt" sich bei jedem zweiten Start auf Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
23.05.2013, 13:36
| #3 |
| | PC "hängt" sich bei jedem zweiten Start auf Sorry wegen Code, habs gleich angepasst.
__________________Alte Logs... das einzige was ich noch habe ist das was Kasparsky gefunden hat:  |
|
23.05.2013, 13:38
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC "hängt" sich bei jedem zweiten Start auf Geht das auch in Textform? Screenshots sind wirklich sehr suboptimal 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.05.2013, 16:30
| #5 |
| | PC "hängt" sich bei jedem zweiten Start auf Für spybot: Code:
ATTFilter Search results from Spybot - Search & Destroy
22.05.2013 21:02:51
Scan took 00:23:48.
17 items found.
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8QKNWWHM\s.ytimg.com\soundData.sol
Properties.size=49
Properties.md5=0F2F7414896648FFBC2F586F6D90EB34
Properties.filedate=1369248303
Properties.filedatetext=2013-05-22 20:45:03
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8QKNWWHM\s.ytimg.com\subtitlesModuleData.sol
Properties.size=180
Properties.md5=FC4229AA6948A5459695586E617BE143
Properties.filedate=1369247154
Properties.filedatetext=2013-05-22 20:25:53
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8QKNWWHM\tag.coffeetable.hiro.tv\hiro_companion_cookie.sol
Properties.size=106
Properties.md5=CECF7DD1A64B3A0E20AE4CF7C0B5465C
Properties.filedate=1369242972
Properties.filedatetext=2013-05-22 19:16:11
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8QKNWWHM\tag.coffeetable.hiro.tv\HIRO_NETWORK_CAPPING_COOKIE.sol
Properties.size=1016
Properties.md5=3813945D44C302AE8DE8284CA78311D0
Properties.filedate=1369243012
Properties.filedatetext=2013-05-22 19:16:51
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\xxx\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8QKNWWHM\static.xvideos.com\swf\xv-player.swf\hexaplayerVolumeCookie.sol
Properties.size=61
Properties.md5=3ABAFA1CF4CC177EDEE657D6E256DBF7
Properties.filedate=1369235517
Properties.filedatetext=2013-05-22 17:11:56
Right Media: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): xxx) (Browser: Cookie, nothing done)
Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Properties.size=56
Properties.md5=D74E3C688AA4F552EB9F55CB8EA67170
Properties.filedate=1369230344
Properties.filedatetext=2013-05-22 15:45:43
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1943759358-1886033112-3091262857-1001\Software\Microsoft\Internet Explorer\TypedURLs
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1943759358-1886033112-3091262857-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1943759358-1886033112-3091262857-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-1943759358-1886033112-3091262857-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-1943759358-1886033112-3091262857-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Cookie: [SBI $49804B54] Browser: Cookie (143) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (1613) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (991) (Browser: History, nothing done)
--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---
2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-05-06 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDECon64.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)
Code:
ATTFilter Typ Status Zeit
HEUR:Exploit.Script.Blocker Inaktiv 26.04.2012 18:09:05
Trojan-Downloader.JS.Expack.tj Inaktiv 22.06.2012 13:57:23
HEUR:Exploit.Script.Generic Nicht gefunden 18.11.2012 16:01:09
HEUR:Exploit.Script.Generic Inaktiv 18.11.2012 15:42:13
Trojan-Downloader.JS.DarDuk.e Inaktiv 17.08.2011 16:58:00
HEUR:Exploit.Script.Generic Inaktiv 17.05.2012 10:53:11
HEUR:Trojan-Downloader.Script.Generic Inaktiv 11.09.2012 16:55:24
HEUR:Exploit.Script.Blocker Inaktiv 10.05.2012 19:00:01
Exploit.Java.CVE-2012-0507.fb Inaktiv 10.05.2012 18:59:59
HEUR:Exploit.Script.Generic Inaktiv 07.06.2012 20:45:26
HEUR:Exploit.Script.Generic Inaktiv 05.06.2012 18:18:22
Exploit.Win32.CVE-2011-3402.c Wird n. d. Neustart d. PC verarbeitet 03.02.2013 17:27:18
HEUR:Exploit.Script.Generic Inaktiv 01.06.2012 13:21:35
|
|
23.05.2013, 21:07
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC "hängt" sich bei jedem zweiten Start auf Die Pfadangaben fehlen, aber naja... Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> PC "hängt" sich bei jedem zweiten Start auf |
|
24.05.2013, 08:24
| #7 |
| | PC "hängt" sich bei jedem zweiten Start auf Bei Spybot hat er gemeckert. Ich hatte ihn zwar ausgeschalten, aber möglicherweise lief noch etwas im Hintergrund. Hier das Log: Code:
ATTFilter ComboFix 13-05-23.02 - xxx 24.05.2013 8:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3886.2286 [GMT 2:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\FullRemove.exe
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
c:\windows\msvcr71.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-24 bis 2013-05-24 ))))))))))))))))))))))))))))))
.
.
2013-05-24 07:03 . 2013-05-24 07:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-24 07:03 . 2013-05-24 07:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-23 07:06 . 2013-05-23 07:06 388096 ----a-r- c:\users\xxx\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-05-16 19:26 . 2013-05-16 19:26 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2013-05-06 16:03 . 2013-05-06 16:03 -------- d-----w- c:\program files (x86)\ClearProg
2013-05-06 15:41 . 2013-05-22 19:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-06 15:41 . 2009-01-25 10:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-05-06 15:41 . 2013-05-06 15:41 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-05-06 15:40 . 2013-05-06 15:40 -------- d-----w- c:\users\xxx\AppData\Local\Programs
2013-04-27 12:11 . 2013-04-27 12:11 -------- d-----w- c:\program files (x86)\Bethesda Softworks
2013-04-27 12:08 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-04-27 12:08 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-04-27 12:08 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-04-27 12:08 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-04-27 12:08 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2013-04-27 12:08 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-04-27 12:08 . 2013-04-27 12:08 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-04-27 12:08 . 2013-04-27 12:08 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-04-27 12:07 . 2013-04-27 12:07 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-04-24 14:40 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 19:32 . 2011-03-05 15:13 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 16:51 . 2012-04-11 17:16 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 16:51 . 2011-07-02 10:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-23 15:25 . 2013-04-23 15:25 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-23 15:25 . 2012-11-15 19:43 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-04-23 15:25 . 2011-05-29 18:04 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-13 05:49 . 2013-05-16 14:47 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 14:47 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 14:47 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 14:47 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 14:47 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 14:47 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-19 06:04 . 2013-04-10 12:43 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 12:43 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 12:43 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:43 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 12:43 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 12:43 112640 ----a-w- c:\windows\system32\smss.exe
2009-04-08 17:31 . 2009-04-08 17:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C4415769-1588-4AD6-9624-B2E69DB78D1A}]
2012-08-10 14:47 182056 ----a-w- c:\program files (x86)\preispilot\Internet Explorer\preispilot.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-03-31 12:57 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"="c:\program files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\Cyberlink\PowerDVD9\Language\Language.exe" [2009-04-28 50472]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-11-13 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-03-31 1646216]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\25976~1.107\{C16C1~1\mngr.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384]
R3 AF05BDA;Cinergy T USB XE service;c:\windows\system32\DRIVERS\AF05BDA.sys [2009-11-05 171328]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 usbet;USB 2.0 WebCAM;c:\windows\system32\DRIVERS\ETdrv.sys [2010-04-29 182912]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-10 1255736]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 25960]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-01-19 334344]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-06-15 737016]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 06:18 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:51]
.
2013-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 08:25]
.
2013-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 08:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{163805D3-6748-4978-BC33-7C22BDF6E1DA}: NameServer = 0.0.0.0
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://192.168.2.104/codebase/DVM_IPCam2.ocx
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1943759358-1886033112-3091262857-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:29,eb,ac,24,36,4a,f3,1e,a2,68,10,a5,cf,57,41,bb,01,0f,c7,3d,92,
ba,16,83,fc,af,f1,08,4f,8b,0e,99,cf,02,d7,f3,dc,a4,4a,5b,0f,ca,e3,cd,0a,16,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-24 09:18:27
ComboFix-quarantined-files.txt 2013-05-24 07:18
.
Vor Suchlauf: 10 Verzeichnis(se), 29.656.662.016 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 29.691.768.832 Bytes frei
.
- - End Of File - - 592B09DFF309A774F390B95F2766A99C
|
|
24.05.2013, 11:09
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC "hängt" sich bei jedem zweiten Start auf Bitte nochmal GMER probieren und dann MBAR ausführen Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.05.2013, 12:39
| #9 |
| | PC "hängt" sich bei jedem zweiten Start auf Gmer: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-24 13:25:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\xxx\AppData\Local\Temp\fxldypob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031be000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff800031be02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Tunngle\TnglCtrl.exe[2496] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007701000c 1 byte [90]
.text C:\Program Files (x86)\Tunngle\TnglCtrl.exe[2496] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe[4116] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4988] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Program Files (x86)\Ask.com\Updater\Updater.exe[4988] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4996] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe[4800] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe[4752] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text C:\Windows\AsScrPro.exe[6240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Windows\AsScrPro.exe[6240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
.text ... * 2
.text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[6252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[6252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[7444] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[7444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[7444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7708] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[7708] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
.text ... * 2
.text C:\Users\xxx\Desktop\gmer_2.1.19163.exe[2268] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000074f7cfca 5 bytes JMP 0000000173d141c0
.text C:\Users\xxx\Desktop\gmer_2.1.19163.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076fd1465 2 bytes [FD, 76]
.text C:\Users\xxx\Desktop\gmer_2.1.19163.exe[2268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076fd14bb 2 bytes [FD, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [856:4372] 000007fef9722154
Thread C:\Windows\system32\svchost.exe [1188:5332] 000007fef6885170
Thread C:\Windows\system32\WLANExt.exe [1544:2204] 0000000001a78bc8
Thread C:\Windows\system32\WLANExt.exe [1544:2384] 0000000001a78be4
Thread C:\Windows\system32\WLANExt.exe [1544:2324] 0000000001a78bac
Thread C:\Windows\System32\spoolsv.exe [1724:2168] 000007fef8c910c8
Thread C:\Windows\System32\spoolsv.exe [1724:2176] 000007fef8c56144
Thread C:\Windows\System32\spoolsv.exe [1724:2180] 000007fef8a45fd0
Thread C:\Windows\System32\spoolsv.exe [1724:2184] 000007fef8a33438
Thread C:\Windows\System32\spoolsv.exe [1724:2188] 000007fef8a463ec
Thread C:\Windows\System32\spoolsv.exe [1724:2196] 000007fef8d25e5c
Thread C:\Windows\system32\svchost.exe [1760:3508] 000007fef7f42940
Thread C:\Windows\system32\svchost.exe [1760:3692] 000007fef71f2888
Thread C:\Windows\system32\svchost.exe [1760:7856] 000007fef71f2a40
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5019cb
Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 10774
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5019cb (not active ControlSet)
---- EOF - GMER 2.1 ----
 |
|
24.05.2013, 13:03
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC "hängt" sich bei jedem zweiten Start auf Versuch mal auf nein zu klicken und normal weiterzumachen. Wenn MBAR dann nicht scannen will, dann das Tool bitte neu starten und die Abfrage bejahen, Rechner neu starten und scannen lassenn.-
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.05.2013, 13:29
| #11 |
| | PC "hängt" sich bei jedem zweiten Start auf MB hat nichts gefunden: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.24.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
xxx :: xxx [administrator]
24.05.2013 14:25:28
mbar-log-2013-05-24 (14-25-28).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28684
Time elapsed: 13 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
24.05.2013, 14:40
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC "hängt" sich bei jedem zweiten Start auf aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.05.2013, 15:37
| #13 |
| | PC "hängt" sich bei jedem zweiten Start auf Scan wurde abgebrochen mit folgender Meldung:  Edit: Vor einer Minute ist der PC dann auch noch abgestürtzt. Blauer Screen mit Aufforderung neu zu starten. Geändert von enca (24.05.2013 um 15:44 Uhr) |
|
24.05.2013, 18:06
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC "hängt" sich bei jedem zweiten Start auf Lies doch mal den Hinweis unter der aswMBR Anleitung
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.05.2013, 18:28
| #15 |
| | PC "hängt" sich bei jedem zweiten Start auf Tut mir Leid, ich komm nicht drauf... Welcher Hinweis? Ich hab alle Programme und Antivirus-Programme geschlossen. Dann habe ich aswMBR mit Rechtsklick - als Administrator ausführen - gestartet. Scan geklickt. Danach kam besagte Fehlermeldung und ich hab wie aufgefordert das Problem hier gepostet... Edit: Ok, wer lesen kann ist klar im Vorteil... Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-24 19:32:20
-----------------------------
19:32:20.696 OS Version: Windows x64 6.1.7601 Service Pack 1
19:32:20.696 Number of processors: 4 586 0x2505
19:32:20.696 ComputerName: xxx UserName: xxx
19:32:21.226 Initialize success
19:32:30.181 AVAST engine defs: 13052301
19:32:36.624 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:32:36.624 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
19:32:36.795 Disk 0 MBR read successfully
19:32:36.795 Disk 0 MBR scan
19:32:36.811 Disk 0 Windows 7 default MBR code
19:32:36.811 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 63
19:32:36.827 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119235 MB offset 40965752
19:32:36.842 Disk 0 Partition - 00 0F Extended LBA 337701 MB offset 285159424
19:32:36.873 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 337700 MB offset 285161472
19:32:37.029 Disk 0 scanning C:\Windows\system32\drivers
19:32:51.771 Service scanning
19:33:22.129 Modules scanning
19:33:22.129 Disk 0 trace - called modules:
19:33:22.691 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:33:22.691 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cf1060]
19:33:22.706 3 CLASSPNP.SYS[fffff8800222043f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004677050]
19:33:22.706 Scan finished successfully
19:34:04.503 Disk 0 MBR has been saved successfully to "C:\Users\xxx\Desktop\MBR.dat"
Code:
ATTFilter 19:35:19.0386 6372 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:35:19.0573 6372 ============================================================
19:35:19.0573 6372 Current date / time: 2013/05/24 19:35:19.0573
19:35:19.0573 6372 SystemInfo:
19:35:19.0573 6372
19:35:19.0573 6372 OS Version: 6.1.7601 ServicePack: 1.0
19:35:19.0573 6372 Product type: Workstation
19:35:19.0573 6372 ComputerName: xxx
19:35:19.0573 6372 UserName: xxx
19:35:19.0573 6372 Windows directory: C:\Windows
19:35:19.0573 6372 System windows directory: C:\Windows
19:35:19.0573 6372 Running under WOW64
19:35:19.0573 6372 Processor architecture: Intel x64
19:35:19.0573 6372 Number of processors: 4
19:35:19.0573 6372 Page size: 0x1000
19:35:19.0573 6372 Boot type: Normal boot
19:35:19.0573 6372 ============================================================
19:35:20.0135 6372 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:35:20.0135 6372 ============================================================
19:35:20.0135 6372 \Device\Harddisk0\DR0:
19:35:20.0135 6372 MBR partitions:
19:35:20.0135 6372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711678, BlocksNum 0xE8E1800
19:35:20.0150 6372 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10FF3800, BlocksNum 0x29392000
19:35:20.0150 6372 ============================================================
19:35:20.0182 6372 C: <-> \Device\Harddisk0\DR0\Partition1
19:35:20.0213 6372 D: <-> \Device\Harddisk0\DR0\Partition2
19:35:20.0213 6372 ============================================================
19:35:20.0213 6372 Initialize success
19:35:20.0213 6372 ============================================================
19:36:35.0599 3892 ============================================================
19:36:35.0599 3892 Scan started
19:36:35.0599 3892 Mode: Manual; SigCheck; TDLFS;
19:36:35.0599 3892 ============================================================
19:36:36.0426 3892 ================ Scan system memory ========================
19:36:36.0426 3892 System memory - ok
19:36:36.0426 3892 ================ Scan services =============================
19:36:36.0644 3892 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:36:36.0753 3892 1394ohci - ok
19:36:36.0831 3892 [ 6CE02D42183CDF31315F208AE35F153F ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
19:36:36.0863 3892 acedrv11 - ok
19:36:36.0909 3892 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:36:36.0941 3892 ACPI - ok
19:36:36.0972 3892 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:36:37.0003 3892 AcpiPmi - ok
19:36:37.0112 3892 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:36:37.0128 3892 AdobeARMservice - ok
19:36:37.0284 3892 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:36:37.0299 3892 AdobeFlashPlayerUpdateSvc - ok
19:36:37.0362 3892 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:36:37.0393 3892 adp94xx - ok
19:36:37.0424 3892 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:36:37.0455 3892 adpahci - ok
19:36:37.0471 3892 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:36:37.0487 3892 adpu320 - ok
19:36:37.0518 3892 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:36:37.0580 3892 AeLookupSvc - ok
19:36:37.0627 3892 [ 5FAB00F6BB473A0B8247ED3BE9E7A243 ] AF05BDA C:\Windows\system32\DRIVERS\AF05BDA.sys
19:36:37.0643 3892 AF05BDA - ok
19:36:37.0689 3892 [ FB2BE0BAE9B3F248080CDBF91EF16C7F ] AFBAgent C:\Windows\system32\FBAgent.exe
19:36:37.0705 3892 AFBAgent - ok
19:36:37.0767 3892 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:36:37.0814 3892 AFD - ok
19:36:37.0845 3892 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:36:37.0845 3892 agp440 - ok
19:36:37.0892 3892 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:36:37.0923 3892 ALG - ok
19:36:37.0955 3892 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:36:37.0970 3892 aliide - ok
19:36:37.0970 3892 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:36:37.0986 3892 amdide - ok
19:36:38.0033 3892 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:36:38.0064 3892 AmdK8 - ok
19:36:38.0079 3892 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:36:38.0126 3892 AmdPPM - ok
19:36:38.0142 3892 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:36:38.0157 3892 amdsata - ok
19:36:38.0189 3892 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:36:38.0204 3892 amdsbs - ok
19:36:38.0220 3892 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:36:38.0235 3892 amdxata - ok
19:36:38.0298 3892 [ 9C7F164B49CADC658D1B3C575782F346 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
19:36:38.0329 3892 AmUStor - ok
19:36:38.0360 3892 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:36:38.0407 3892 AppID - ok
19:36:38.0438 3892 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:36:38.0485 3892 AppIDSvc - ok
19:36:38.0516 3892 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:36:38.0532 3892 Appinfo - ok
19:36:38.0594 3892 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:36:38.0610 3892 arc - ok
19:36:38.0610 3892 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:36:38.0625 3892 arcsas - ok
19:36:38.0703 3892 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:36:38.0735 3892 ASLDRService - ok
19:36:38.0750 3892 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:36:38.0766 3892 ASMMAP64 - ok
19:36:38.0781 3892 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:36:38.0844 3892 AsyncMac - ok
19:36:38.0891 3892 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:36:38.0906 3892 atapi - ok
19:36:38.0969 3892 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:36:39.0031 3892 athr - ok
19:36:39.0047 3892 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:36:39.0062 3892 ATKGFNEXSrv - ok
19:36:39.0109 3892 [ B4BDE3F758A34658A37DFED3D9783CD8 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
19:36:39.0125 3892 atksgt - ok
19:36:39.0171 3892 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:36:39.0265 3892 AudioEndpointBuilder - ok
19:36:39.0312 3892 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:36:39.0359 3892 AudioSrv - ok
19:36:39.0437 3892 [ 6C9D5BADC8F83D410A278717C2EEA6F6 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
19:36:39.0468 3892 AVP - ok
19:36:39.0499 3892 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:36:39.0593 3892 AxInstSV - ok
19:36:39.0624 3892 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:36:39.0671 3892 b06bdrv - ok
19:36:39.0702 3892 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:36:39.0733 3892 b57nd60a - ok
19:36:39.0780 3892 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:36:39.0842 3892 BDESVC - ok
19:36:39.0873 3892 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:36:39.0951 3892 Beep - ok
19:36:40.0029 3892 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:36:40.0123 3892 BFE - ok
19:36:40.0154 3892 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
19:36:40.0232 3892 BITS - ok
19:36:40.0279 3892 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:36:40.0326 3892 blbdrive - ok
19:36:40.0341 3892 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:36:40.0373 3892 bowser - ok
19:36:40.0404 3892 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:36:40.0435 3892 BrFiltLo - ok
19:36:40.0466 3892 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:36:40.0497 3892 BrFiltUp - ok
19:36:40.0544 3892 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:36:40.0575 3892 BridgeMP - ok
19:36:40.0607 3892 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:36:40.0653 3892 Browser - ok
19:36:40.0685 3892 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:36:40.0747 3892 Brserid - ok
19:36:40.0763 3892 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:36:40.0794 3892 BrSerWdm - ok
19:36:40.0809 3892 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:36:40.0841 3892 BrUsbMdm - ok
19:36:40.0856 3892 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:36:40.0872 3892 BrUsbSer - ok
19:36:40.0934 3892 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
19:36:41.0075 3892 BthEnum - ok
19:36:41.0090 3892 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:36:41.0106 3892 BTHMODEM - ok
19:36:41.0153 3892 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:36:41.0184 3892 BthPan - ok
19:36:41.0246 3892 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:36:41.0293 3892 BTHPORT - ok
19:36:41.0324 3892 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:36:41.0387 3892 bthserv - ok
19:36:41.0449 3892 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:36:41.0480 3892 BTHUSB - ok
19:36:41.0527 3892 catchme - ok
19:36:41.0574 3892 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:36:41.0636 3892 cdfs - ok
19:36:41.0667 3892 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:36:41.0714 3892 cdrom - ok
19:36:41.0777 3892 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:36:41.0839 3892 CertPropSvc - ok
19:36:41.0870 3892 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:36:41.0901 3892 circlass - ok
19:36:41.0933 3892 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:36:41.0964 3892 CLFS - ok
19:36:42.0011 3892 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:42.0026 3892 clr_optimization_v2.0.50727_32 - ok
19:36:42.0104 3892 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:36:42.0120 3892 clr_optimization_v2.0.50727_64 - ok
19:36:42.0182 3892 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:36:42.0213 3892 clr_optimization_v4.0.30319_32 - ok
19:36:42.0229 3892 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:36:42.0245 3892 clr_optimization_v4.0.30319_64 - ok
19:36:42.0291 3892 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:36:42.0323 3892 CmBatt - ok
19:36:42.0354 3892 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:36:42.0369 3892 cmdide - ok
19:36:42.0401 3892 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:36:42.0432 3892 CNG - ok
19:36:42.0525 3892 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:36:42.0541 3892 Compbatt - ok
19:36:42.0572 3892 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:36:42.0603 3892 CompositeBus - ok
19:36:42.0619 3892 COMSysApp - ok
19:36:42.0635 3892 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:36:42.0635 3892 crcdisk - ok
19:36:42.0681 3892 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:36:42.0728 3892 CryptSvc - ok
19:36:42.0775 3892 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:36:42.0853 3892 DcomLaunch - ok
19:36:42.0900 3892 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:36:42.0947 3892 defragsvc - ok
19:36:42.0978 3892 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:36:43.0025 3892 DfsC - ok
19:36:43.0056 3892 [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
19:36:43.0071 3892 DgiVecp - ok
19:36:43.0103 3892 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:36:43.0149 3892 Dhcp - ok
19:36:43.0196 3892 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:36:43.0243 3892 discache - ok
19:36:43.0274 3892 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:36:43.0274 3892 Disk - ok
19:36:43.0305 3892 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:36:43.0337 3892 Dnscache - ok
19:36:43.0368 3892 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:36:43.0430 3892 dot3svc - ok
19:36:43.0477 3892 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
19:36:43.0508 3892 Dot4 - ok
19:36:43.0555 3892 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
19:36:43.0586 3892 Dot4Print - ok
19:36:43.0617 3892 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
19:36:43.0649 3892 dot4usb - ok
19:36:43.0680 3892 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:36:43.0742 3892 DPS - ok
19:36:43.0773 3892 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:36:43.0805 3892 drmkaud - ok
19:36:43.0836 3892 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:36:43.0898 3892 DXGKrnl - ok
19:36:43.0929 3892 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:36:44.0007 3892 EapHost - ok
19:36:44.0101 3892 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:36:44.0226 3892 ebdrv - ok
19:36:44.0257 3892 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:36:44.0288 3892 EFS - ok
19:36:44.0366 3892 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:36:44.0444 3892 ehRecvr - ok
19:36:44.0475 3892 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:36:44.0522 3892 ehSched - ok
19:36:44.0585 3892 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:36:44.0616 3892 elxstor - ok
19:36:44.0631 3892 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:36:44.0663 3892 ErrDev - ok
19:36:44.0694 3892 [ 3C38648375B7F3988691F53A7AAE10A9 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
19:36:44.0725 3892 ETD - ok
19:36:44.0772 3892 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:36:44.0850 3892 EventSystem - ok
19:36:44.0959 3892 [ B56D9602DB5FE1C116B1CA5EFD8E2E50 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:36:44.0990 3892 EvtEng - ok
19:36:45.0021 3892 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:36:45.0099 3892 exfat - ok
19:36:45.0131 3892 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:36:45.0193 3892 fastfat - ok
19:36:45.0240 3892 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:36:45.0287 3892 Fax - ok
19:36:45.0302 3892 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:36:45.0349 3892 fdc - ok
19:36:45.0380 3892 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:36:45.0443 3892 fdPHost - ok
19:36:45.0458 3892 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:36:45.0536 3892 FDResPub - ok
19:36:45.0567 3892 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:36:45.0599 3892 FileInfo - ok
19:36:45.0599 3892 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:36:45.0661 3892 Filetrace - ok
19:36:45.0692 3892 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:36:45.0723 3892 flpydisk - ok
19:36:45.0739 3892 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:36:45.0755 3892 FltMgr - ok
19:36:45.0833 3892 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:36:45.0895 3892 FontCache - ok
19:36:45.0957 3892 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:36:45.0973 3892 FontCache3.0.0.0 - ok
19:36:46.0004 3892 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:36:46.0020 3892 FsDepends - ok
19:36:46.0051 3892 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:36:46.0082 3892 fssfltr - ok
19:36:46.0145 3892 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:36:46.0207 3892 fsssvc - ok
19:36:46.0223 3892 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:36:46.0223 3892 Fs_Rec - ok
19:36:46.0269 3892 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:36:46.0301 3892 fvevol - ok
19:36:46.0363 3892 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:36:46.0379 3892 gagp30kx - ok
19:36:46.0425 3892 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:36:46.0519 3892 gpsvc - ok
19:36:46.0597 3892 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:36:46.0613 3892 gupdate - ok
19:36:46.0659 3892 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:36:46.0675 3892 gupdatem - ok
19:36:46.0706 3892 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:36:46.0769 3892 hcw85cir - ok
19:36:46.0800 3892 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:36:46.0847 3892 HdAudAddService - ok
19:36:46.0862 3892 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:36:46.0909 3892 HDAudBus - ok
19:36:46.0940 3892 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
19:36:46.0956 3892 HECIx64 - ok
19:36:46.0971 3892 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:36:46.0987 3892 HidBatt - ok
19:36:47.0003 3892 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:36:47.0018 3892 HidBth - ok
19:36:47.0049 3892 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:36:47.0065 3892 HidIr - ok
19:36:47.0096 3892 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
19:36:47.0127 3892 hidserv - ok
19:36:47.0174 3892 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:36:47.0205 3892 HidUsb - ok
19:36:47.0221 3892 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:36:47.0315 3892 hkmsvc - ok
19:36:47.0330 3892 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:36:47.0393 3892 HomeGroupListener - ok
19:36:47.0408 3892 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:36:47.0439 3892 HomeGroupProvider - ok
19:36:47.0533 3892 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:36:47.0564 3892 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
19:36:47.0564 3892 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
19:36:47.0595 3892 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:36:47.0595 3892 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
19:36:47.0595 3892 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
19:36:47.0627 3892 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:36:47.0642 3892 HpSAMD - ok
19:36:47.0689 3892 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:36:47.0783 3892 HTTP - ok
19:36:47.0845 3892 [ C8F3119AD72A507D12EF389DF4C266EF ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:36:47.0907 3892 hwdatacard - ok
19:36:47.0939 3892 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:36:47.0954 3892 hwpolicy - ok
19:36:47.0985 3892 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:36:48.0001 3892 i8042prt - ok
19:36:48.0032 3892 [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:36:48.0048 3892 iaStor - ok
19:36:48.0079 3892 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:36:48.0095 3892 iaStorV - ok
19:36:48.0188 3892 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:36:48.0204 3892 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:36:48.0204 3892 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:36:48.0251 3892 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:36:48.0313 3892 idsvc - ok
19:36:48.0531 3892 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:36:48.0812 3892 igfx - ok
19:36:48.0843 3892 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:36:48.0843 3892 iirsp - ok
19:36:48.0890 3892 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:36:48.0968 3892 IKEEXT - ok
19:36:49.0031 3892 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
19:36:49.0062 3892 Impcd - ok
19:36:49.0171 3892 [ 53019327813FF5AB2964B33B2C61307C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:36:49.0265 3892 IntcAzAudAddService - ok
19:36:49.0296 3892 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:36:49.0327 3892 IntcDAud - ok
19:36:49.0358 3892 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:36:49.0374 3892 intelide - ok
19:36:49.0405 3892 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:36:49.0436 3892 intelppm - ok
19:36:49.0467 3892 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:36:49.0530 3892 IPBusEnum - ok
19:36:49.0561 3892 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:36:49.0623 3892 IpFilterDriver - ok
19:36:49.0670 3892 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:36:49.0717 3892 iphlpsvc - ok
19:36:49.0733 3892 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:36:49.0764 3892 IPMIDRV - ok
19:36:49.0795 3892 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:36:49.0826 3892 IPNAT - ok
19:36:49.0857 3892 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:36:49.0904 3892 IRENUM - ok
19:36:49.0935 3892 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:36:49.0935 3892 isapnp - ok
19:36:49.0967 3892 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:36:49.0982 3892 iScsiPrt - ok
19:36:49.0998 3892 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:36:50.0013 3892 kbdclass - ok
19:36:50.0045 3892 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:36:50.0060 3892 kbdhid - ok
19:36:50.0091 3892 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
19:36:50.0107 3892 kbfiltr - ok
19:36:50.0123 3892 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:36:50.0123 3892 KeyIso - ok
19:36:50.0201 3892 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
19:36:50.0232 3892 KL1 - ok
19:36:50.0232 3892 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
19:36:50.0247 3892 kl2 - ok
19:36:50.0310 3892 [ 8490798365236B6C8E54DEDD27A42D07 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
19:36:50.0341 3892 KLIF - ok
19:36:50.0388 3892 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
19:36:50.0403 3892 KLIM6 - ok
19:36:50.0419 3892 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
19:36:50.0435 3892 klmouflt - ok
19:36:50.0450 3892 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:36:50.0466 3892 KSecDD - ok
19:36:50.0497 3892 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:36:50.0513 3892 KSecPkg - ok
19:36:50.0544 3892 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:36:50.0606 3892 ksthunk - ok
19:36:50.0637 3892 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:36:50.0684 3892 KtmRm - ok
19:36:50.0715 3892 [ B4A3A05B0F9C81D098B96AB6AA915042 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
19:36:50.0747 3892 L1C - ok
19:36:50.0793 3892 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
19:36:50.0840 3892 LanmanServer - ok
19:36:50.0856 3892 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:36:50.0918 3892 LanmanWorkstation - ok
19:36:50.0965 3892 [ 955982BF4421B77722196552B62E8DC2 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
19:36:50.0981 3892 lirsgt - ok
19:36:50.0996 3892 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:36:51.0043 3892 lltdio - ok
19:36:51.0074 3892 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:36:51.0121 3892 lltdsvc - ok
19:36:51.0137 3892 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:36:51.0199 3892 lmhosts - ok
19:36:51.0277 3892 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:36:51.0293 3892 LMS ( UnsignedFile.Multi.Generic ) - warning
19:36:51.0293 3892 LMS - detected UnsignedFile.Multi.Generic (1)
19:36:51.0339 3892 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:36:51.0355 3892 LSI_FC - ok
19:36:51.0371 3892 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:36:51.0386 3892 LSI_SAS - ok
19:36:51.0402 3892 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:36:51.0417 3892 LSI_SAS2 - ok
19:36:51.0433 3892 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:36:51.0449 3892 LSI_SCSI - ok
19:36:51.0464 3892 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:36:51.0527 3892 luafv - ok
19:36:51.0558 3892 lullaby - ok
19:36:51.0589 3892 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:36:51.0620 3892 Mcx2Svc - ok
19:36:51.0636 3892 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:36:51.0651 3892 megasas - ok
19:36:51.0683 3892 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:36:51.0714 3892 MegaSR - ok
19:36:51.0745 3892 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:36:51.0823 3892 MMCSS - ok
19:36:51.0839 3892 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:36:51.0901 3892 Modem - ok
19:36:51.0932 3892 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:36:51.0979 3892 monitor - ok
19:36:52.0010 3892 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:36:52.0041 3892 mouclass - ok
19:36:52.0073 3892 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:36:52.0088 3892 mouhid - ok
19:36:52.0119 3892 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:36:52.0135 3892 mountmgr - ok
19:36:52.0166 3892 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:36:52.0197 3892 mpio - ok
19:36:52.0213 3892 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:36:52.0275 3892 mpsdrv - ok
19:36:52.0322 3892 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:36:52.0400 3892 MpsSvc - ok
19:36:52.0431 3892 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:36:52.0478 3892 MRxDAV - ok
19:36:52.0494 3892 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:36:52.0525 3892 mrxsmb - ok
19:36:52.0556 3892 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:36:52.0587 3892 mrxsmb10 - ok
19:36:52.0603 3892 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:36:52.0619 3892 mrxsmb20 - ok
19:36:52.0650 3892 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:36:52.0665 3892 msahci - ok
19:36:52.0697 3892 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:36:52.0712 3892 msdsm - ok
19:36:52.0728 3892 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:36:52.0775 3892 MSDTC - ok
19:36:52.0821 3892 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:36:52.0884 3892 Msfs - ok
19:36:52.0931 3892 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:36:53.0009 3892 mshidkmdf - ok
19:36:53.0024 3892 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:36:53.0040 3892 msisadrv - ok
19:36:53.0071 3892 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:36:53.0118 3892 MSiSCSI - ok
19:36:53.0118 3892 msiserver - ok
19:36:53.0149 3892 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:36:53.0196 3892 MSKSSRV - ok
19:36:53.0211 3892 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:36:53.0258 3892 MSPCLOCK - ok
19:36:53.0274 3892 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:36:53.0321 3892 MSPQM - ok
19:36:53.0352 3892 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:36:53.0367 3892 MsRPC - ok
19:36:53.0399 3892 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:36:53.0414 3892 mssmbios - ok
19:36:53.0445 3892 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:36:53.0492 3892 MSTEE - ok
19:36:53.0508 3892 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:36:53.0523 3892 MTConfig - ok
19:36:53.0539 3892 [ 032D35C996F21D19A205A7C8F0B76F3C ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
19:36:53.0555 3892 MTsensor - ok
19:36:53.0570 3892 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:36:53.0586 3892 Mup - ok
19:36:53.0601 3892 [ A9BC2302FBDF52C8AF4E2FC966288D21 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
19:36:53.0633 3892 MyWiFiDHCPDNS - ok
19:36:53.0664 3892 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:36:53.0711 3892 napagent - ok
19:36:53.0757 3892 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:36:53.0789 3892 NativeWifiP - ok
19:36:53.0835 3892 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:36:53.0898 3892 NDIS - ok
19:36:53.0913 3892 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:36:53.0960 3892 NdisCap - ok
19:36:53.0991 3892 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:36:54.0038 3892 NdisTapi - ok
19:36:54.0054 3892 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:36:54.0116 3892 Ndisuio - ok
19:36:54.0147 3892 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:36:54.0194 3892 NdisWan - ok
19:36:54.0225 3892 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:36:54.0257 3892 NDProxy - ok
19:36:54.0319 3892 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:36:54.0335 3892 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:36:54.0335 3892 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:36:54.0366 3892 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:36:54.0428 3892 NetBIOS - ok
19:36:54.0459 3892 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:36:54.0506 3892 NetBT - ok
19:36:54.0522 3892 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:36:54.0537 3892 Netlogon - ok
19:36:54.0553 3892 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:36:54.0615 3892 Netman - ok
19:36:54.0631 3892 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:36:54.0693 3892 netprofm - ok
19:36:54.0709 3892 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:36:54.0740 3892 NetTcpPortSharing - ok
19:36:54.0912 3892 [ 24F64343F14A119308456E1CA7507B26 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
19:36:55.0130 3892 NETw5s64 - ok
19:36:55.0177 3892 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:36:55.0193 3892 nfrd960 - ok
19:36:55.0224 3892 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:36:55.0255 3892 NlaSvc - ok
19:36:55.0271 3892 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:36:55.0317 3892 Npfs - ok
19:36:55.0333 3892 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:36:55.0380 3892 nsi - ok
19:36:55.0395 3892 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:36:55.0473 3892 nsiproxy - ok
19:36:55.0520 3892 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:36:55.0583 3892 Ntfs - ok
19:36:55.0614 3892 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:36:55.0676 3892 Null - ok
19:36:55.0707 3892 [ F5BC2345E8C89D4E90FAFD23A2239935 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:36:55.0723 3892 nusb3hub - ok
19:36:55.0754 3892 [ 5D42578241BC2A9B4A64837077436D5F ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:36:55.0785 3892 nusb3xhc - ok
19:36:56.0051 3892 [ 70E89A21827B2669AF906B703C7C48B5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:36:56.0409 3892 nvlddmkm - ok
19:36:56.0456 3892 [ 4B9C0C2BF78289513101EB0D44834701 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
19:36:56.0456 3892 nvpciflt - ok
19:36:56.0487 3892 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:36:56.0503 3892 nvraid - ok
19:36:56.0534 3892 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:36:56.0550 3892 nvstor - ok
19:36:56.0612 3892 [ E04FCE1D149CF05C3449E3171F9C3E41 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:36:56.0643 3892 nvsvc - ok
19:36:56.0737 3892 [ D96DDEA6C699A99832E0186057801971 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:36:56.0784 3892 nvUpdatusService - ok
19:36:56.0815 3892 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:36:56.0831 3892 nv_agp - ok
19:36:56.0862 3892 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:36:56.0877 3892 ohci1394 - ok
19:36:56.0955 3892 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:36:56.0971 3892 ose - ok
19:36:57.0158 3892 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:36:57.0236 3892 osppsvc - ok
19:36:57.0267 3892 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:36:57.0330 3892 p2pimsvc - ok
19:36:57.0345 3892 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:36:57.0377 3892 p2psvc - ok
19:36:57.0408 3892 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:36:57.0423 3892 Parport - ok
19:36:57.0455 3892 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:36:57.0470 3892 partmgr - ok
19:36:57.0501 3892 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:36:57.0533 3892 PcaSvc - ok
19:36:57.0548 3892 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:36:57.0564 3892 pci - ok
19:36:57.0579 3892 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:36:57.0595 3892 pciide - ok
19:36:57.0611 3892 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:36:57.0626 3892 pcmcia - ok
19:36:57.0642 3892 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:36:57.0657 3892 pcw - ok
19:36:57.0689 3892 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:36:57.0735 3892 PEAUTH - ok
19:36:57.0829 3892 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:36:57.0876 3892 PerfHost - ok
19:36:57.0938 3892 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:36:58.0032 3892 pla - ok
19:36:58.0079 3892 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:36:58.0110 3892 PlugPlay - ok
19:36:58.0141 3892 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:36:58.0157 3892 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:36:58.0172 3892 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:36:58.0188 3892 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:36:58.0219 3892 PNRPAutoReg - ok
19:36:58.0235 3892 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:36:58.0250 3892 PNRPsvc - ok
19:36:58.0281 3892 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:36:58.0344 3892 PolicyAgent - ok
19:36:58.0375 3892 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:36:58.0437 3892 Power - ok
19:36:58.0469 3892 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:36:58.0515 3892 PptpMiniport - ok
19:36:58.0547 3892 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:36:58.0562 3892 Processor - ok
19:36:58.0593 3892 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
19:36:58.0640 3892 ProfSvc - ok
19:36:58.0656 3892 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:36:58.0671 3892 ProtectedStorage - ok
19:36:58.0703 3892 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:36:58.0765 3892 Psched - ok
19:36:58.0827 3892 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:36:58.0890 3892 ql2300 - ok
19:36:58.0921 3892 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:36:58.0937 3892 ql40xx - ok
19:36:58.0952 3892 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:36:58.0983 3892 QWAVE - ok
19:36:58.0983 3892 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:36:59.0015 3892 QWAVEdrv - ok
19:36:59.0030 3892 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:36:59.0061 3892 RasAcd - ok
19:36:59.0108 3892 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:36:59.0171 3892 RasAgileVpn - ok
19:36:59.0202 3892 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:36:59.0249 3892 RasAuto - ok
19:36:59.0280 3892 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:36:59.0311 3892 Rasl2tp - ok
19:36:59.0358 3892 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:36:59.0436 3892 RasMan - ok
19:36:59.0467 3892 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:36:59.0514 3892 RasPppoe - ok
19:36:59.0529 3892 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:36:59.0576 3892 RasSstp - ok
19:36:59.0607 3892 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:36:59.0670 3892 rdbss - ok
19:36:59.0685 3892 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:36:59.0701 3892 rdpbus - ok
19:36:59.0732 3892 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:36:59.0779 3892 RDPCDD - ok
19:36:59.0779 3892 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:36:59.0826 3892 RDPENCDD - ok
19:36:59.0841 3892 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:36:59.0873 3892 RDPREFMP - ok
19:36:59.0904 3892 [ 6D76E6433574B058ADCB0C50DF834492 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:36:59.0919 3892 RDPWD - ok
19:36:59.0935 3892 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:36:59.0951 3892 rdyboost - ok
19:37:00.0013 3892 [ 0AA473966357C4A41B5EB19649EB6E5E ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:37:00.0044 3892 RegSrvc - ok
19:37:00.0075 3892 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:37:00.0169 3892 RemoteAccess - ok
19:37:00.0185 3892 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:37:00.0231 3892 RemoteRegistry - ok
19:37:00.0278 3892 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:37:00.0309 3892 RFCOMM - ok
19:37:00.0356 3892 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:37:00.0372 3892 RichVideo ( UnsignedFile.Multi.Generic ) - warning
19:37:00.0372 3892 RichVideo - detected UnsignedFile.Multi.Generic (1)
19:37:00.0403 3892 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:37:00.0450 3892 RpcEptMapper - ok
19:37:00.0481 3892 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:37:00.0497 3892 RpcLocator - ok
19:37:00.0528 3892 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:37:00.0575 3892 RpcSs - ok
19:37:00.0606 3892 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:37:00.0653 3892 rspndr - ok
19:37:00.0653 3892 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:37:00.0668 3892 SamSs - ok
19:37:00.0699 3892 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:37:00.0699 3892 sbp2port - ok
19:37:00.0731 3892 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:37:00.0793 3892 SCardSvr - ok
19:37:00.0824 3892 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:37:00.0871 3892 scfilter - ok
19:37:00.0902 3892 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:37:00.0980 3892 Schedule - ok
19:37:01.0027 3892 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:37:01.0089 3892 SCPolicySvc - ok
19:37:01.0121 3892 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:37:01.0152 3892 SDRSVC - ok
19:37:01.0230 3892 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
19:37:01.0277 3892 SDScannerService - ok
19:37:01.0323 3892 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:37:01.0355 3892 SDUpdateService - ok
19:37:01.0386 3892 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:37:01.0401 3892 SDWSCService - ok
19:37:01.0417 3892 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:37:01.0448 3892 secdrv - ok
19:37:01.0479 3892 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:37:01.0526 3892 seclogon - ok
19:37:01.0557 3892 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
19:37:01.0604 3892 SENS - ok
19:37:01.0620 3892 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:37:01.0635 3892 SensrSvc - ok
19:37:01.0651 3892 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:37:01.0682 3892 Serenum - ok
19:37:01.0729 3892 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:37:01.0760 3892 Serial - ok
19:37:01.0791 3892 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:37:01.0823 3892 sermouse - ok
19:37:01.0854 3892 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:37:01.0901 3892 SessionEnv - ok
19:37:01.0932 3892 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:37:01.0947 3892 sffdisk - ok
19:37:01.0963 3892 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:37:01.0994 3892 sffp_mmc - ok
19:37:02.0010 3892 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:37:02.0041 3892 sffp_sd - ok
19:37:02.0072 3892 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:37:02.0119 3892 sfloppy - ok
19:37:02.0150 3892 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:37:02.0228 3892 SharedAccess - ok
19:37:02.0275 3892 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:37:02.0322 3892 ShellHWDetection - ok
19:37:02.0337 3892 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
19:37:02.0353 3892 SiSGbeLH - ok
19:37:02.0369 3892 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:37:02.0384 3892 SiSRaid2 - ok
19:37:02.0415 3892 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:37:02.0415 3892 SiSRaid4 - ok
19:37:02.0493 3892 [ 0A0A0183711EFB04F9BCC32BB44471F2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:37:02.0509 3892 SkypeUpdate - ok
19:37:02.0525 3892 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:37:02.0571 3892 Smb - ok
19:37:02.0603 3892 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:37:02.0634 3892 SNMPTRAP - ok
19:37:02.0696 3892 [ 2114518E55B380A3ACC28B2C27FD499A ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
19:37:02.0805 3892 SNP2UVC - ok
19:37:02.0821 3892 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:37:02.0837 3892 spldr - ok
19:37:02.0868 3892 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:37:02.0899 3892 Spooler - ok
19:37:03.0008 3892 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:37:03.0071 3892 sppsvc - ok
19:37:03.0102 3892 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:37:03.0164 3892 sppuinotify - ok
19:37:03.0195 3892 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:37:03.0211 3892 srv - ok
19:37:03.0227 3892 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:37:03.0258 3892 srv2 - ok
19:37:03.0273 3892 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:37:03.0305 3892 srvnet - ok
19:37:03.0336 3892 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:37:03.0398 3892 SSDPSRV - ok
19:37:03.0445 3892 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
19:37:03.0461 3892 SSPORT - ok
19:37:03.0476 3892 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:37:03.0523 3892 SstpSvc - ok
19:37:03.0554 3892 Steam Client Service - ok
19:37:03.0601 3892 [ 8D01686AE82B466F4CD074F31F2942CA ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:37:03.0617 3892 Stereo Service - ok
19:37:03.0648 3892 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:37:03.0663 3892 stexstor - ok
19:37:03.0710 3892 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:37:03.0741 3892 stisvc - ok
19:37:03.0773 3892 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:37:03.0788 3892 swenum - ok
19:37:03.0819 3892 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:37:03.0866 3892 swprv - ok
19:37:03.0929 3892 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:37:04.0022 3892 SysMain - ok
19:37:04.0038 3892 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:37:04.0053 3892 TabletInputService - ok
19:37:04.0085 3892 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
19:37:04.0116 3892 tap0901t ( UnsignedFile.Multi.Generic ) - warning
19:37:04.0116 3892 tap0901t - detected UnsignedFile.Multi.Generic (1)
19:37:04.0131 3892 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:37:04.0209 3892 TapiSrv - ok
19:37:04.0241 3892 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:37:04.0303 3892 TBS - ok
19:37:04.0365 3892 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:37:04.0443 3892 Tcpip - ok
19:37:04.0490 3892 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:37:04.0537 3892 TCPIP6 - ok
19:37:04.0568 3892 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:37:04.0584 3892 tcpipreg - ok
19:37:04.0631 3892 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:37:04.0646 3892 TDPIPE - ok
19:37:04.0662 3892 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:37:04.0693 3892 TDTCP - ok
19:37:04.0724 3892 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:37:04.0787 3892 tdx - ok
19:37:04.0833 3892 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:37:04.0849 3892 TermDD - ok
19:37:04.0880 3892 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:37:04.0943 3892 TermService - ok
19:37:04.0974 3892 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:37:04.0989 3892 Themes - ok
19:37:05.0021 3892 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:37:05.0067 3892 THREADORDER - ok
19:37:05.0083 3892 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:37:05.0130 3892 TrkWks - ok
19:37:05.0192 3892 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:37:05.0255 3892 TrustedInstaller - ok
19:37:05.0270 3892 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:37:05.0333 3892 tssecsrv - ok
19:37:05.0395 3892 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:37:05.0426 3892 TsUsbFlt - ok
19:37:05.0473 3892 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:37:05.0520 3892 tunnel - ok
19:37:05.0598 3892 [ E7DE48979E275AB5E3E3B2489F9C5176 ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
19:37:05.0629 3892 TunngleService ( UnsignedFile.Multi.Generic ) - warning
19:37:05.0629 3892 TunngleService - detected UnsignedFile.Multi.Generic (1)
19:37:05.0660 3892 [ C45A3E051C65106A28982CAED125F855 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
19:37:05.0676 3892 TurboB - ok
19:37:05.0707 3892 [ BAEF86EBEAECE76573FA822DEA256F6C ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:37:05.0723 3892 TurboBoost - ok
19:37:05.0754 3892 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:37:05.0785 3892 uagp35 - ok
19:37:05.0816 3892 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:37:05.0879 3892 udfs - ok
19:37:05.0910 3892 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:37:05.0941 3892 UI0Detect - ok
19:37:05.0972 3892 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:37:05.0988 3892 uliagpkx - ok
19:37:06.0003 3892 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:37:06.0035 3892 umbus - ok
19:37:06.0066 3892 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:37:06.0097 3892 UmPass - ok
19:37:06.0191 3892 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:37:06.0253 3892 UNS ( UnsignedFile.Multi.Generic ) - warning
19:37:06.0253 3892 UNS - detected UnsignedFile.Multi.Generic (1)
19:37:06.0284 3892 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:37:06.0331 3892 upnphost - ok
19:37:06.0362 3892 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:37:06.0362 3892 usbccgp - ok
19:37:06.0393 3892 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:37:06.0440 3892 usbcir - ok
19:37:06.0471 3892 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:37:06.0487 3892 usbehci - ok
19:37:06.0534 3892 [ AACB7661C3137DC069CB7FD9EAB1062E ] usbet C:\Windows\system32\DRIVERS\ETdrv.sys
19:37:06.0565 3892 usbet - ok
19:37:06.0612 3892 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:37:06.0643 3892 usbhub - ok
19:37:06.0674 3892 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:37:06.0674 3892 usbohci - ok
19:37:06.0721 3892 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:37:06.0752 3892 usbprint - ok
19:37:06.0815 3892 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:37:06.0846 3892 usbscan - ok
19:37:06.0877 3892 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:37:06.0908 3892 USBSTOR - ok
19:37:06.0924 3892 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:37:06.0939 3892 usbuhci - ok
19:37:06.0986 3892 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:37:07.0017 3892 usbvideo - ok
19:37:07.0049 3892 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:37:07.0127 3892 UxSms - ok
19:37:07.0127 3892 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:37:07.0142 3892 VaultSvc - ok
19:37:07.0158 3892 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:37:07.0173 3892 vdrvroot - ok
19:37:07.0205 3892 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:37:07.0298 3892 vds - ok
19:37:07.0329 3892 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:37:07.0345 3892 vga - ok
19:37:07.0361 3892 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:37:07.0407 3892 VgaSave - ok
19:37:07.0439 3892 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:37:07.0454 3892 vhdmp - ok
19:37:07.0470 3892 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:37:07.0485 3892 viaide - ok
19:37:07.0501 3892 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:37:07.0517 3892 volmgr - ok
19:37:07.0548 3892 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:37:07.0563 3892 volmgrx - ok
19:37:07.0579 3892 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:37:07.0610 3892 volsnap - ok
19:37:07.0673 3892 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:37:07.0688 3892 vsmraid - ok
19:37:07.0735 3892 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:37:07.0860 3892 VSS - ok
19:37:07.0891 3892 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:37:07.0907 3892 vwifibus - ok
19:37:07.0907 3892 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:37:07.0938 3892 vwififlt - ok
19:37:07.0969 3892 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:37:08.0000 3892 vwifimp - ok
19:37:08.0063 3892 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:37:08.0141 3892 W32Time - ok
19:37:08.0172 3892 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:37:08.0203 3892 WacomPen - ok
19:37:08.0219 3892 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:37:08.0265 3892 WANARP - ok
19:37:08.0265 3892 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:37:08.0312 3892 Wanarpv6 - ok
19:37:08.0375 3892 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:37:08.0437 3892 WatAdminSvc - ok
19:37:08.0484 3892 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:37:08.0577 3892 wbengine - ok
19:37:08.0609 3892 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:37:08.0624 3892 WbioSrvc - ok
19:37:08.0655 3892 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:37:08.0687 3892 wcncsvc - ok
19:37:08.0718 3892 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:37:08.0749 3892 WcsPlugInService - ok
19:37:08.0765 3892 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:37:08.0780 3892 Wd - ok
19:37:08.0811 3892 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:37:08.0843 3892 Wdf01000 - ok
19:37:08.0858 3892 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:37:08.0921 3892 WdiServiceHost - ok
19:37:08.0921 3892 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:37:08.0952 3892 WdiSystemHost - ok
19:37:08.0967 3892 [ 5B34E5938B9E76798977725E3F7847C4 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
19:37:08.0983 3892 wdkmd - ok
19:37:09.0014 3892 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:37:09.0045 3892 WebClient - ok
19:37:09.0077 3892 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:37:09.0108 3892 Wecsvc - ok
19:37:09.0123 3892 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:37:09.0201 3892 wercplsupport - ok
19:37:09.0217 3892 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:37:09.0264 3892 WerSvc - ok
19:37:09.0295 3892 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:37:09.0326 3892 WfpLwf - ok
19:37:09.0373 3892 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:37:09.0389 3892 WimFltr - ok
19:37:09.0404 3892 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:37:09.0420 3892 WIMMount - ok
19:37:09.0435 3892 WinDefend - ok
19:37:09.0435 3892 WinHttpAutoProxySvc - ok
19:37:09.0498 3892 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:37:09.0560 3892 Winmgmt - ok
19:37:09.0638 3892 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:37:09.0763 3892 WinRM - ok
19:37:09.0825 3892 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:37:09.0888 3892 Wlansvc - ok
19:37:09.0997 3892 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:37:10.0059 3892 wlidsvc - ok
19:37:10.0075 3892 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:37:10.0091 3892 WmiAcpi - ok
19:37:10.0122 3892 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:37:10.0153 3892 wmiApSrv - ok
19:37:10.0184 3892 WMPNetworkSvc - ok
19:37:10.0215 3892 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:37:10.0247 3892 WPCSvc - ok
19:37:10.0278 3892 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:37:10.0293 3892 WPDBusEnum - ok
19:37:10.0325 3892 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:37:10.0387 3892 ws2ifsl - ok
19:37:10.0403 3892 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
19:37:10.0418 3892 wscsvc - ok
19:37:10.0418 3892 WSearch - ok
19:37:10.0496 3892 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:37:10.0574 3892 wuauserv - ok
19:37:10.0605 3892 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:37:10.0621 3892 WudfPf - ok
19:37:10.0637 3892 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:37:10.0652 3892 WUDFRd - ok
19:37:10.0683 3892 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:37:10.0699 3892 wudfsvc - ok
19:37:10.0730 3892 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:37:10.0746 3892 WwanSvc - ok
19:37:10.0808 3892 ================ Scan global ===============================
19:37:10.0839 3892 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:37:10.0871 3892 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:37:10.0886 3892 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:37:10.0902 3892 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:37:10.0917 3892 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:37:10.0933 3892 [Global] - ok
19:37:10.0933 3892 ================ Scan MBR ==================================
19:37:10.0933 3892 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:37:11.0432 3892 \Device\Harddisk0\DR0 - ok
19:37:11.0432 3892 ================ Scan VBR ==================================
19:37:11.0448 3892 [ 98B95949013FED8DCDA486A594A3C54E ] \Device\Harddisk0\DR0\Partition1
19:37:11.0448 3892 \Device\Harddisk0\DR0\Partition1 - ok
19:37:11.0463 3892 [ DD81AEDD491648F30F15C184853BF332 ] \Device\Harddisk0\DR0\Partition2
19:37:11.0479 3892 \Device\Harddisk0\DR0\Partition2 - ok
19:37:11.0479 3892 ============================================================
19:37:11.0479 3892 Scan finished
19:37:11.0479 3892 ============================================================
19:37:11.0495 8964 Detected object count: 10
19:37:11.0495 8964 Actual detected object count: 10
19:38:01.0401 8964 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0401 8964 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0411 8964 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0411 8964 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0411 8964 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0411 8964 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0411 8964 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0411 8964 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0411 8964 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0411 8964 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0421 8964 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0421 8964 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0421 8964 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0421 8964 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0421 8964 tap0901t ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0421 8964 tap0901t ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0421 8964 TunngleService ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0421 8964 TunngleService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:38:01.0421 8964 UNS ( UnsignedFile.Multi.Generic ) - skipped by user
19:38:01.0421 8964 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
| Themen zu PC "hängt" sich bei jedem zweiten Start auf |
| adobe reader xi, bho, browser, browser manager, entfernen, error, fehler, firefox, flash player, helper, hijack, home, hängt, install.exe, kaspersky, langsam, logfile, nvpciflt.sys, plug-in, problem, prozess, realtek, registry, safer networking, scan, security, software, svchost.exe, tastatur, teamspeak, windows |
Linear-Darstellung
