| |
| |||||||
Log-Analyse und Auswertung: DomaIQ,ESN Sonar und andere Adware entfernen!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.06.2013, 15:03
| #1 |
 |  DomaIQ,ESN Sonar und andere Adware entfernen! Hallo Leute! Ich bin neu hier und bin auf euer Forum gestoßen, weil ich ein underwünschtes Programm auf meinem Rechner gefunden habe und zwar DomaIQ. Ich habe schon einiges dazu hier im Forum gefunden und auch schon einmal den Windows Defender durchlaufen lassen und danach noch den ADW Cleaner. Ich muss noch dazu sagen, dass während des Zockens oder Schreibens im Chat meine Tastaur nicht mehr reagiert hat oder mein PC einfach ein Spiel von selbst beendet hat. Hier sind mal die Log Dateien vom ADW Cleaner... Dieser fand folgendes beim Scan:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 09/06/2013 um 15:36:33 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Mathias - MATHIAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mathias\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\4ot22z16.default\bprotector_prefs.js
Ordner Gefunden : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\BrowserProtect
Ordner Gefunden : C:\Users\Mathias\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Mathias\AppData\Roaming\dvdvideosoftiehelpers
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\BabSolution
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\5a2d9deb23ae947
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\5a2d9deb23ae947
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKU\S-1-5-21-722349343-1642430871-824614816-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www1.delta-search.com/?affID=120519&tt=gc_150213_neue&babsrc=HP_ss&mntrId=14776470020DE476
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\4ot22z16.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [3243 octets] - [09/06/2013 15:36:33]
########## EOF - C:\AdwCleaner[R1].txt - [3303 octets] ##########
Nach dem löschen stand dieser Log da:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 09/06/2013 um 15:37:24 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Mathias - MATHIAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mathias\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\4ot22z16.default\bprotector_prefs.js
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Users\Mathias\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Mathias\AppData\Roaming\dvdvideosoftiehelpers
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\5a2d9deb23ae947
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5a2d9deb23ae947
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\4ot22z16.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [3366 octets] - [09/06/2013 15:36:33]
AdwCleaner[S1].txt - [3017 octets] - [09/06/2013 15:37:24]
########## EOF - C:\AdwCleaner[S1].txt - [3077 octets] ##########
Ich habe auch noch ein Programm gefunden, das ESN Sonar heißt, dieses leider nicht vom ADW Cleaner entfernt wurde. Ich hoffe ich hab alles soweit zusammengefasst und dass ihr mir helfen könnt. Falls ich was falsch gemacht habe nehmts mir bitte nicht übel  Liebe Grüße Matze Edit: Was ich noch vergessen habe zu erwähnen... Einige Desktopverknüpfungen wie z.B. von Spielen und Anwendungen sind verschwunden, weiß ja nicht ob das in Zusammenhang stehen könnte. Geändert von Mathaeu89 (09.06.2013 um 15:09 Uhr) |
|
09.06.2013, 15:14
| #2 |
| /// Malware-holic   |  DomaIQ,ESN Sonar und andere Adware entfernen! Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
09.06.2013, 15:57
| #3 |
| | DomaIQ,ESN Sonar und andere Adware entfernen! OTL.txtOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 09.06.2013 16:41:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mathias\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 79,47% Memory free 15,96 Gb Paging File | 14,11 Gb Available in Paging File | 88,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 409,29 Gb Free Space | 87,90% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 276,58 Gb Free Space | 59,38% Space Free | Partition Type: NTFS Drive E: | 3,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MATHIAS-PC | User Name: Mathias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.09 16:39:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Downloads\OTL.exe PRC - [2012.11.12 12:45:22 | 001,104,824 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.09.23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012.08.03 07:27:50 | 000,027,792 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.05.18 14:57:52 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.09.23 21:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.06.16 04:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS) SRV - [2012.05.29 14:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.04 16:01:42 | 000,139,352 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2013.03.04 14:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.19 22:43:51 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.11.19 22:43:51 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.11.15 21:11:34 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.07 09:09:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2012.08.07 09:09:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2012.08.03 07:27:44 | 002,206,352 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2012.07.06 04:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012.07.06 04:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012.06.27 10:37:56 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2012.06.27 10:37:56 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2012.06.27 10:37:56 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2012.06.27 10:37:56 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2012.06.27 10:37:56 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2012.06.07 06:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012.06.05 07:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2012.05.22 03:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA) DRV:64bit: - [2012.04.18 04:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS) DRV:64bit: - [2012.04.18 03:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.03.30 16:49:08 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.09.16 09:12:58 | 000,032,360 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan620.sys -- (RTVLANPT) DRV:64bit: - [2011.08.16 00:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS) DRV:64bit: - [2011.06.15 15:11:20 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM) DRV:64bit: - [2011.06.15 15:11:20 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT) DRV:64bit: - [2011.06.15 15:11:20 | 000,027,136 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60) DRV:64bit: - [2011.04.20 04:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2008.01.17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa) DRV - [2013.05.31 18:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130531.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.05.22 14:12:37 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130608.009\ex64.sys -- (NAVEX15) DRV - [2013.05.22 14:12:36 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130608.009\eng64.sys -- (NAVENG) DRV - [2013.03.04 16:01:42 | 000,139,352 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2013.01.13 22:00:34 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012.11.16 17:18:06 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.11.14 17:31:52 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130607.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.05.08 16:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 47 CB FD 4C 2E CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2012.11.15 21:11:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2013.06.09 15:40:19 | 000,000,000 | ---D | M] [2013.05.17 17:52:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions [2013.05.15 15:20:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.05.17 17:51:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.17 17:51:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06B8FD60-EEC9-4A97-8EE0-38221C66B977}: DhcpNameServer = 192.168.2.1 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.02.15 10:20:36 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ] O33 - MountPoints2\{3edb3448-2f8c-11e2-af8a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3edb3448-2f8c-11e2-af8a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2007.02.28 04:23:41 | 000,537,332 | R--- | M] (THQ ) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.06.04 21:36:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\S.T.A.L.K.E.R. - Call of Pripyat [2013.06.04 20:06:15 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2013.06.04 19:56:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\STALKER-SHOC [2013.05.29 22:04:04 | 000,000,000 | ---D | C] -- C:\MappedFiles [2013.05.28 17:23:08 | 000,000,000 | -HSD | C] -- C:\found.000 [2013.05.19 16:59:45 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.05.19 16:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.05.19 16:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.05.18 14:46:29 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Macromedia [2013.05.17 17:54:07 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\ESN [2013.05.17 17:51:52 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Mozilla [2013.05.17 17:51:52 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Mozilla [2013.05.15 15:21:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.05.15 15:21:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.05.15 15:20:42 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\player [2013.05.15 15:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.09 15:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.09 15:47:16 | 000,015,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 15:47:16 | 000,015,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 15:41:15 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2013.06.09 15:39:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.09 15:39:29 | 2132,729,855 | -HS- | M] () -- C:\hiberfil.sys [2013.06.04 21:55:48 | 000,006,612 | ---- | M] () -- C:\Users\Public\Documents\s.t.a.l.k.e.r.ltx [2013.06.04 20:06:15 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2013.05.31 20:30:27 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.31 20:30:27 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.31 20:30:27 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.31 20:30:27 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.31 20:30:27 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.27 19:49:15 | 000,311,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.19 20:51:01 | 000,001,969 | ---- | M] () -- C:\Users\Mathias\Desktop\Skype.lnk [2013.05.17 17:51:47 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.04 21:55:48 | 000,006,612 | ---- | C] () -- C:\Users\Public\Documents\s.t.a.l.k.e.r.ltx [2013.05.19 20:51:01 | 000,001,969 | ---- | C] () -- C:\Users\Mathias\Desktop\Skype.lnk [2013.05.18 14:44:13 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.17 17:51:46 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.10 20:34:41 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2013.01.26 22:50:34 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2012.12.01 02:25:16 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.11.30 23:17:44 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.11.20 00:34:52 | 000,001,017 | ---- | C] () -- C:\Windows\eReg.dat [2012.11.18 19:56:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.11.18 19:49:56 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.11.18 19:49:56 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.11.18 19:49:56 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.10.29 13:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.10.29 13:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.10.29 13:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.10.29 13:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.10.29 13:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.11.20 03:50:41 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Bioshock2 [2012.11.23 15:03:41 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Canon [2012.12.05 22:34:31 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Command & Conquer 3 Kanes Rache [2013.02.08 23:57:35 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Command & Conquer 3 Tiberium Wars [2012.11.19 15:15:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DVDVideoSoft [2012.11.20 14:02:17 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Lionhead Studios [2012.11.20 02:47:52 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Origin [2013.06.09 15:34:21 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\player [2013.01.26 23:07:41 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Red Alert 3 [2013.04.06 15:48:17 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Samsung [2012.12.21 17:32:48 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\TS3Client [2012.11.18 23:52:22 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\TuneUp Software [2012.11.21 22:29:42 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Wargaming.net [2012.11.19 16:26:50 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.11.19 20:10:53 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.11.19 20:08:17 | 000,000,000 | ---D | M] -- C:\AMD [2013.03.10 20:38:39 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp [2013.06.09 15:39:28 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2012.12.02 01:32:10 | 000,000,000 | ---D | M] -- C:\Crash [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.11.15 03:30:14 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.05.28 17:23:08 | 000,000,000 | -HSD | M] -- C:\found.000 [2013.05.29 22:04:04 | 000,000,000 | ---D | M] -- C:\MappedFiles [2012.11.15 21:40:15 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.06.09 15:32:36 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.09 16:11:03 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.06.09 15:37:30 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.11.15 03:30:14 | 000,000,000 | -HSD | M] -- C:\Programme [2012.11.15 03:30:14 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.06.09 16:42:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.06 00:44:07 | 000,000,000 | ---D | M] -- C:\Temp [2012.11.15 03:30:20 | 000,000,000 | R--D | M] -- C:\Users [2013.06.09 15:39:25 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013.05.18 14:44:13 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_c065a1006c648409\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.06.09 16:50:32 | 001,835,008 | -HS- | M] () -- C:\Users\Mathias\ntuser.dat [2013.06.09 16:50:32 | 000,262,144 | -HS- | M] () -- C:\Users\Mathias\ntuser.dat.LOG1 [2012.11.15 03:30:21 | 000,000,000 | -HS- | M] () -- C:\Users\Mathias\ntuser.dat.LOG2 [2012.11.15 03:40:24 | 000,065,536 | -HS- | M] () -- C:\Users\Mathias\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.11.15 03:40:24 | 000,524,288 | -HS- | M] () -- C:\Users\Mathias\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.11.15 03:40:24 | 000,524,288 | -HS- | M] () -- C:\Users\Mathias\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2013.06.07 22:30:48 | 000,065,536 | -HS- | M] () -- C:\Users\Mathias\ntuser.dat{ec84cf90-cfa2-11e2-be9e-902b34961be1}.TM.blf [2013.06.07 22:30:48 | 000,524,288 | -HS- | M] () -- C:\Users\Mathias\ntuser.dat{ec84cf90-cfa2-11e2-be9e-902b34961be1}.TMContainer00000000000000000001.regtrans-ms [2013.06.07 22:30:48 | 000,524,288 | -HS- | M] () -- C:\Users\Mathias\ntuser.dat{ec84cf90-cfa2-11e2-be9e-902b34961be1}.TMContainer00000000000000000002.regtrans-ms [2012.11.15 03:30:21 | 000,000,020 | -HS- | M] () -- C:\Users\Mathias\ntuser.ini [2012.11.23 15:01:16 | 000,000,000 | ---- | M] () -- C:\Users\Mathias\Sti_Trace.log [2012.11.15 03:43:59 | 000,000,390 | ---- | M] () -- C:\Users\Mathias\UpgKit.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > Extra.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.06.2013 16:41:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mathias\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 6,34 Gb Available Physical Memory | 79,47% Memory free
15,96 Gb Paging File | 14,11 Gb Available in Paging File | 88,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 409,29 Gb Free Space | 87,90% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 276,58 Gb Free Space | 59,38% Space Free | Partition Type: NTFS
Drive E: | 3,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MATHIAS-PC | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B3F5164-56A9-42F0-836A-8E7A72EFB6FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2BA4D66E-5587-40A1-A24E-74ACED53E760}" = rport=137 | protocol=17 | dir=out | app=system |
"{32558689-26D2-49B8-AFC1-DBB30671C48F}" = lport=138 | protocol=17 | dir=in | app=system |
"{4350B814-44B5-4562-94C7-26B43A5CD353}" = lport=137 | protocol=17 | dir=in | app=system |
"{6A66F32C-FD8C-443A-9988-5E716CA2ACFA}" = rport=445 | protocol=6 | dir=out | app=system |
"{86C227BF-4CAF-4414-AC8C-A3F2BAB4B681}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9AECED02-54A2-4873-BFF9-BECF0C0A0C3C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9D7FCAE7-1FD4-48C4-9908-AF679052C048}" = rport=138 | protocol=17 | dir=out | app=system |
"{A1A36DB8-B016-4C09-B65A-745C627246F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AB25E422-C0D3-4F71-9D11-FEE9303FDBE6}" = lport=139 | protocol=6 | dir=in | app=system |
"{BB623040-1750-459F-9440-BD94816BF8A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BBDB120A-1C1E-4B3D-B990-C3F472ABAB07}" = rport=139 | protocol=6 | dir=out | app=system |
"{E0D3489A-C63F-4C38-8A21-8D23B692D2F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8951831-5985-4102-AAAC-A0D5E7B2AE2B}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F3CD36-CD67-4F20-AA4E-3DFC4728893B}" = dir=in | app=d:\electronic arts\command & conquer 3 kanes rache\retailexe\1.0\cnc3ep1.dat |
"{062E9FD6-839B-45B6-850C-EAB179D53340}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0D23EF03-1F5C-4980-B4FC-965397B58AD2}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{0D2BDC94-B8EF-40E6-A8C4-D4ECE2EA6EEF}" = protocol=17 | dir=in | app=d:\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{123B2821-BEFC-42C4-B97D-9E32E57D6E57}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{132D2E93-C9E3-4213-B689-14801A3EC74F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{198E7274-DAE9-4394-BDC2-62C41B4B1D8F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{1C937329-4EDC-47FF-9313-370EFA32CE68}" = protocol=17 | dir=in | app=d:\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{1CB28307-CA2D-4612-9BD4-CBA14F91E29A}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{1F7827C8-EAA8-4DFD-A206-A3A61563A9D9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{21470E3C-BBE2-410C-8A78-880045D834E2}" = protocol=17 | dir=in | app=d:\reliccoh.exe |
"{24823321-650B-4115-844E-9B559E97D2C8}" = protocol=6 | dir=in | app=d:\microsoft games\age of empires iii\age3x.exe |
"{287DEBEB-4B3E-4782-BF77-0768D8D0063A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2F64C19F-EB85-4BA6-AB07-AA1C8FC986AD}" = protocol=17 | dir=in | app=d:\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{350CAB7E-31D1-4A07-813C-38805C95E737}" = protocol=6 | dir=in | app=d:\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{356F14DE-4506-4753-BF1C-2C598855E9DB}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{40E4ABD3-46A7-40B5-B0DF-72ACAED39CDF}" = protocol=6 | dir=in | app=d:\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{43BD0980-8AC0-4F61-99DA-8A7C516A02E4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\empire total war\empire.exe |
"{5174136A-7D14-48E5-BFF1-9ECA3CA288BB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\silent hill homecoming\bin\silenthill.exe |
"{528811C9-73DE-450E-B8D8-915F41B156A1}" = protocol=17 | dir=in | app=d:\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{575A7104-9C64-4851-A473-16ED81CD2368}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\empire total war\empire.exe |
"{5C961B60-552C-4037-9243-29D3D6E74F8B}" = protocol=17 | dir=in | app=d:\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{6176ADA0-28F8-4323-B768-4BCAC073D77B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6B15FBFE-3654-465C-AE8B-7B7A4339490F}" = protocol=6 | dir=in | app=d:\relicdownloader\relicdownloader.exe |
"{6D8D8551-6641-4575-BC3A-10F068A033A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{743360E8-74DD-4E11-95AC-5B02B480CF76}" = protocol=6 | dir=in | app=d:\reliccoh.exe |
"{79A586FC-2BAF-4C47-A2AB-2BDF77A31E48}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{81736BA6-EA85-4DE7-9D7A-F7D8DDCF1168}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8372DBE9-29C9-4AF5-957E-41380C6013A0}" = protocol=6 | dir=in | app=d:\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe |
"{863EB5BC-82D2-41F1-AC43-D3BE42A4FD45}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\silent hill homecoming\bin\silenthill.exe |
"{8A2853A2-85B2-4CF9-AB5E-E44601A951F4}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\risen 2\system\risen2.exe |
"{8C60EED4-8882-4065-BA1D-39F3A3CCE160}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{90EA2DE6-5F11-4180-8C06-D19FB773C170}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{94F00352-E1FD-4E7A-A9CF-E19C289F8D47}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{9524151A-CC02-458A-BF2E-9601C1DFDA84}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe |
"{A27B506C-98E5-4C5F-8AB1-9A1BA0C77C52}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{B8E1C398-5E8B-49B7-BEF3-B553DB1D3688}" = protocol=17 | dir=in | app=d:\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{B98BB8F1-D307-47A4-BC5A-867DE22E8C4C}" = protocol=6 | dir=in | app=d:\microsoft games\age of empires iii\age3.exe |
"{BBFA5E09-5CD5-4F84-AAD6-889E926097EB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C5AF7D28-91B9-4AD7-ABA8-5EDC2441E680}" = protocol=6 | dir=in | app=d:\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe |
"{D5CBDF81-7C27-42F3-80E1-83B0A3E677A6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\risen 2\system\risen2.exe |
"{DA624D84-5CCB-4977-AB5E-731693A5FCF5}" = protocol=17 | dir=in | app=d:\microsoft games\age of empires iii\age3.exe |
"{DB04467C-149A-4CC6-AB81-3FD082F0271B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DD8271C9-4BD9-4C3F-BF3C-75CB1D6087A2}" = protocol=17 | dir=in | app=d:\relicdownloader\relicdownloader.exe |
"{E240F278-66F0-48C1-B3A6-A894F868D8F3}" = protocol=6 | dir=in | app=d:\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe |
"{E33A361A-9D05-49C1-AC6E-69F5AC4B9403}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe |
"{E3E60279-C329-4A30-A909-65FDDA5C32A2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E7A8336F-6276-42B1-B694-4A425433FE36}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{EFAEB453-679C-48DD-A770-443FAAD98A52}" = protocol=6 | dir=in | app=d:\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{F123978A-AAF9-44F8-88D6-712095CD96C5}" = protocol=17 | dir=in | app=d:\microsoft games\age of empires iii\age3x.exe |
"TCP Query User{2D95CAF6-7BAA-47A7-8697-D3B92F01243A}D:\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=d:\world_of_tanks\wotlauncher.exe |
"TCP Query User{7389710E-A5E7-43DC-A6CB-2DA44F25E205}D:\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=d:\world_of_tanks\worldoftanks.exe |
"UDP Query User{9376D6C6-1B3F-4C5F-A92B-2903DF02E968}D:\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=d:\world_of_tanks\wotlauncher.exe |
"UDP Query User{CCCA88F9-C9FC-4126-9F16-4204113C04B1}D:\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=d:\world_of_tanks\worldoftanks.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}" = AMD Steady Video Plug-In
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{62FE0726-9652-4CD2-9F09-C769D8699C21}" = TL-WN822N/TL-WN821N Driver
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CBB0ABFB-4668-4172-952D-2CEF5C14F4D2}" = Command & Conquer™ Die ersten 10 Jahre-Patch 1.02
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}" = SimCity™ Societies Reisewelten
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DADC7AB0-E554-4705-9F6A-83EA82ED708E}" = Realtek Ethernet Diagnostic Utility
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EE74D039-45D7-44E9-BF95-B9CFB015964F_P1}_is1" = ArcaniA - Gothic 4 Patch
"{EE74D039-45D7-44E9-BF95-B9CFB015964F_P1Sec}_is1" = ArcaniA - Gothic 4 Patch
"{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1" = ArcaniA - Gothic 4 Hotfix
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows 7 x64 Signed Files
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Stalker Complete 2009 v1.4.4}}_is1" = Stalker Complete 2009 v1.4.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"ArcaniA" = ArcaniA - Gothic 4
"CloneDVD2" = CloneDVD2
"Company of Heroes" = Company of Heroes
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.35.1031
"FrostWire 5" = FrostWire 5.5.4
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies(TM)
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NIS" = Norton Internet Security
"OpenTTD" = OpenTTD 1.2.3
"Origin" = Origin
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
"S2TNG" = Die Siedler II - Die nächste Generation
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 19000" = Silent Hill: Homecoming
"Steam App 220" = Half-Life 2
"Steam App 40390" = Risen 2 - Dark Waters
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-d:/PlanetSide 2 PSG" = gamelauncher-ps2-psg
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.06.2013 14:49:28 | Computer Name = Mathias-PC | Source = ESENT | ID = 455
Description = Windows (2516) Windows: Fehler -1811 beim Öffnen von Protokolldatei
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00036.log.
Error - 01.06.2013 14:49:29 | Computer Name = Mathias-PC | Source = Windows Search Service | ID = 9000
Description =
Error - 01.06.2013 14:49:29 | Computer Name = Mathias-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 01.06.2013 14:49:29 | Computer Name = Mathias-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 01.06.2013 14:49:29 | Computer Name = Mathias-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 01.06.2013 14:49:29 | Computer Name = Mathias-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 01.06.2013 14:49:30 | Computer Name = Mathias-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 01.06.2013 14:49:30 | Computer Name = Mathias-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 01.06.2013 14:49:30 | Computer Name = Mathias-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 01.06.2013 14:49:30 | Computer Name = Mathias-PC | Source = Windows Search Service | ID = 7010
Description =
[ System Events ]
Error - 31.05.2013 13:57:35 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 31.05.2013 13:57:35 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 31.05.2013 13:57:36 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 31.05.2013 13:57:36 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 31.05.2013 13:57:36 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 31.05.2013 13:57:36 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 31.05.2013 13:57:36 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 31.05.2013 13:58:00 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 31.05.2013 13:59:00 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
Error - 31.05.2013 14:00:00 | Computer Name = Mathias-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht
gestartet: %%3
< End of report >
|
|
09.06.2013, 17:10
| #4 |
| /// Malware-holic | DomaIQ,ESN Sonar und andere Adware entfernen! Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.06.2013, 13:49
| #5 |
| | DomaIQ,ESN Sonar und andere Adware entfernen! 14:47:59.0129 3260 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 14:47:59.0359 3260 ============================================================ 14:47:59.0359 3260 Current date / time: 2013/06/10 14:47:59.0359 14:47:59.0359 3260 SystemInfo: 14:47:59.0359 3260 14:47:59.0359 3260 OS Version: 6.1.7601 ServicePack: 1.0 14:47:59.0359 3260 Product type: Workstation 14:47:59.0359 3260 ComputerName: MATHIAS-PC 14:47:59.0359 3260 UserName: Mathias 14:47:59.0359 3260 Windows directory: C:\Windows 14:47:59.0359 3260 System windows directory: C:\Windows 14:47:59.0359 3260 Running under WOW64 14:47:59.0359 3260 Processor architecture: Intel x64 14:47:59.0359 3260 Number of processors: 8 14:47:59.0359 3260 Page size: 0x1000 14:47:59.0359 3260 Boot type: Normal boot 14:47:59.0359 3260 ============================================================ 14:48:00.0439 3260 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 14:48:00.0449 3260 ============================================================ 14:48:00.0449 3260 \Device\Harddisk0\DR0: 14:48:00.0449 3260 MBR partitions: 14:48:00.0449 3260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 14:48:00.0449 3260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A350800 14:48:00.0449 3260 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3A383000, BlocksNum 0x3A383000 14:48:00.0449 3260 ============================================================ 14:48:00.0469 3260 C: <-> \Device\Harddisk0\DR0\Partition2 14:48:00.0499 3260 D: <-> \Device\Harddisk0\DR0\Partition3 14:48:00.0499 3260 ============================================================ 14:48:00.0499 3260 Initialize success 14:48:00.0499 3260 ============================================================ 14:48:06.0969 4620 ============================================================ 14:48:06.0969 4620 Scan started 14:48:06.0969 4620 Mode: Manual; SigCheck; TDLFS; 14:48:06.0969 4620 ============================================================ 14:48:07.0709 4620 ================ Scan system memory ======================== 14:48:07.0709 4620 System memory - ok 14:48:07.0709 4620 ================ Scan services ============================= 14:48:07.0829 4620 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 14:48:07.0869 4620 1394ohci - ok 14:48:07.0899 4620 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 14:48:07.0909 4620 ACPI - ok 14:48:07.0929 4620 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 14:48:07.0949 4620 AcpiPmi - ok 14:48:08.0009 4620 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 14:48:08.0019 4620 AdobeARMservice - ok 14:48:08.0179 4620 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:48:08.0189 4620 AdobeFlashPlayerUpdateSvc - ok 14:48:08.0229 4620 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 14:48:08.0239 4620 adp94xx - ok 14:48:08.0249 4620 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 14:48:08.0269 4620 adpahci - ok 14:48:08.0289 4620 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 14:48:08.0299 4620 adpu320 - ok 14:48:08.0319 4620 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:48:08.0339 4620 AeLookupSvc - ok 14:48:08.0389 4620 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 14:48:08.0399 4620 AFD - ok 14:48:08.0419 4620 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:48:08.0429 4620 agp440 - ok 14:48:08.0459 4620 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 14:48:08.0469 4620 ALG - ok 14:48:08.0479 4620 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 14:48:08.0489 4620 aliide - ok 14:48:08.0509 4620 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 14:48:08.0529 4620 AMD External Events Utility - ok 14:48:08.0569 4620 AMD FUEL Service - ok 14:48:08.0599 4620 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 14:48:08.0609 4620 amdide - ok 14:48:08.0619 4620 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys 14:48:08.0629 4620 amdiox64 - ok 14:48:08.0659 4620 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 14:48:08.0669 4620 AmdK8 - ok 14:48:08.0839 4620 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 14:48:08.0949 4620 amdkmdag - ok 14:48:09.0029 4620 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 14:48:09.0049 4620 amdkmdap - ok 14:48:09.0079 4620 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 14:48:09.0089 4620 AmdPPM - ok 14:48:09.0129 4620 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 14:48:09.0139 4620 amdsata - ok 14:48:09.0159 4620 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 14:48:09.0169 4620 amdsbs - ok 14:48:09.0179 4620 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 14:48:09.0189 4620 amdxata - ok 14:48:09.0219 4620 [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb C:\Windows\system32\Drivers\ssadadb.sys 14:48:09.0229 4620 androidusb - ok 14:48:09.0279 4620 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 14:48:09.0289 4620 AODDriver4.2 - ok 14:48:09.0329 4620 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 14:48:09.0349 4620 AppID - ok 14:48:09.0369 4620 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 14:48:09.0399 4620 AppIDSvc - ok 14:48:09.0419 4620 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 14:48:09.0429 4620 Appinfo - ok 14:48:09.0469 4620 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 14:48:09.0479 4620 arc - ok 14:48:09.0489 4620 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 14:48:09.0499 4620 arcsas - ok 14:48:09.0569 4620 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 14:48:09.0579 4620 aspnet_state - ok 14:48:09.0609 4620 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:48:09.0639 4620 AsyncMac - ok 14:48:09.0649 4620 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 14:48:09.0659 4620 atapi - ok 14:48:09.0709 4620 [ EA0AF9B866DF07E8FE6C2342585788B0 ] athur C:\Windows\system32\DRIVERS\athurx.sys 14:48:09.0729 4620 athur - ok 14:48:09.0779 4620 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 14:48:09.0789 4620 AtiHDAudioService - ok 14:48:09.0809 4620 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys 14:48:09.0819 4620 atksgt - ok 14:48:09.0869 4620 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:48:09.0899 4620 AudioEndpointBuilder - ok 14:48:09.0909 4620 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 14:48:09.0939 4620 AudioSrv - ok 14:48:09.0969 4620 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 14:48:09.0979 4620 AxInstSV - ok 14:48:10.0009 4620 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 14:48:10.0029 4620 b06bdrv - ok 14:48:10.0049 4620 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 14:48:10.0069 4620 b57nd60a - ok 14:48:10.0109 4620 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 14:48:10.0119 4620 BDESVC - ok 14:48:10.0129 4620 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 14:48:10.0159 4620 Beep - ok 14:48:10.0209 4620 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 14:48:10.0239 4620 BFE - ok 14:48:10.0329 4620 [ 6E10DB69DB1AA96207F4B14B18FF12F8 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130531.001\BHDrvx64.sys 14:48:10.0359 4620 BHDrvx64 - ok 14:48:10.0399 4620 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 14:48:10.0429 4620 BITS - ok 14:48:10.0449 4620 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 14:48:10.0459 4620 blbdrive - ok 14:48:10.0499 4620 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:48:10.0509 4620 bowser - ok 14:48:10.0539 4620 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:48:10.0549 4620 BrFiltLo - ok 14:48:10.0549 4620 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:48:10.0569 4620 BrFiltUp - ok 14:48:10.0599 4620 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 14:48:10.0609 4620 Browser - ok 14:48:10.0619 4620 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 14:48:10.0629 4620 Brserid - ok 14:48:10.0629 4620 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 14:48:10.0639 4620 BrSerWdm - ok 14:48:10.0649 4620 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 14:48:10.0659 4620 BrUsbMdm - ok 14:48:10.0669 4620 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 14:48:10.0679 4620 BrUsbSer - ok 14:48:10.0679 4620 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 14:48:10.0689 4620 BTHMODEM - ok 14:48:10.0719 4620 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 14:48:10.0739 4620 bthserv - ok 14:48:10.0799 4620 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys 14:48:10.0809 4620 ccSet_NIS - ok 14:48:10.0839 4620 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:48:10.0859 4620 cdfs - ok 14:48:10.0899 4620 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 14:48:10.0909 4620 cdrom - ok 14:48:10.0959 4620 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 14:48:10.0979 4620 CertPropSvc - ok 14:48:11.0009 4620 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 14:48:11.0019 4620 circlass - ok 14:48:11.0059 4620 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 14:48:11.0079 4620 CLFS - ok 14:48:11.0109 4620 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:48:11.0119 4620 clr_optimization_v2.0.50727_32 - ok 14:48:11.0139 4620 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:48:11.0149 4620 clr_optimization_v2.0.50727_64 - ok 14:48:11.0199 4620 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:48:11.0209 4620 clr_optimization_v4.0.30319_32 - ok 14:48:11.0219 4620 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:48:11.0229 4620 clr_optimization_v4.0.30319_64 - ok 14:48:11.0259 4620 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 14:48:11.0269 4620 CmBatt - ok 14:48:11.0279 4620 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:48:11.0289 4620 cmdide - ok 14:48:11.0349 4620 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 14:48:11.0369 4620 CNG - ok 14:48:11.0379 4620 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 14:48:11.0389 4620 Compbatt - ok 14:48:11.0419 4620 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 14:48:11.0429 4620 CompositeBus - ok 14:48:11.0439 4620 COMSysApp - ok 14:48:11.0449 4620 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 14:48:11.0459 4620 crcdisk - ok 14:48:11.0489 4620 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:48:11.0499 4620 CryptSvc - ok 14:48:11.0519 4620 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:48:11.0549 4620 DcomLaunch - ok 14:48:11.0599 4620 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 14:48:11.0629 4620 defragsvc - ok 14:48:11.0659 4620 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:48:11.0679 4620 DfsC - ok 14:48:11.0719 4620 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 14:48:11.0729 4620 Dhcp - ok 14:48:11.0749 4620 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 14:48:11.0779 4620 discache - ok 14:48:11.0809 4620 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 14:48:11.0819 4620 Disk - ok 14:48:11.0839 4620 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:48:11.0849 4620 Dnscache - ok 14:48:11.0869 4620 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 14:48:11.0899 4620 dot3svc - ok 14:48:11.0919 4620 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 14:48:11.0939 4620 DPS - ok 14:48:11.0979 4620 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:48:11.0989 4620 drmkaud - ok 14:48:12.0029 4620 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:48:12.0049 4620 DXGKrnl - ok 14:48:12.0079 4620 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 14:48:12.0099 4620 EapHost - ok 14:48:12.0159 4620 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 14:48:12.0199 4620 ebdrv - ok 14:48:12.0269 4620 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 14:48:12.0279 4620 eeCtrl - ok 14:48:12.0299 4620 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 14:48:12.0309 4620 EFS - ok 14:48:12.0369 4620 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:48:12.0379 4620 ehRecvr - ok 14:48:12.0419 4620 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 14:48:12.0429 4620 ehSched - ok 14:48:12.0469 4620 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 14:48:12.0479 4620 elxstor - ok 14:48:12.0539 4620 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 14:48:12.0549 4620 EraserUtilRebootDrv - ok 14:48:12.0559 4620 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:48:12.0569 4620 ErrDev - ok 14:48:12.0599 4620 [ 3DBC10CBC436288801FAEE66DE91AE47 ] EtronHub3 C:\Windows\system32\Drivers\EtronHub3.sys 14:48:12.0609 4620 EtronHub3 - ok 14:48:12.0619 4620 [ DE261095A2220D400D9603E1E42D4185 ] EtronXHCI C:\Windows\system32\Drivers\EtronXHCI.sys 14:48:12.0629 4620 EtronXHCI - ok 14:48:12.0649 4620 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 14:48:12.0679 4620 EventSystem - ok 14:48:12.0719 4620 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 14:48:12.0749 4620 exfat - ok 14:48:12.0769 4620 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:48:12.0789 4620 fastfat - ok 14:48:12.0839 4620 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 14:48:12.0849 4620 Fax - ok 14:48:12.0849 4620 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:48:12.0859 4620 fdc - ok 14:48:12.0889 4620 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 14:48:12.0909 4620 fdPHost - ok 14:48:12.0929 4620 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 14:48:12.0959 4620 FDResPub - ok 14:48:12.0959 4620 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:48:12.0969 4620 FileInfo - ok 14:48:12.0979 4620 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:48:13.0009 4620 Filetrace - ok 14:48:13.0019 4620 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:48:13.0029 4620 flpydisk - ok 14:48:13.0049 4620 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:48:13.0059 4620 FltMgr - ok 14:48:13.0099 4620 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 14:48:13.0119 4620 FontCache - ok 14:48:13.0149 4620 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:48:13.0159 4620 FontCache3.0.0.0 - ok 14:48:13.0179 4620 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 14:48:13.0189 4620 FsDepends - ok 14:48:13.0209 4620 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:48:13.0219 4620 Fs_Rec - ok 14:48:13.0249 4620 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 14:48:13.0259 4620 fvevol - ok 14:48:13.0299 4620 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 14:48:13.0299 4620 gagp30kx - ok 14:48:13.0349 4620 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 14:48:13.0379 4620 gpsvc - ok 14:48:13.0389 4620 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 14:48:13.0399 4620 hcw85cir - ok 14:48:13.0439 4620 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:48:13.0459 4620 HdAudAddService - ok 14:48:13.0489 4620 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:48:13.0499 4620 HDAudBus - ok 14:48:13.0519 4620 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 14:48:13.0529 4620 HidBatt - ok 14:48:13.0529 4620 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 14:48:13.0549 4620 HidBth - ok 14:48:13.0549 4620 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 14:48:13.0559 4620 HidIr - ok 14:48:13.0579 4620 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 14:48:13.0599 4620 hidserv - ok 14:48:13.0619 4620 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 14:48:13.0629 4620 HidUsb - ok 14:48:13.0649 4620 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:48:13.0679 4620 hkmsvc - ok 14:48:13.0689 4620 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 14:48:13.0699 4620 HomeGroupListener - ok 14:48:13.0719 4620 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 14:48:13.0729 4620 HomeGroupProvider - ok 14:48:13.0769 4620 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 14:48:13.0779 4620 HpSAMD - ok 14:48:13.0809 4620 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:48:13.0839 4620 HTTP - ok 14:48:13.0849 4620 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 14:48:13.0859 4620 hwpolicy - ok 14:48:13.0899 4620 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 14:48:13.0909 4620 i8042prt - ok 14:48:13.0939 4620 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 14:48:13.0949 4620 iaStor - ok 14:48:13.0969 4620 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 14:48:13.0989 4620 iaStorV - ok 14:48:14.0059 4620 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 14:48:14.0059 4620 IDriverT ( UnsignedFile.Multi.Generic ) - warning 14:48:14.0059 4620 IDriverT - detected UnsignedFile.Multi.Generic (1) 14:48:14.0099 4620 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:48:14.0119 4620 idsvc - ok 14:48:14.0169 4620 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130607.001\IDSvia64.sys 14:48:14.0179 4620 IDSVia64 - ok 14:48:14.0209 4620 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 14:48:14.0219 4620 iirsp - ok 14:48:14.0249 4620 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 14:48:14.0279 4620 IKEEXT - ok 14:48:14.0299 4620 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 14:48:14.0309 4620 intelide - ok 14:48:14.0329 4620 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:48:14.0339 4620 intelppm - ok 14:48:14.0379 4620 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:48:14.0409 4620 IPBusEnum - ok 14:48:14.0439 4620 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:48:14.0459 4620 IpFilterDriver - ok 14:48:14.0489 4620 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:48:14.0499 4620 iphlpsvc - ok 14:48:14.0519 4620 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 14:48:14.0529 4620 IPMIDRV - ok 14:48:14.0539 4620 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 14:48:14.0569 4620 IPNAT - ok 14:48:14.0589 4620 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:48:14.0599 4620 IRENUM - ok 14:48:14.0609 4620 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:48:14.0619 4620 isapnp - ok 14:48:14.0629 4620 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 14:48:14.0649 4620 iScsiPrt - ok 14:48:14.0659 4620 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:48:14.0669 4620 kbdclass - ok 14:48:14.0699 4620 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:48:14.0709 4620 kbdhid - ok 14:48:14.0729 4620 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 14:48:14.0739 4620 KeyIso - ok 14:48:14.0749 4620 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:48:14.0759 4620 KSecDD - ok 14:48:14.0769 4620 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 14:48:14.0779 4620 KSecPkg - ok 14:48:14.0789 4620 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:48:14.0819 4620 ksthunk - ok 14:48:14.0839 4620 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 14:48:14.0869 4620 KtmRm - ok 14:48:14.0889 4620 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 14:48:14.0919 4620 LanmanServer - ok 14:48:14.0939 4620 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:48:14.0959 4620 LanmanWorkstation - ok 14:48:14.0979 4620 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys 14:48:14.0989 4620 lirsgt - ok 14:48:15.0019 4620 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:48:15.0049 4620 lltdio - ok 14:48:15.0069 4620 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:48:15.0099 4620 lltdsvc - ok 14:48:15.0109 4620 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:48:15.0139 4620 lmhosts - ok 14:48:15.0169 4620 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 14:48:15.0179 4620 LSI_FC - ok 14:48:15.0199 4620 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 14:48:15.0209 4620 LSI_SAS - ok 14:48:15.0219 4620 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:48:15.0229 4620 LSI_SAS2 - ok 14:48:15.0249 4620 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:48:15.0259 4620 LSI_SCSI - ok 14:48:15.0279 4620 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 14:48:15.0309 4620 luafv - ok 14:48:15.0349 4620 [ E5ECF40E5FD459141E5F6685FFD51804 ] Lycosa C:\Windows\system32\drivers\Lycosa.sys 14:48:15.0359 4620 Lycosa - ok 14:48:15.0369 4620 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:48:15.0379 4620 Mcx2Svc - ok 14:48:15.0399 4620 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 14:48:15.0409 4620 megasas - ok 14:48:15.0419 4620 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 14:48:15.0429 4620 MegaSR - ok 14:48:15.0449 4620 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 14:48:15.0479 4620 MMCSS - ok 14:48:15.0489 4620 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 14:48:15.0509 4620 Modem - ok 14:48:15.0529 4620 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:48:15.0549 4620 monitor - ok 14:48:15.0579 4620 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:48:15.0589 4620 mouclass - ok 14:48:15.0609 4620 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:48:15.0619 4620 mouhid - ok 14:48:15.0639 4620 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 14:48:15.0649 4620 mountmgr - ok 14:48:15.0659 4620 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 14:48:15.0669 4620 mpio - ok 14:48:15.0679 4620 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:48:15.0709 4620 mpsdrv - ok 14:48:15.0729 4620 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 14:48:15.0769 4620 MpsSvc - ok 14:48:15.0789 4620 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:48:15.0809 4620 MRxDAV - ok 14:48:15.0829 4620 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:48:15.0839 4620 mrxsmb - ok 14:48:15.0849 4620 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:48:15.0859 4620 mrxsmb10 - ok 14:48:15.0869 4620 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:48:15.0879 4620 mrxsmb20 - ok 14:48:15.0889 4620 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 14:48:15.0899 4620 msahci - ok 14:48:15.0919 4620 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:48:15.0929 4620 msdsm - ok 14:48:15.0939 4620 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 14:48:15.0949 4620 MSDTC - ok 14:48:15.0969 4620 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:48:15.0999 4620 Msfs - ok 14:48:16.0009 4620 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 14:48:16.0039 4620 mshidkmdf - ok 14:48:16.0039 4620 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:48:16.0049 4620 msisadrv - ok 14:48:16.0089 4620 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:48:16.0119 4620 MSiSCSI - ok 14:48:16.0129 4620 msiserver - ok 14:48:16.0149 4620 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:48:16.0179 4620 MSKSSRV - ok 14:48:16.0199 4620 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:48:16.0229 4620 MSPCLOCK - ok 14:48:16.0229 4620 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:48:16.0259 4620 MSPQM - ok 14:48:16.0289 4620 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:48:16.0299 4620 MsRPC - ok 14:48:16.0319 4620 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 14:48:16.0329 4620 mssmbios - ok 14:48:16.0329 4620 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:48:16.0359 4620 MSTEE - ok 14:48:16.0359 4620 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 14:48:16.0369 4620 MTConfig - ok 14:48:16.0369 4620 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 14:48:16.0379 4620 Mup - ok 14:48:16.0409 4620 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 14:48:16.0439 4620 napagent - ok 14:48:16.0469 4620 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:48:16.0489 4620 NativeWifiP - ok 14:48:16.0539 4620 [ 56540E526B46E379A476FB5BC381B290 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130608.009\ENG64.SYS 14:48:16.0539 4620 NAVENG - ok 14:48:16.0589 4620 [ 8A19D3991F9F14B885CDE8BC640F6B68 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20130608.009\EX64.SYS 14:48:16.0619 4620 NAVEX15 - ok 14:48:16.0669 4620 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:48:16.0689 4620 NDIS - ok 14:48:16.0709 4620 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 14:48:16.0729 4620 NdisCap - ok 14:48:16.0749 4620 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:48:16.0779 4620 NdisTapi - ok 14:48:16.0809 4620 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:48:16.0829 4620 Ndisuio - ok 14:48:16.0849 4620 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:48:16.0879 4620 NdisWan - ok 14:48:16.0909 4620 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:48:16.0939 4620 NDProxy - ok 14:48:16.0969 4620 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:48:16.0999 4620 NetBIOS - ok 14:48:17.0009 4620 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 14:48:17.0039 4620 NetBT - ok 14:48:17.0059 4620 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 14:48:17.0069 4620 Netlogon - ok 14:48:17.0109 4620 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 14:48:17.0139 4620 Netman - ok 14:48:17.0199 4620 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:48:17.0219 4620 NetMsmqActivator - ok 14:48:17.0229 4620 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:48:17.0239 4620 NetPipeActivator - ok 14:48:17.0259 4620 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 14:48:17.0289 4620 netprofm - ok 14:48:17.0309 4620 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:48:17.0319 4620 NetTcpActivator - ok 14:48:17.0319 4620 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:48:17.0329 4620 NetTcpPortSharing - ok 14:48:17.0359 4620 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 14:48:17.0369 4620 nfrd960 - ok 14:48:17.0409 4620 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe 14:48:17.0419 4620 NIS - ok 14:48:17.0449 4620 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:48:17.0469 4620 NlaSvc - ok 14:48:17.0479 4620 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:48:17.0499 4620 Npfs - ok 14:48:17.0519 4620 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 14:48:17.0549 4620 nsi - ok 14:48:17.0559 4620 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:48:17.0589 4620 nsiproxy - ok 14:48:17.0619 4620 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:48:17.0649 4620 Ntfs - ok 14:48:17.0669 4620 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 14:48:17.0699 4620 Null - ok 14:48:17.0729 4620 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:48:17.0739 4620 nvraid - ok 14:48:17.0759 4620 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:48:17.0769 4620 nvstor - ok 14:48:17.0769 4620 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:48:17.0779 4620 nv_agp - ok 14:48:17.0839 4620 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 14:48:17.0859 4620 odserv - ok 14:48:17.0879 4620 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 14:48:17.0889 4620 ohci1394 - ok 14:48:17.0929 4620 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:48:17.0939 4620 ose - ok 14:48:17.0959 4620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 14:48:17.0979 4620 p2pimsvc - ok 14:48:17.0989 4620 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 14:48:18.0009 4620 p2psvc - ok 14:48:18.0029 4620 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 14:48:18.0049 4620 Parport - ok 14:48:18.0059 4620 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:48:18.0069 4620 partmgr - ok 14:48:18.0089 4620 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 14:48:18.0099 4620 PcaSvc - ok 14:48:18.0109 4620 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 14:48:18.0119 4620 pci - ok 14:48:18.0129 4620 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 14:48:18.0139 4620 pciide - ok 14:48:18.0149 4620 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 14:48:18.0159 4620 pcmcia - ok 14:48:18.0159 4620 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 14:48:18.0169 4620 pcw - ok 14:48:18.0189 4620 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:48:18.0219 4620 PEAUTH - ok 14:48:18.0289 4620 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 14:48:18.0309 4620 PerfHost - ok 14:48:18.0349 4620 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 14:48:18.0389 4620 pla - ok 14:48:18.0409 4620 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:48:18.0419 4620 PlugPlay - ok 14:48:18.0429 4620 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 14:48:18.0439 4620 PNRPAutoReg - ok 14:48:18.0459 4620 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 14:48:18.0469 4620 PNRPsvc - ok 14:48:18.0479 4620 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:48:18.0509 4620 PolicyAgent - ok 14:48:18.0549 4620 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 14:48:18.0579 4620 Power - ok 14:48:18.0609 4620 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:48:18.0629 4620 PptpMiniport - ok 14:48:18.0649 4620 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 14:48:18.0659 4620 Processor - ok 14:48:18.0689 4620 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 14:48:18.0699 4620 ProfSvc - ok 14:48:18.0719 4620 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 14:48:18.0729 4620 ProtectedStorage - ok 14:48:18.0769 4620 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 14:48:18.0799 4620 Psched - ok 14:48:18.0839 4620 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 14:48:18.0869 4620 ql2300 - ok 14:48:18.0889 4620 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 14:48:18.0899 4620 ql40xx - ok 14:48:18.0919 4620 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 14:48:18.0939 4620 QWAVE - ok 14:48:18.0949 4620 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:48:18.0959 4620 QWAVEdrv - ok 14:48:18.0969 4620 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:48:18.0989 4620 RasAcd - ok 14:48:19.0029 4620 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 14:48:19.0059 4620 RasAgileVpn - ok 14:48:19.0079 4620 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 14:48:19.0109 4620 RasAuto - ok 14:48:19.0119 4620 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:48:19.0149 4620 Rasl2tp - ok 14:48:19.0179 4620 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 14:48:19.0209 4620 RasMan - ok 14:48:19.0249 4620 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:48:19.0279 4620 RasPppoe - ok 14:48:19.0279 4620 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:48:19.0309 4620 RasSstp - ok 14:48:19.0319 4620 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:48:19.0349 4620 rdbss - ok 14:48:19.0359 4620 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 14:48:19.0369 4620 rdpbus - ok 14:48:19.0379 4620 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:48:19.0409 4620 RDPCDD - ok 14:48:19.0419 4620 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:48:19.0449 4620 RDPENCDD - ok 14:48:19.0469 4620 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 14:48:19.0499 4620 RDPREFMP - ok 14:48:19.0549 4620 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 14:48:19.0559 4620 RdpVideoMiniport - ok 14:48:19.0579 4620 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:48:19.0599 4620 RDPWD - ok 14:48:19.0629 4620 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 14:48:19.0639 4620 rdyboost - ok 14:48:19.0659 4620 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:48:19.0689 4620 RemoteAccess - ok 14:48:19.0699 4620 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:48:19.0739 4620 RemoteRegistry - ok 14:48:19.0749 4620 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 14:48:19.0779 4620 RpcEptMapper - ok 14:48:19.0789 4620 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 14:48:19.0799 4620 RpcLocator - ok 14:48:19.0819 4620 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 14:48:19.0849 4620 RpcSs - ok 14:48:19.0879 4620 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:48:19.0909 4620 rspndr - ok 14:48:19.0949 4620 [ C435AC77704EB16E85C9D630F4D4B4F7 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys 14:48:19.0959 4620 RTHDMIAzAudService - ok 14:48:19.0989 4620 [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 14:48:20.0009 4620 RTL8167 - ok 14:48:20.0039 4620 [ 2B38C905492F36FE42B59DA52D6B4EB7 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys 14:48:20.0059 4620 RtNdPt60 - ok 14:48:20.0089 4620 [ 8DF706A5A12A4832A3291A1FF26A7CC1 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys 14:48:20.0099 4620 RTTEAMPT - ok 14:48:20.0109 4620 [ ED0624ED83121E1BC141F49B1316CAA0 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan620.sys 14:48:20.0119 4620 RTVLANPT - ok 14:48:20.0129 4620 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 14:48:20.0139 4620 SamSs - ok 14:48:20.0159 4620 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:48:20.0169 4620 sbp2port - ok 14:48:20.0199 4620 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:48:20.0229 4620 SCardSvr - ok 14:48:20.0249 4620 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 14:48:20.0279 4620 scfilter - ok 14:48:20.0309 4620 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 14:48:20.0349 4620 Schedule - ok 14:48:20.0369 4620 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 14:48:20.0399 4620 SCPolicySvc - ok 14:48:20.0429 4620 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:48:20.0439 4620 SDRSVC - ok 14:48:20.0479 4620 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:48:20.0509 4620 secdrv - ok 14:48:20.0529 4620 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 14:48:20.0559 4620 seclogon - ok 14:48:20.0579 4620 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 14:48:20.0609 4620 SENS - ok 14:48:20.0619 4620 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 14:48:20.0639 4620 SensrSvc - ok 14:48:20.0659 4620 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 14:48:20.0669 4620 Serenum - ok 14:48:20.0699 4620 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 14:48:20.0709 4620 Serial - ok 14:48:20.0749 4620 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 14:48:20.0759 4620 sermouse - ok 14:48:20.0779 4620 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 14:48:20.0809 4620 SessionEnv - ok 14:48:20.0819 4620 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:48:20.0829 4620 sffdisk - ok 14:48:20.0839 4620 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:48:20.0849 4620 sffp_mmc - ok 14:48:20.0849 4620 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:48:20.0869 4620 sffp_sd - ok 14:48:20.0879 4620 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 14:48:20.0889 4620 sfloppy - ok 14:48:20.0909 4620 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:48:20.0939 4620 SharedAccess - ok 14:48:20.0959 4620 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:48:20.0989 4620 ShellHWDetection - ok 14:48:21.0009 4620 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:48:21.0019 4620 SiSRaid2 - ok 14:48:21.0029 4620 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 14:48:21.0039 4620 SiSRaid4 - ok 14:48:21.0079 4620 [ CA355B308AA537C6B9D67CD3A5485AF9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 14:48:21.0089 4620 SkypeUpdate - ok 14:48:21.0109 4620 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:48:21.0139 4620 Smb - ok 14:48:21.0169 4620 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:48:21.0189 4620 SNMPTRAP - ok 14:48:21.0189 4620 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 14:48:21.0199 4620 spldr - ok 14:48:21.0229 4620 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 14:48:21.0239 4620 Spooler - ok 14:48:21.0299 4620 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 14:48:21.0359 4620 sppsvc - ok 14:48:21.0369 4620 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 14:48:21.0399 4620 sppuinotify - ok 14:48:21.0449 4620 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS 14:48:21.0469 4620 SRTSP - ok 14:48:21.0479 4620 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS 14:48:21.0489 4620 SRTSPX - ok 14:48:21.0509 4620 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 14:48:21.0529 4620 srv - ok 14:48:21.0529 4620 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:48:21.0549 4620 srv2 - ok 14:48:21.0549 4620 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:48:21.0559 4620 srvnet - ok 14:48:21.0599 4620 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys 14:48:21.0609 4620 ssadbus - ok 14:48:21.0649 4620 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys 14:48:21.0659 4620 ssadmdfl - ok 14:48:21.0689 4620 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys 14:48:21.0699 4620 ssadmdm - ok 14:48:21.0709 4620 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys 14:48:21.0729 4620 ssadserd - ok 14:48:21.0749 4620 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:48:21.0779 4620 SSDPSRV - ok 14:48:21.0799 4620 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:48:21.0819 4620 SstpSvc - ok 14:48:21.0849 4620 Steam Client Service - ok 14:48:21.0869 4620 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 14:48:21.0879 4620 stexstor - ok 14:48:21.0929 4620 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 14:48:21.0939 4620 stisvc - ok 14:48:21.0959 4620 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 14:48:21.0969 4620 swenum - ok 14:48:21.0989 4620 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 14:48:22.0019 4620 swprv - ok 14:48:22.0049 4620 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS 14:48:22.0059 4620 SymDS - ok 14:48:22.0079 4620 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS 14:48:22.0099 4620 SymEFA - ok 14:48:22.0119 4620 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 14:48:22.0129 4620 SymEvent - ok 14:48:22.0139 4620 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS 14:48:22.0149 4620 SymIRON - ok 14:48:22.0159 4620 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS 14:48:22.0169 4620 SymNetS - ok 14:48:22.0209 4620 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 14:48:22.0239 4620 SysMain - ok 14:48:22.0259 4620 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:48:22.0279 4620 TabletInputService - ok 14:48:22.0319 4620 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:48:22.0349 4620 TapiSrv - ok 14:48:22.0369 4620 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 14:48:22.0399 4620 TBS - ok 14:48:22.0439 4620 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:48:22.0469 4620 Tcpip - ok 14:48:22.0509 4620 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 14:48:22.0539 4620 TCPIP6 - ok 14:48:22.0559 4620 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:48:22.0569 4620 tcpipreg - ok 14:48:22.0599 4620 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:48:22.0609 4620 TDPIPE - ok 14:48:22.0619 4620 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:48:22.0629 4620 TDTCP - ok 14:48:22.0659 4620 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:48:22.0679 4620 tdx - ok 14:48:22.0709 4620 [ 8DF706A5A12A4832A3291A1FF26A7CC1 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys 14:48:22.0709 4620 TEAM - ok 14:48:22.0729 4620 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 14:48:22.0739 4620 TermDD - ok 14:48:22.0759 4620 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 14:48:22.0789 4620 TermService - ok 14:48:22.0809 4620 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 14:48:22.0819 4620 Themes - ok 14:48:22.0839 4620 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 14:48:22.0869 4620 THREADORDER - ok 14:48:22.0879 4620 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 14:48:22.0909 4620 TrkWks - ok 14:48:22.0939 4620 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:48:22.0969 4620 TrustedInstaller - ok 14:48:22.0989 4620 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:48:23.0009 4620 tssecsrv - ok 14:48:23.0039 4620 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 14:48:23.0049 4620 TsUsbFlt - ok 14:48:23.0119 4620 [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe 14:48:23.0159 4620 TuneUp.UtilitiesSvc - ok 14:48:23.0189 4620 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys 14:48:23.0199 4620 TuneUpUtilitiesDrv - ok 14:48:23.0249 4620 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:48:23.0269 4620 tunnel - ok 14:48:23.0289 4620 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 14:48:23.0299 4620 uagp35 - ok 14:48:23.0339 4620 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:48:23.0359 4620 udfs - ok 14:48:23.0389 4620 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:48:23.0409 4620 UI0Detect - ok 14:48:23.0409 4620 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:48:23.0419 4620 uliagpkx - ok 14:48:23.0459 4620 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:48:23.0469 4620 umbus - ok 14:48:23.0509 4620 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 14:48:23.0509 4620 UmPass - ok 14:48:23.0529 4620 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 14:48:23.0559 4620 upnphost - ok 14:48:23.0579 4620 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:48:23.0589 4620 usbccgp - ok 14:48:23.0599 4620 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:48:23.0619 4620 usbcir - ok 14:48:23.0619 4620 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:48:23.0629 4620 usbehci - ok 14:48:23.0669 4620 [ 5AE9C87A1ED4B243942B3FDDD902134B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 14:48:23.0669 4620 usbfilter - ok 14:48:23.0699 4620 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:48:23.0719 4620 usbhub - ok 14:48:23.0719 4620 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 14:48:23.0729 4620 usbohci - ok 14:48:23.0769 4620 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:48:23.0779 4620 usbprint - ok 14:48:23.0809 4620 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 14:48:23.0819 4620 usbscan - ok 14:48:23.0829 4620 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:48:23.0839 4620 USBSTOR - ok 14:48:23.0849 4620 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 14:48:23.0859 4620 usbuhci - ok 14:48:23.0879 4620 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 14:48:23.0909 4620 UxSms - ok 14:48:23.0919 4620 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 14:48:23.0929 4620 VaultSvc - ok 14:48:23.0949 4620 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 14:48:23.0959 4620 vdrvroot - ok 14:48:23.0989 4620 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 14:48:24.0019 4620 vds - ok 14:48:24.0049 4620 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:48:24.0059 4620 vga - ok 14:48:24.0079 4620 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 14:48:24.0099 4620 VgaSave - ok 14:48:24.0119 4620 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 14:48:24.0129 4620 vhdmp - ok 14:48:24.0199 4620 [ 3CCC0D9607419AC28B4216C18F6FA5E9 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys 14:48:24.0229 4620 VIAHdAudAddService - ok 14:48:24.0239 4620 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 14:48:24.0239 4620 viaide - ok 14:48:24.0249 4620 [ 888450E821E7A66CB8A4E5B7A01BA5C5 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe 14:48:24.0259 4620 VIAKaraokeService - ok 14:48:24.0269 4620 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:48:24.0279 4620 volmgr - ok 14:48:24.0289 4620 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:48:24.0309 4620 volmgrx - ok 14:48:24.0309 4620 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:48:24.0329 4620 volsnap - ok 14:48:24.0359 4620 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 14:48:24.0369 4620 vsmraid - ok 14:48:24.0409 4620 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 14:48:24.0449 4620 VSS - ok 14:48:24.0459 4620 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 14:48:24.0469 4620 vwifibus - ok 14:48:24.0489 4620 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 14:48:24.0499 4620 vwififlt - ok 14:48:24.0519 4620 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 14:48:24.0559 4620 W32Time - ok 14:48:24.0579 4620 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 14:48:24.0589 4620 WacomPen - ok 14:48:24.0619 4620 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 14:48:24.0649 4620 WANARP - ok 14:48:24.0649 4620 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:48:24.0679 4620 Wanarpv6 - ok 14:48:24.0699 4620 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 14:48:24.0729 4620 wbengine - ok 14:48:24.0749 4620 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 14:48:24.0769 4620 WbioSrvc - ok 14:48:24.0779 4620 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:48:24.0799 4620 wcncsvc - ok 14:48:24.0809 4620 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:48:24.0819 4620 WcsPlugInService - ok 14:48:24.0839 4620 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 14:48:24.0849 4620 Wd - ok 14:48:24.0869 4620 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:48:24.0889 4620 Wdf01000 - ok 14:48:24.0899 4620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:48:24.0909 4620 WdiServiceHost - ok 14:48:24.0919 4620 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:48:24.0929 4620 WdiSystemHost - ok 14:48:24.0949 4620 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 14:48:24.0969 4620 WebClient - ok 14:48:24.0989 4620 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:48:25.0019 4620 Wecsvc - ok 14:48:25.0019 4620 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:48:25.0049 4620 wercplsupport - ok 14:48:25.0079 4620 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 14:48:25.0109 4620 WerSvc - ok 14:48:25.0129 4620 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 14:48:25.0159 4620 WfpLwf - ok 14:48:25.0169 4620 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 14:48:25.0179 4620 WIMMount - ok 14:48:25.0189 4620 WinDefend - ok 14:48:25.0199 4620 WinHttpAutoProxySvc - ok 14:48:25.0239 4620 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:48:25.0269 4620 Winmgmt - ok 14:48:25.0309 4620 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 14:48:25.0349 4620 WinRM - ok 14:48:25.0389 4620 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 14:48:25.0409 4620 WinUsb - ok 14:48:25.0429 4620 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 14:48:25.0449 4620 Wlansvc - ok 14:48:25.0529 4620 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:48:25.0559 4620 wlidsvc - ok 14:48:25.0579 4620 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:48:25.0589 4620 WmiAcpi - ok 14:48:25.0609 4620 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:48:25.0619 4620 wmiApSrv - ok 14:48:25.0629 4620 WMPNetworkSvc - ok 14:48:25.0649 4620 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:48:25.0659 4620 WPCSvc - ok 14:48:25.0669 4620 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:48:25.0679 4620 WPDBusEnum - ok 14:48:25.0699 4620 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:48:25.0729 4620 ws2ifsl - ok 14:48:25.0739 4620 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 14:48:25.0759 4620 wscsvc - ok 14:48:25.0759 4620 WSearch - ok 14:48:25.0799 4620 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 14:48:25.0839 4620 wuauserv - ok 14:48:25.0859 4620 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:48:25.0869 4620 WudfPf - ok 14:48:25.0899 4620 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:48:25.0909 4620 WUDFRd - ok 14:48:25.0919 4620 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:48:25.0929 4620 wudfsvc - ok 14:48:25.0949 4620 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 14:48:25.0959 4620 WwanSvc - ok 14:48:25.0979 4620 ================ Scan global =============================== 14:48:25.0999 4620 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 14:48:26.0029 4620 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 14:48:26.0029 4620 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 14:48:26.0049 4620 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 14:48:26.0059 4620 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 14:48:26.0059 4620 [Global] - ok 14:48:26.0059 4620 ================ Scan MBR ================================== 14:48:26.0069 4620 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 14:48:26.0309 4620 \Device\Harddisk0\DR0 - ok 14:48:26.0319 4620 ================ Scan VBR ================================== 14:48:26.0319 4620 [ 508B66816C64AA5B1E5E9990BA0F71CE ] \Device\Harddisk0\DR0\Partition1 14:48:26.0319 4620 \Device\Harddisk0\DR0\Partition1 - ok 14:48:26.0339 4620 [ 8197E89852920F920BA09F4B23FF13A2 ] \Device\Harddisk0\DR0\Partition2 14:48:26.0339 4620 \Device\Harddisk0\DR0\Partition2 - ok 14:48:26.0359 4620 [ A7D4CF5BAB6485D5B8C8FA6E848C433D ] \Device\Harddisk0\DR0\Partition3 14:48:26.0359 4620 \Device\Harddisk0\DR0\Partition3 - ok 14:48:26.0359 4620 ============================================================ 14:48:26.0359 4620 Scan finished 14:48:26.0359 4620 ============================================================ 14:48:26.0369 4932 Detected object count: 1 14:48:26.0369 4932 Actual detected object count: 1 14:48:27.0839 4932 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 14:48:27.0839 4932 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:48:35.0029 4436 Deinitialize success |
|
10.06.2013, 14:12
| #6 |
| /// Malware-holic | DomaIQ,ESN Sonar und andere Adware entfernen! Hi, Scan mit Combofix
__________________ --> DomaIQ,ESN Sonar und andere Adware entfernen! |
|
11.06.2013, 16:09
| #7 |
| | DomaIQ,ESN Sonar und andere Adware entfernen! ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 13-06-08.02 - Mathias 11.06.2013 16:53:36.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8173.6633 [GMT 2:00]
ausgeführt von:: c:\users\Mathias\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\1F8A7DF39F73E880.log
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-11 bis 2013-06-11 ))))))))))))))))))))))))))))))
.
.
2013-06-11 14:58 . 2013-06-11 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-11 14:40 . 2013-05-13 23:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3EA079F9-57EA-4BF1-91F1-BB5B5C9E2FD6}\mpengine.dll
2013-06-04 18:06 . 2013-06-04 18:06 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-05-29 20:04 . 2013-05-29 20:04 -------- d-----w- C:\MappedFiles
2013-05-28 15:23 . 2013-05-28 15:23 -------- d-----w- C:\found.000
2013-05-19 14:59 . 2013-05-19 14:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-05-19 14:59 . 2013-05-19 14:59 -------- d-----r- c:\program files (x86)\Skype
2013-05-18 12:46 . 2013-05-18 12:46 -------- d-----w- c:\users\Mathias\AppData\Local\Macromedia
2013-05-17 15:54 . 2013-05-17 15:54 -------- d-----w- c:\users\Mathias\AppData\Local\ESN
2013-05-17 15:51 . 2013-05-17 15:51 -------- d-----w- c:\users\Mathias\AppData\Local\Mozilla
2013-05-16 14:39 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 13:21 . 2013-05-15 13:21 -------- d-----w- c:\windows\SysWow64\Extensions
2013-05-15 13:21 . 2013-05-15 13:21 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-05-15 13:20 . 2013-06-09 13:34 -------- d-----w- c:\users\Mathias\AppData\Roaming\player
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 12:57 . 2012-11-15 19:01 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-18 12:57 . 2012-11-15 19:01 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-16 17:09 . 2012-11-15 23:59 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-11 19:20 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2012-11-15 19:02 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 14:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 14:39 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 14:39 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 14:39 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 14:39 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 14:39 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 12:39 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-02 00:31 . 2013-04-02 00:31 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-02 00:31 . 2013-04-02 00:31 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 00:31 . 2013-04-02 00:31 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-02 00:31 . 2013-04-02 00:31 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-02 00:31 . 2013-04-02 00:31 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-02 00:31 . 2013-04-02 00:31 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-02 00:31 . 2013-04-02 00:31 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-02 00:31 . 2013-04-02 00:31 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-02 00:31 . 2013-04-02 00:31 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-02 00:31 . 2013-04-02 00:31 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-02 00:31 . 2013-04-02 00:31 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-02 00:31 . 2013-04-02 00:31 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-02 00:31 . 2013-04-02 00:31 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-02 00:31 . 2013-04-02 00:31 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-02 00:31 . 2013-04-02 00:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-02 00:31 . 2013-04-02 00:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-02 00:31 . 2013-04-02 00:31 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-02 00:31 . 2013-04-02 00:31 441856 ----a-w- c:\windows\system32\html.iec
2013-04-02 00:31 . 2013-04-02 00:31 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-02 00:31 . 2013-04-02 00:31 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-02 00:31 . 2013-04-02 00:31 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-02 00:31 . 2013-04-02 00:31 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-02 00:31 . 2013-04-02 00:31 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-02 00:31 . 2013-04-02 00:31 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-02 00:31 . 2013-04-02 00:31 235008 ----a-w- c:\windows\system32\url.dll
2013-04-02 00:31 . 2013-04-02 00:31 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-02 00:31 . 2013-04-02 00:31 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-02 00:31 . 2013-04-02 00:31 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-02 00:31 . 2013-04-02 00:31 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-02 00:31 . 2013-04-02 00:31 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-02 00:31 . 2013-04-02 00:31 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-02 00:31 . 2013-04-02 00:31 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-02 00:31 . 2013-04-02 00:31 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-02 00:31 . 2013-04-02 00:31 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-02 00:31 . 2013-04-02 00:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-02 00:31 . 2013-04-02 00:31 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-02 00:31 . 2013-04-02 00:31 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-02 00:31 . 2013-04-02 00:31 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-02 00:31 . 2013-04-02 00:31 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-02 00:31 . 2013-04-02 00:31 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-02 00:31 . 2013-04-02 00:31 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-02 00:31 . 2013-04-02 00:31 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-02 00:31 . 2013-04-02 00:31 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-02 00:31 . 2013-04-02 00:31 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-02 00:31 . 2013-04-02 00:31 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-02 00:31 . 2013-04-02 00:31 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-02 00:31 . 2013-04-02 00:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-02 00:31 . 2013-04-02 00:31 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 00:31 . 2013-04-02 00:31 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-02 00:30 . 2013-04-02 00:30 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-02 00:30 . 2013-04-02 00:30 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-04-02 00:30 . 2013-04-02 00:30 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-04-02 00:30 . 2013-04-02 00:30 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-02 00:30 . 2013-04-02 00:30 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-02 00:30 . 2013-04-02 00:30 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-02 00:30 . 2013-04-02 00:30 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-02 00:30 . 2013-04-02 00:30 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-02 00:30 . 2013-04-02 00:30 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-02 00:30 . 2013-04-02 00:30 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-02 00:30 . 2013-04-02 00:30 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-02 00:30 . 2013-04-02 00:30 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-04-02 00:30 . 2013-04-02 00:30 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-02 00:30 . 2013-04-02 00:30 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-02 00:30 . 2013-04-02 00:30 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-04-02 00:30 . 2013-04-02 00:30 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-02 00:30 . 2013-04-02 00:30 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-02 00:30 . 2013-04-02 00:30 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-04-02 00:30 . 2013-04-02 00:30 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-02 00:30 . 2013-04-02 00:30 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-02 00:30 . 2013-04-02 00:30 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-04-02 00:30 . 2013-04-02 00:30 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-09 5263504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"KiesTrayAgent"=c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130531.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130607.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20130607.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys;c:\windows\SYSNATIVE\drivers\Lycosa.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-15 12:57]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Mathias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\4ot22z16.default\
FF - ExtSQL: 2013-06-07 12:35; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn
FF - ExtSQL: 2013-06-08 00:35; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PlanetSide 2 PSG - d:\planetside 2 psg\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-722349343-1642430871-824614816-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-722349343-1642430871-824614816-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-722349343-1642430871-824614816-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:7b,00,dc,98,44,57,6d,94,73,7d,cf,b1,97,c2,42,51,ef,e3,c1,42,e0,f4,a4,
32,6e,3a,67,d9,2b,f2,21,9b,f7,cd,0e,5e,b3,61,e2,44,63,cf,de,1e,65,07,08,5d,\
"??"=hex:25,9d,6d,04,1a,77,f9,53,92,21,fb,86,8f,ad,13,4c
.
[HKEY_USERS\S-1-5-21-722349343-1642430871-824614816-1000\Software\SecuROM\License information*]
"datasecu"=hex:e6,08,f7,4c,04,7a,9d,68,7b,22,f5,2c,2e,70,07,3a,69,e4,d5,3d,d5,
09,c8,8b,40,77,e5,55,94,c1,58,ac,c1,6e,9e,03,59,5e,18,db,fd,e8,94,b4,7d,10,\
"rkeysecu"=hex:27,14,5d,c0,8d,38,37,a6,c5,13,56,73,1c,14,84,9f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-11 17:00:03
ComboFix-quarantined-files.txt 2013-06-11 15:00
.
Vor Suchlauf: 11 Verzeichnis(se), 439.208.026.112 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 440.088.821.760 Bytes frei
.
- - End Of File - - C1D841947AD0349953EF8101680DCA79
A36C5E4F47E84449FF07ED3517B43A31 |
|
11.06.2013, 17:18
| #8 |
| /// Malware-holic | DomaIQ,ESN Sonar und andere Adware entfernen! Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 12:06
| #9 |
| | DomaIQ,ESN Sonar und andere Adware entfernen! Anti Malware: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.13.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 Mathias :: MATHIAS-PC [Administrator] 13.06.2013 11:45:19 mbam-log-2013-06-13 (11-45-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 410223 Laufzeit: 58 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
13.06.2013, 12:33
| #10 |
| /// Malware-holic | DomaIQ,ESN Sonar und andere Adware entfernen! Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 18:00
| #11 |
| | DomaIQ,ESN Sonar und andere Adware entfernen! Bei denen mit dem Fragezeichen war ich mir nicht sicher. Dass ist einmal fürn Monitor und einmal der Treiber für meinen WLan Empfänger (TP-Link TL-WN 822 N), da haben die im Computer Laden bei mir schon gesagt es wäre nicht notwendig einen Treiber von dem WLan Empfänger drauf zu machen, da dieser nur Fehler verursacht. Aber ohne gehts doch nicht oder? Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 13.06.2013 6,00MB 11.7.700.224 Notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.06.2013 6,00MB 11.7.700.224 Notwendig Adobe Reader XI - Deutsch Adobe Systems Incorporated 01.12.2012 128MB 11.0.00 Notwendig Age of Empires III Microsoft Game Studios 20.11.2012 2,09GB 1.00.0000 Notwendig Age of Empires III - The WarChiefs Microsoft Game Studios 20.11.2012 801MB 1.00.0000 Notwendig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 27.01.2013 26,3MB 8.0.903.0 Notwendig Anno 1701 Sunflowers 20.11.2012 1.04 Notwendig ArcaniA - Gothic 4 JoWooD Entertainment AG 20.11.2012 Notwendig ArcaniA - Gothic 4 Hotfix JoWooD Entertainment AG 20.11.2012 24,9MB Notwendig ArcaniA - Gothic 4 Patch JoWooD Entertainment AG 20.11.2012 99,5MB Notwendig ArcaniA - Gothic 4 Patch JoWooD Entertainment AG 20.11.2012 Notwendig BioShock 2 2K Games 19.11.2012 1.00.0000 Notwendig Canon MP Navigator EX 1.0 18.11.2012 Notwendig Canon MP210 series 18.11.2012 Notwendig Canon My Printer 18.11.2012 Notwendig CCleaner Piriform 24.10.2012 3.24 Notwendig Command & Conquer 3 Ihr Firmenname 19.11.2012 13,1GB 1.00.0000 Notwendig Command & Conquer Die ersten 10 Jahre Electronic Arts 15.12.2012 1.00.0000 Notwendig Command & Conquer™ 3: Kanes Rache Ihr Firmenname 20.11.2012 11,2GB 1.00.0000 Notwendig Command & Conquer™ Alarmstufe Rot 3 Electronic Arts 20.11.2012 8,22GB 1.0.1.0 Notwendig Command & Conquer™ Die ersten 10 Jahre-Patch 1.02 16.12.2012 Notwendig Company of Heroes THQ Inc. 20.11.2012 2.602.0 Notwendig CPUID CPU-Z 1.62 16.11.2012 3,19MB Notwendig Dead Space™ 2 Electronic Arts 19.11.2012 10,0GB 1.0.943.0 Notwendig DIE SIEDLER - Aufstieg eines Königreichs Ubisoft 20.11.2012 1.00.0000 Notwendig DIE SIEDLER - Das Erbe der Könige Blue Byte 29.03.2013 1.00.0000 Notwendig Die Siedler 7 Ubisoft 04.04.2013 1.12.1396 Notwendig Die Siedler II - Die nächste Generation 06.12.2012 Notwendig Die Sims™ 3 Electronic Arts 17.05.2013 1.50.56 Notwendig Empire: Total War The Creative Assembly 20.11.2012 Notwendig Etron USB3.0 Host Controller Etron Technology 18.11.2012 356KB 0.115 Notwendig Free YouTube to MP3 Converter version 3.11.35.1031 DVDVideoSoft Ltd. 19.11.2012 61,9MB 3.11.35.1031 Notwendig Gothic II JoWooD Productions Software AG 30.11.2012 Notwendig Gothic II - Die Nacht des Raben JoWooD Productions Software AG 30.11.2012 Notwendig Gothic III JoWooD Productions Software AG 19.11.2012 1.0.0 Notwendig Half-Life 2 Valve 22.02.2013 Notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 13.06.2013 19,2MB 1.75.0.1300 Notwendig Medal of Honor (TM) Electronic Arts 24.12.2012 7,37GB 1.0.0.0 Notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 06.12.2012 38,8MB 4.0.30320 Unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 06.12.2012 2,93MB 4.0.30320 Unbekannt Microsoft .NET Framework 4 Extended Microsoft Corporation 06.12.2012 51,9MB 4.0.30320 Unbekannt Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Corporation 06.12.2012 10,6MB 4.0.30320 Unbekannt Microsoft Games for Windows - LIVE Microsoft Corporation 19.11.2012 8,31MB 3.1.186.0 Notwendig Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 20.11.2012 31,3MB 3.5.92.0 Notwendig Microsoft Office File Validation Add-In Microsoft Corporation 23.11.2012 7,95MB 14.0.5130.5003 Unbekannt Microsoft Office Home and Student 2007 Microsoft Corporation 19.11.2012 12.0.6612.1000 Unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 21.11.2012 508KB 2.0.4024.1 Unbekannt Microsoft Silverlight Microsoft Corporation 14.03.2013 100MB 5.1.20125.0 Unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.11.2012 300KB 8.0.59193 Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Corporation 18.11.2012 792KB 9.0.30729 Unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 19.11.2012 788KB 9.0.30729.6161 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 04.04.2013 1,41MB 9.0.21022 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 19.11.2012 608KB 9.0.30729 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 21.11.2012 230KB 9.0.30729 Unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 21.11.2012 600KB 9.0.30729.6161 Unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 21.11.2012 15,0MB 10.0.30319 Unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 21.11.2012 11,0MB 10.0.30319 Unbekannt Microsoft WSE 3.0 Runtime Microsoft Corp. 20.11.2012 942KB 3.0.5305.0 Unbekannt Mozilla Firefox 21.0 (x86 de) Mozilla 17.05.2013 44,5MB 21.0 Notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 21.11.2012 1,27MB 4.20.9870.0 Unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 23.11.2012 1,33MB 4.20.9876.0 Unbekannt Norton Internet Security Symantec Corporation 15.11.2012 19.9.1.14 Notwendig NVIDIA PhysX NVIDIA Corporation 20.11.2012 78,9MB 9.10.0513 Notwendig OpenTTD 1.2.3 OpenTTD 27.12.2012 1.2.3 Unnötig Origin Electronic Arts, Inc. 20.11.2012 9.0.15.65 Notwendig Realtek Ethernet Controller Driver Realtek 18.11.2012 7.49.927.2011 Notwendig Realtek Ethernet Diagnostic Utility Realtek 18.11.2012 1.006 Notwendig Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 18.11.2012 6.0.1.6650 Notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 18.11.2012 6.0.1.6662 Notwendig Risen Deep Silver 19.11.2012 1.00.0000 Notwendig Risen 2 - Dark Waters 19.11.2012 Notwendig S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] bitComposer Games 04.06.2013 1.6.02 Notwendig S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005] THQ 04.06.2013 1.0005 Notwendig Samsung Kies Samsung Electronics Co., Ltd. 05.12.2012 187MB 2.5.0.12104_15 Notwendig SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 06.12.2012 33,8MB 1.5.16.0 Unnötig Silent Hill: Homecoming Konami 20.11.2012 Notwendig SimCity™ Societies Electronic Arts 15.03.2013 1.0.0.0 Notwendig SimCity™ Societies Reisewelten Electronic Arts 15.03.2013 953MB 1.0.0.1 Notwendig Skype™ 6.3 Skype Technologies S.A. 19.05.2013 20,9MB 6.3.107 Notwendig Stalker Complete 2009 v1.4.4 04.06.2013 Notwendig StarCraft II Blizzard Entertainment 09.05.2013 2.0.8.25604 Notwendig Steam Valve Corporation 19.11.2012 37,4MB 1.0.0.0 Notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 10.12.2012 3.0.6 Unnötig TechPowerUp GPU-Z TechPowerUp 16.11.2012 Notwendig The Movies(TM) Activision 20.11.2012 1,93GB 1.0 Notwendig TL-WN822N/TL-WN821N Driver TP-LINK 30.11.2012 1.0.0 Unnötig/Notwendig ??? TuneUp Utilities 2012 TuneUp Software 18.11.2012 12.0.3600.73 Notwendig Ubisoft Game Launcher UBISOFT 04.04.2013 1.0.0.0 Notwendig VIA Plattform-Geräte-Manager VIA Technologies, Inc. 18.11.2012 2,62MB 1.39 Unbekannt ViewSonic Windows 7 x64 Signed Files 19.11.2012 Unnötig/Notwendig ??? Windows Live Essentials Microsoft Corporation 18.11.2012 16.4.3505.0912 Notwendig WinRAR 4.20 (64-Bit) win.rar GmbH 10.12.2012 4.20.0 Notwendig World of Tanks Wargaming.net 21.11.2012 16,5MB Notwendig |
|
13.06.2013, 18:13
| #12 |
| /// Malware-holic | DomaIQ,ESN Sonar und andere Adware entfernen! deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok Norton : wenn ich das richtig sehe ist das nicht die 2013 verrion, bitte mal auf die Norton page gehen und upgraden. Deinstaliere: OpenTTD Samsung : alle TeamSpeak TuneUp : finger weg von solchen quark, die meisten Funktionen bringen nichts, und andere können dem PC schaden. Öffne CCleaner, analysieren, starten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 20:48
| #13 |
| | DomaIQ,ESN Sonar und andere Adware entfernen! Also auch diesen Adobe Flash Player 11 Active X deinstallieren? |
|
13.06.2013, 21:18
| #14 |
| /// Malware-holic | DomaIQ,ESN Sonar und andere Adware entfernen! ja.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 21:19
| #15 |
| | DomaIQ,ESN Sonar und andere Adware entfernen! AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 13/06/2013 um 22:14:52 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Mathias - MATHIAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mathias\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\4ot22z16.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S2].txt - [734 octets] - [13/06/2013 22:14:52]
########## EOF - C:\AdwCleaner[S2].txt - [793 octets] ##########
Aber ich bin grad etwas genervt  Ich habe jetzt in meinem Dokumente Ordner, einen Ordner gefunden der SelfMV heißt. Nach meinem Freund Google zu urteilen, handelt es sich dabei um Malware.Ich habe doch alle deine Anweisungen befolgt doch jetzt ist wieder ein komplett neuer Ordner aufgetaucht. Begreif ich nicht sorry  |
|
| Themen zu DomaIQ,ESN Sonar und andere Adware entfernen! |
| adware, dateien, defender, entfernen, explorer, firefox, folge, forum, gelöscht, home, internet browser, internet explorer, log, löschen, microsoft, mozilla, neue, ordner, programm, registrierungsdatenbank, scan, software, sonar-schutz funktioniert nicht mehr, spielen, start, suche, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
