| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Lauter Mailer-Daemon-Nachrichten im GMX-PosteingangWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.06.2013, 11:40
| #1 |
| |  Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang Hallo, ich habe ebenfalls das Problem mit den Mailer-Daemons. Öffne ich mein Postfach bei GMX ist es von oben bis unten voll mit solchen Mails. Keine Ahnung was der Grund dafür ist, jedenfalls scheint meine Emailadresse für sämtlichen Spam missbraucht zu werden. Ich wäre euch für eure Unterstützung sehr dankbar! Was muss ich tun?  |
|
13.06.2013, 11:45
| #2 |
| /// Malware-holic   | Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
13.06.2013, 14:41
| #3 |
| | Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang OTL.txt:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 6/13/2013 3:22:35 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jay\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.85 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 63.86% Memory free 7.71 Gb Paging File | 6.41 Gb Available in Paging File | 83.20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 179.00 Gb Total Space | 79.76 Gb Free Space | 44.56% Space Free | Partition Type: NTFS Drive D: | 266.66 Gb Total Space | 217.76 Gb Free Space | 81.66% Space Free | Partition Type: NTFS Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/06/13 12:17:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jay\Downloads\OTL.exe PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/01/09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe PRC - [2013/01/09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) -- C:\Program Files (x86)\PDF Architect\HelperService.exe PRC - [2010/06/08 09:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/05/06 08:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2010/02/10 16:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2010/01/19 04:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe ========== Modules (No Company Name) ========== MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/07/07 20:50:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/04/16 16:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2013/06/12 11:42:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/01/09 18:36:06 | 000,795,208 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\ConversionService.exe -- (PDF Architect Service) SRV - [2013/01/09 18:34:26 | 001,324,104 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files (x86)\PDF Architect\HelperService.exe -- (PDF Architect Helper Service) SRV - [2010/06/01 08:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/01/15 12:11:26 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012/06/06 11:26:06 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/07/07 21:30:10 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/07/07 20:15:44 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/06/10 21:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/04/16 16:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/04/01 02:25:14 | 000,136,192 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/03/31 02:35:26 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2010/02/27 02:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/01/29 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/01/25 13:24:00 | 000,015,104 | ---- | M] (ROCCAT Development, Inc.) [+] Mouse [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KovaPlusFltr.sys -- (KovaPlusFltr) DRV:64bit: - [2009/09/28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011/02/14 06:58:57 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files (x86)\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012/12/25 17:47:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013/02/13 01:32:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/21 17:23:56 | 000,000,000 | ---D | M] [2011/04/05 21:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Extensions [2013/05/09 00:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\Firefox\Profiles\72rlucgj.default\extensions [2012/12/12 12:54:05 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013/05/09 00:09:55 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012/10/11 14:03:24 | 000,000,911 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\11-suche.xml [2012/10/11 14:03:24 | 000,002,273 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\englische-ergebnisse.xml [2012/10/11 14:03:24 | 000,010,563 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\gmx-suche.xml [2013/06/12 20:20:25 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-1.xml [2011/07/25 10:33:41 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-2.xml [2012/04/09 01:34:07 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-3.xml [2012/04/28 15:06:59 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-4.xml [2012/06/17 13:15:29 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-5.xml [2012/07/18 21:58:22 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-6.xml [2012/09/09 14:43:49 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-7.xml [2012/09/17 14:45:42 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-8.xml [2012/10/28 21:53:25 | 000,000,950 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin-9.xml [2011/03/30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\icqplugin.xml [2012/10/11 14:03:24 | 000,002,432 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\lastminute.xml [2012/10/11 14:03:24 | 000,005,545 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\mozilla\firefox\profiles\72rlucgj.default\searchplugins\webde-suche.xml [2013/05/24 02:38:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013/05/24 02:38:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/02/13 01:32:03 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT [2012/08/28 21:53:56 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found O4 - Startup: C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jay\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - D:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E83D437-7FBE-4366-A384-649368F8DCC1}: DhcpNameServer = 134.102.20.20 134.102.149.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{967C7E46-1720-47F1-8848-34AA8052D617}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Connectify - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ETDWare - hkey= - key= - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: HP Deskjet 3070 B611 series (NET) - hkey= - key= - C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - File not found MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: Iminent - hkey= - key= - File not found MsConfig:64bit - StartUpReg: IminentMessenger - hkey= - key= - File not found MsConfig:64bit - StartUpReg: IntelTBRunOnce - hkey= - key= - C:\Windows\SysNative\wscript.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - File not found MsConfig:64bit - StartUpReg: mcui_exe - hkey= - key= - File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/06/13 07:52:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/05/21 17:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013/05/21 17:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013/05/21 17:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013/05/21 17:18:12 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Local\Adobe [2013/05/18 19:29:08 | 000,000,000 | ---D | C] -- C:\Users\Jay\AppData\Roaming\Adobe [1 C:\Users\Jay\Documents\*.tmp files -> C:\Users\Jay\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/13 15:01:00 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2013/06/13 14:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/06/13 14:26:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/06/13 12:43:50 | 000,147,918 | ---- | M] () -- C:\Users\Jay\Desktop\Lösungen Tutorium 4 Produktionsplanung I+II.pdf [2013/06/13 12:17:32 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/06/13 12:17:32 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/06/13 12:04:39 | 4137,852,928 | -HS- | M] () -- C:\hiberfil.sys [2013/06/10 14:34:55 | 000,076,018 | ---- | M] () -- C:\Users\Jay\Desktop\VW_Juniormasters.pdf [2013/06/10 12:49:43 | 000,054,891 | ---- | M] () -- C:\Users\Jay\Desktop\Tutorienblatt 5 Ablaufplanung I_NEU.pdf [2013/06/08 15:21:28 | 488,459,064 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/05/29 11:00:30 | 000,001,045 | ---- | M] () -- C:\Users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/05/29 11:00:23 | 000,001,009 | ---- | M] () -- C:\Users\Jay\Desktop\Dropbox.lnk [2013/05/27 08:27:48 | 000,441,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/17 04:58:22 | 001,529,494 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/17 04:58:22 | 000,657,948 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/05/17 04:58:22 | 000,619,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/17 04:58:22 | 000,131,288 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/05/17 04:58:22 | 000,107,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/15 20:36:56 | 000,039,964 | ---- | M] () -- C:\Users\Jay\Desktop\Studienausweis.jpg [1 C:\Users\Jay\Documents\*.tmp files -> C:\Users\Jay\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/04/17 21:52:16 | 000,001,496 | ---- | C] () -- C:\Users\Jay\AppData\Local\recently-used.xbel [2012/06/18 23:15:12 | 000,068,440 | ---- | C] () -- C:\Users\Jay\profil.gif [2012/06/17 12:56:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012/06/17 12:49:16 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2012/06/14 15:20:46 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012/04/05 21:45:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2012/01/16 14:33:39 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/04/05 14:56:30 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2013/03/29 22:05:15 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$I2GON8F.u [2013/03/29 22:05:30 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$I6KPC7P.u [2013/03/29 22:36:07 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$I7QBBXC.u [2013/03/29 22:05:15 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$ICZN1GF.u [2013/03/29 15:36:45 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$IESEDUM.u [2013/03/29 17:02:48 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$ILCDPQW.u [2013/03/29 15:36:45 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$INVCV2V.u [2013/03/29 22:36:07 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$IRRBJOX.u [2013/03/29 15:34:10 | 000,050,101 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$R2GON8F.u [2013/03/29 15:34:11 | 000,001,739 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$R6KPC7P.u [2013/03/29 22:10:36 | 003,339,046 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$R7QBBXC.u [2013/03/29 15:34:09 | 003,339,046 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$RCZN1GF.u [2013/03/29 15:34:10 | 000,050,101 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$RESEDUM.u [2013/03/29 15:34:11 | 000,001,739 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$RLCDPQW.u [2013/03/29 15:34:09 | 003,339,046 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$RNVCV2V.u [2013/03/29 22:10:37 | 000,050,101 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2806026202-95748070-3344758458-1000\$RRRBJOX.u [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/06/13 12:05:44 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\Dropbox [2013/05/24 16:38:25 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\e-academy Inc [2011/05/15 17:31:57 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\GetRightToGo [2012/11/15 01:06:37 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\ICQ [2013/05/26 17:08:17 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\ImgBurn [2013/05/21 21:32:18 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\IrfanView [2012/12/25 03:27:32 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\loadtbs [2013/02/13 01:34:36 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\PDF Architect [2013/02/13 01:31:46 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\pdfforge [2013/06/03 14:54:51 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\SimpleScreenshot [2011/07/20 16:04:27 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\TeamViewer [2011/04/27 19:34:28 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\The Creative Assembly [2013/06/11 22:58:39 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\TS3Client [2012/11/29 20:09:17 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\VideoConverterPackages [2012/05/28 18:22:38 | 000,000,000 | ---D | M] -- C:\Users\Jay\AppData\Roaming\XnView ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/12/25 18:05:55 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013/04/15 01:25:43 | 000,000,000 | ---D | M] -- C:\AMD [2013/06/13 12:04:39 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009/07/14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010/11/24 04:04:20 | 000,000,000 | ---D | M] -- C:\Intel [2013/02/23 16:47:23 | 000,000,000 | ---D | M] -- C:\LanguageNames2 [2011/04/05 22:30:10 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013/04/17 21:43:52 | 000,000,000 | R--D | M] -- C:\Program Files [2013/05/26 18:10:13 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013/06/07 23:09:12 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011/04/05 14:52:38 | 000,000,000 | -HSD | M] -- C:\Recovery [2013/06/13 15:23:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/04/05 14:53:55 | 000,000,000 | R--D | M] -- C:\Users [2013/06/08 15:21:28 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009/07/14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009/07/14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009/07/14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009/07/14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010/11/20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009/07/14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009/07/14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/06/14 15:21:15 | 000,000,252 | ---- | C] () -- C:\Windows\Tasks\HP Photo Creations Messager.job [2013/05/21 17:42:15 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\Windows\SysNative\drivers\iaStor.sys [2010/04/27 09:57:04 | 000,540,696 | ---- | M] (Intel Corporation) MD5=A5F72BB0D024E7E463344105BE613AE4 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_c62e28b241ae90ea\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2011/04/05 15:02:57 | 000,000,148 | ---- | M] () -- C:\Users\Jay\DiskScrP.txt [2011/04/23 19:09:58 | 000,000,097 | ---- | M] () -- C:\Users\Jay\easyWhiteboard.ini [2012/12/14 22:33:12 | 000,010,545 | ---- | M] () -- C:\Users\Jay\MBtech.docx [2013/06/13 15:23:22 | 003,932,160 | -HS- | M] () -- C:\Users\Jay\ntuser.dat [2013/06/13 15:23:22 | 000,262,144 | -HS- | M] () -- C:\Users\Jay\ntuser.dat.LOG1 [2011/04/05 14:53:55 | 000,000,000 | -HS- | M] () -- C:\Users\Jay\ntuser.dat.LOG2 [2011/04/05 15:06:21 | 000,065,536 | -HS- | M] () -- C:\Users\Jay\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011/04/05 15:06:21 | 000,524,288 | -HS- | M] () -- C:\Users\Jay\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011/04/05 15:06:21 | 000,524,288 | -HS- | M] () -- C:\Users\Jay\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012/05/23 18:03:59 | 000,065,536 | -HS- | M] () -- C:\Users\Jay\ntuser.dat{af6289b8-a4e8-11e1-b653-e811322182de}.TM.blf [2012/05/23 18:03:59 | 000,524,288 | -HS- | M] () -- C:\Users\Jay\ntuser.dat{af6289b8-a4e8-11e1-b653-e811322182de}.TMContainer00000000000000000001.regtrans-ms [2012/05/23 18:03:59 | 000,524,288 | -HS- | M] () -- C:\Users\Jay\ntuser.dat{af6289b8-a4e8-11e1-b653-e811322182de}.TMContainer00000000000000000002.regtrans-ms [2011/04/05 14:53:55 | 000,000,020 | -HS- | M] () -- C:\Users\Jay\ntuser.ini [2012/06/18 23:15:13 | 000,068,440 | ---- | M] () -- C:\Users\Jay\profil.gif [2012/06/20 20:12:27 | 000,011,264 | -HS- | M] () -- C:\Users\Jay\Thumbs.db < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:268F887D @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:76650B61 < End of report > Extras.txt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 6/13/2013 3:22:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jay\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.85 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 63.86% Memory free
7.71 Gb Paging File | 6.41 Gb Available in Paging File | 83.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 79.76 Gb Free Space | 44.56% Space Free | Partition Type: NTFS
Drive D: | 266.66 Gb Total Space | 217.76 Gb Free Space | 81.66% Space Free | Partition Type: NTFS
Computer Name: JAY-PC | User Name: Jay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B73E1A7-5DF0-41B7-8CC8-623FDF2ABC1A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0CAACC56-7F10-4176-88A5-333087F234AB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{14F22F36-C554-418E-95AD-291A6D1E5C1B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B167229-15E4-47A6-97CC-46C71EC26A34}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2845332C-9D33-4D82-A800-F0F5AE0ADC8B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{305CF41C-A554-4B85-884B-979C3BC69844}" = rport=10243 | protocol=6 | dir=out | app=system |
"{363C8E68-0F80-451A-84EE-008CD7A08966}" = lport=445 | protocol=6 | dir=in | app=system |
"{3777D745-FAE6-4D48-A860-4CC2FEC7A8F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4D3D573D-A24C-47F9-B09C-AD240C7A1126}" = lport=137 | protocol=17 | dir=in | app=system |
"{5B586FAA-0733-42E9-BF28-DE12D4C8A0E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63A2A24C-E875-4781-BC96-2FEA18F4CA65}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{69E5F0E8-576D-41FB-8E64-79C026365B6A}" = lport=138 | protocol=17 | dir=in | app=system |
"{6CDA2F8D-572E-4DA7-877F-FE255A63E491}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D297E4D-0C84-4041-B5B2-850A75FCEA59}" = lport=10243 | protocol=6 | dir=in | app=system |
"{70F37501-A458-4A1E-A533-3B9D62CC852F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7155B0C3-280C-40D7-AEA9-574B4A87FED4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{724C95C2-2423-4CD5-85D4-F9BB4B841CAB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7E956736-E5AB-4A2C-AC30-04F760E94BA0}" = rport=139 | protocol=6 | dir=out | app=system |
"{884FB341-1593-457F-BF15-144765D40835}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8A5D5E80-E8AE-43B3-85A5-E095E5EC88B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A5388BED-4EDC-43ED-9B8D-B94278454F6D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2F654C0-543A-4798-BDB1-1BB110952CB6}" = rport=137 | protocol=17 | dir=out | app=system |
"{C0942316-0628-49F8-BA70-9EE07BF22A02}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C431830B-8880-40C1-935F-4CEEDF430DDA}" = rport=445 | protocol=6 | dir=out | app=system |
"{D0B22661-E95B-404F-AAB6-BA84230D6399}" = lport=139 | protocol=6 | dir=in | app=system |
"{D7E53C00-84CC-4B1C-B331-B03670326CD4}" = rport=138 | protocol=17 | dir=out | app=system |
"{E0D9A404-1D08-4E42-B76D-72FB89FF5A09}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF4E78F0-189A-4A45-9ABE-F8B9074C8646}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078FE5E9-0547-4BCC-8948-3AC6A51F797D}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe |
"{11E9E1AC-F056-4C96-A410-DE5061C81C28}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{196FB6F4-3FD3-4D1A-B092-FB51E61B29D2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F5B788C-AC96-44C5-AAED-DBF8C8A78666}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{241A8EB7-FFEF-46D5-86B3-362F01BF542A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{27DC0DF2-0BA4-4E29-A5F2-1F9CB064A810}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\jnknds\counter-strike source\hl2.exe |
"{35685DEE-B405-49C6-98CC-CEDF4448DD3C}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.5\icq.exe |
"{371B43BD-26C9-4FA6-8C9B-5635CF9343A9}" = protocol=17 | dir=in | app=d:\program files (x86)\icq7.5\icq.exe |
"{3735775E-668B-415C-AE00-C6E5192728E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39BF755D-12A2-4581-9142-562EAFF455EF}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{476B4BD1-EC97-4560-8270-C1B73352303B}" = protocol=17 | dir=in | app=c:\users\jay\appdata\roaming\dropbox\bin\dropbox.exe |
"{49888138-CAD3-424D-B782-02D2A3C34A9E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{4C5FD61A-95E0-41FB-9C4B-BDEF09CFC5A4}" = protocol=6 | dir=out | app=system |
"{52827191-EB69-4F54-8039-D9FE37D0450F}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe |
"{551A6FB4-C67B-4607-A727-7993466CD794}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{565CD746-51E0-475B-B065-DBD3A075E9B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5C78AA6F-82B0-4678-B312-09172AC7587B}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\jnknds\counter-strike source\hl2.exe |
"{5D233C5F-78B7-4F1C-B378-8E356B714635}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{5E6C6E11-C5E0-454B-8F93-24AE9AE820D0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5E9D482C-B9E9-456D-89F6-C327308696F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67BDB9F9-E690-492C-A9FA-C2E7E214DA4A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{6945F243-4866-4EC6-AAAF-A5205E3F269C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EB7093C-A9F0-4156-9067-F2BD3D2328BD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7084D1DF-6552-4F3A-914D-CD950CBDA749}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{776B39C6-3A18-4003-98D5-532537509B30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{78AB40E6-BA2E-4EAE-B21A-5A91BB2A92B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7D3C1B5C-5749-4750-936A-0D375AA4A281}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe |
"{82B46288-AA52-4A9C-A356-6ACD8628B2CB}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{866C7AB4-5D5B-471F-9066-5E93CA9D26EB}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{877572A4-203C-43D9-91C6-AC03030F3261}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{999E831D-8138-4D16-9C58-4774DA6152B5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9E62929C-D71E-4DAD-ABA6-4A8BD1019478}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9EC24901-2EB1-40B2-AAD5-C7DD2E463C14}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9FDC8553-F6EF-48A0-B81C-5690CA6D8CF0}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{A25D9F94-84AE-42CD-9CDE-409D468D59C3}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{DDDD1199-F682-49D4-8239-C24490FEF9FF}" = protocol=6 | dir=in | app=d:\program files (x86)\icq7.5\icq.exe |
"{EE56B071-1871-406A-A08B-2E54C3152383}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{F77E8CB9-92FB-475E-A9E2-D3658C72CAC7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FCBF4591-78FA-4806-88AE-0F88B72183C9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{0ED79C75-A7F4-4569-BBB8-3F6EACE9F76D}C:\users\jay\desktop\to34\system\tacticalops.exe" = protocol=6 | dir=in | app=c:\users\jay\desktop\to34\system\tacticalops.exe |
"TCP Query User{1F18BDA5-69E9-451D-89EC-AC3D445B80D1}C:\users\jay\desktop\tactical ops\system\tacticalops.exe" = protocol=6 | dir=in | app=c:\users\jay\desktop\tactical ops\system\tacticalops.exe |
"TCP Query User{501D9A21-8BEF-4A12-9439-7F07ECA7143A}C:\users\jay\tactical ops\system\tacticalops.exe" = protocol=6 | dir=in | app=c:\users\jay\tactical ops\system\tacticalops.exe |
"TCP Query User{6EADAAFB-2329-4AEF-B45F-EA2F1F1F6FA7}C:\users\jay\to34\system\tacticalops.exe" = protocol=6 | dir=in | app=c:\users\jay\to34\system\tacticalops.exe |
"TCP Query User{9B23C498-87CA-47C3-BF10-B0F163AE2799}D:\program files (x86)\infogrames\tactical ops\system\tacticalops.exe" = protocol=6 | dir=in | app=d:\program files (x86)\infogrames\tactical ops\system\tacticalops.exe |
"TCP Query User{C20649E6-2338-4E17-BED3-93A84F927FC1}C:\program files (x86)\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"TCP Query User{C9A81289-6239-4A54-8B66-6B1FDF278C12}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"TCP Query User{DCDCDE0F-97E0-4C23-99F8-D2392B03BCCF}C:\users\jay\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jay\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{FC0FC181-A863-4F9C-8347-4F8D9D4B76FF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2107BB9D-8CD6-D2BB-9D67-210C4E2D25B2}" = AMD Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{479B309B-E6B4-4947-8B83-472CF4272582}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8924153C-F29D-3F27-3AAB-389F3B661AD4}" = ccc-utility64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2013
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D4452EF7-1982-400C-82AB-6BE9400A7EC3}" = Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3366905E6EFF86120E12E2DB3F8F2EDC3B7F5003" = Windows-Treiberpaket - Broadcom HIDClass (09/11/2009 6.3.0.1500)
"524FB58AAB1C34915E5DAE6F9A7ABD1AA8C96614" = Windows-Treiberpaket - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600)
"6A044848DB955BAB41313E7878DE4E2C68715F24" = Windows-Treiberpaket - Broadcom Corporation (bcbtums) Bluetooth (03/16/2012 6.5.1.2600)
"73EBF284DDB186EC3E526FEE77E2325097703596" = Windows-Treiberpaket - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600)
"765E3A42F1EB7BB642F073A20918B588DC4D1193" = Windows-Treiberpaket - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600)
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Elantech" = ETDWare PS/2-x64 7.0.7.0_WHQL
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02F3B756-11B3-8077-7FA7-709DDDBAEFD3}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0620AFAE-46B1-AECB-0D8D-DC6884F72BF5}" = Catalyst Control Center Localization All
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFD17F6-0EFB-3CBA-0692-ED193A6F847A}" = CCC Help Norwegian
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{11060D31-08ED-8F55-BB38-0F194E0FE68E}" = CCC Help German
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21F22617-30EA-55D0-C023-574DEFA72935}" = CCC Help English
"{24691EC2-44CA-88CE-D7D8-673C9C21DABB}" = CCC Help Czech
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{2ABC63E9-8E74-F261-4937-C49438279633}" = ccc-core-static
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{41EB4D8C-797B-88DA-9CFD-C265BDEF3BE7}" = CCC Help Greek
"{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1" = Pazera Free MP4 to AVI Converter 1.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{56FD9B91-F0EE-A2AE-7289-28E3110C0D08}" = CCC Help Swedish
"{58240652-2AC8-80E3-B980-7E6F58D64CB3}" = CCC Help Japanese
"{5E0D2061-86AB-4B83-A671-A0BF3FF1537B}_is1" = Vokabel Trainer 5
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{690E2911-8512-65D8-1237-A0E43865F226}" = Catalyst Control Center Graphics Previews Common
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C7CF28E-535B-D453-E935-524116E5D8F3}" = CCC Help Portuguese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77AA84F1-4A5F-34F6-E9FB-75B234E36748}" = CCC Help Korean
"{80A07844-CA64-4DE4-AB61-D37DDBE8074F}" = PDF Architect
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.4.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0054-0407-0000-0000000FF1CE}" = Microsoft Visio MUI (German) 2013
"{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-00B4-0407-0000-0000000FF1CE}" = Microsoft Project MUI (German) 2013
"{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{91150000-003B-0000-0000-0000000FF1CE}" = Microsoft Project Professional 2013
"{91150000-0051-0000-0000-0000000FF1CE}" = Microsoft Visio Professional 2013
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{976A7F36-3904-3444-588F-A4A47DA7DAAA}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E77CE91-C520-6284-5340-2FED3E34537F}" = CCC Help Chinese Standard
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{A4A3BD6D-F267-199A-F402-AC9D8C6A5A1F}" = CCC Help Thai
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B4E5E04E-3738-2736-4925-267AB9A313B0}" = CCC Help Spanish
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7DB6FC7-631D-8767-A3DF-4B1467611D3C}" = CCC Help Turkish
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCE95123-10EF-BF71-EFCC-27413278630B}" = CCC Help Italian
"{BD2E478F-C249-FF8B-F544-E22061BA03C5}" = CCC Help Russian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C96BDE6D-EA35-1445-1E08-634171AE3C82}" = CCC Help Chinese Traditional
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DD048DE6-3FD4-F4C2-A98D-A185CA4D94BA}" = CCC Help Danish
"{DD953122-ECF9-E725-AF9C-BA4C08AAC1B1}" = Catalyst Control Center Graphics Previews Vista
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E912365F-9F51-C5A0-8153-FEFCFF276608}" = CCC Help Polish
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F6AD00BA-3229-D390-84CA-685BFF2F6C21}" = CCC Help Dutch
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FEF8EFCC-F745-9EB2-B313-9902D03A4C5D}" = CCC Help Finnish
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmerigoMedia Hauptstädte-Quiz_is1" = AmerigoMedia Hauptstädte-Quiz
"Audacity_is1" = Audacity 2.0.2
"CamStudio" = CamStudio
"easy Whiteboard" = easy Whiteboard
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Sound Recorder_is1" = Free Sound Recorder v9.4.1
"Free Video Converter_is1" = Free Video Converter V 3.1
"Free Video Dub_is1" = Free Video Dub version 2.0.7.423
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.1.3.903
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"HP Photo Creations" = HP Photo Creations
"IDroo" = IDroo 1.0.0.154
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"Office15.PRJPROR" = Microsoft Project Professional 2013
"Office15.VISPROR" = Microsoft Visio Professional 2013
"PKR" = PKR
"SimpleScreenshot" = SimpleScreenshot 1.40
"Steam App 34030" = Napoleon: Total War
"Steam App 730" = Counter-Strike: Global Offensive
"Tactical Ops" = Tactical Ops
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.98.8
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Video Converter Packages" = Video Converter Packages
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 11/18/2012 6:33:19 PM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 11/18/2012 6:47:19 PM | Computer Name = Jay-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3555.308,
Zeitstempel: 0x4f596cbb Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version:
2.0.10175.3910, Zeitstempel: 0x4b9715b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c9d8
ID
des fehlerhaften Prozesses: 0xb3c Startzeit der fehlerhaften Anwendung: 0x01cdc5de8f869fca
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.ax
Berichtskennung:
e810a694-31d1-11e2-add8-e811322182de
Error - 11/19/2012 2:31:32 AM | Computer Name = Jay-PC | Source = VSS | ID = 12344
Description =
Error - 11/19/2012 2:31:54 AM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 11/19/2012 8:19:28 AM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 11/19/2012 8:47:24 AM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 11/19/2012 8:43:30 PM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 11/20/2012 5:07:53 AM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 11/20/2012 8:25:28 AM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description =
Error - 11/20/2012 3:30:11 PM | Computer Name = Jay-PC | Source = MsiInstaller | ID = 11316
Description =
[ System Events ]
Error - 6/12/2013 2:15:40 PM | Computer Name = Jay-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 6/12/2013 2:16:01 PM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 6/12/2013 2:16:59 PM | Computer Name = Jay-PC | Source = DCOM | ID = 10016
Description =
Error - 6/13/2013 1:44:57 AM | Computer Name = Jay-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 6/13/2013 1:45:19 AM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 6/13/2013 1:46:17 AM | Computer Name = Jay-PC | Source = DCOM | ID = 10016
Description =
Error - 6/13/2013 6:04:37 AM | Computer Name = Jay-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 6/13/2013 6:05:17 AM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 6/13/2013 6:06:15 AM | Computer Name = Jay-PC | Source = DCOM | ID = 10016
Description =
Error - 6/13/2013 8:55:19 AM | Computer Name = Jay-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
|
|
13.06.2013, 18:42
| #4 |
| /// Malware-holic | Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang Hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 23:42
| #5 |
| | Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang 00:37:49.0001 3596 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 00:37:49.0129 3596 ============================================================ 00:37:49.0129 3596 Current date / time: 2013/06/14 00:37:49.0129 00:37:49.0129 3596 SystemInfo: 00:37:49.0129 3596 00:37:49.0129 3596 OS Version: 6.1.7601 ServicePack: 1.0 00:37:49.0129 3596 Product type: Workstation 00:37:49.0129 3596 ComputerName: JAY-PC 00:37:49.0129 3596 UserName: Jay 00:37:49.0129 3596 Windows directory: C:\Windows 00:37:49.0129 3596 System windows directory: C:\Windows 00:37:49.0129 3596 Running under WOW64 00:37:49.0129 3596 Processor architecture: Intel x64 00:37:49.0129 3596 Number of processors: 4 00:37:49.0129 3596 Page size: 0x1000 00:37:49.0129 3596 Boot type: Normal boot 00:37:49.0129 3596 ============================================================ 00:37:49.0469 3596 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 00:37:49.0473 3596 ============================================================ 00:37:49.0473 3596 \Device\Harddisk0\DR0: 00:37:49.0473 3596 MBR partitions: 00:37:49.0473 3596 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000 00:37:49.0473 3596 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x16600000 00:37:49.0496 3596 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x18E33000, BlocksNum 0x21552800 00:37:49.0496 3596 ============================================================ 00:37:49.0526 3596 C: <-> \Device\Harddisk0\DR0\Partition2 00:37:49.0598 3596 D: <-> \Device\Harddisk0\DR0\Partition3 00:37:49.0598 3596 ============================================================ 00:37:49.0598 3596 Initialize success 00:37:49.0598 3596 ============================================================ 00:39:27.0720 1908 ============================================================ 00:39:27.0720 1908 Scan started 00:39:27.0720 1908 Mode: Manual; SigCheck; TDLFS; 00:39:27.0720 1908 ============================================================ 00:39:28.0016 1908 ================ Scan system memory ======================== 00:39:28.0016 1908 System memory - ok 00:39:28.0016 1908 ================ Scan services ============================= 00:39:28.0250 1908 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 00:39:28.0375 1908 1394ohci - ok 00:39:28.0438 1908 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 00:39:28.0469 1908 ACPI - ok 00:39:28.0516 1908 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 00:39:28.0594 1908 AcpiPmi - ok 00:39:28.0734 1908 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 00:39:28.0750 1908 AdobeARMservice - ok 00:39:28.0921 1908 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 00:39:28.0952 1908 AdobeFlashPlayerUpdateSvc - ok 00:39:29.0015 1908 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 00:39:29.0062 1908 adp94xx - ok 00:39:29.0077 1908 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 00:39:29.0093 1908 adpahci - ok 00:39:29.0108 1908 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 00:39:29.0124 1908 adpu320 - ok 00:39:29.0155 1908 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 00:39:29.0374 1908 AeLookupSvc - ok 00:39:29.0405 1908 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 00:39:29.0467 1908 AFD - ok 00:39:29.0514 1908 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 00:39:29.0545 1908 agp440 - ok 00:39:29.0561 1908 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 00:39:29.0623 1908 ALG - ok 00:39:29.0686 1908 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 00:39:29.0717 1908 aliide - ok 00:39:29.0748 1908 [ 94E1920E0E45ABAF0E09CCCCBE99733C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 00:39:29.0826 1908 AMD External Events Utility - ok 00:39:29.0873 1908 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 00:39:29.0888 1908 amdide - ok 00:39:29.0920 1908 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 00:39:29.0966 1908 AmdK8 - ok 00:39:30.0185 1908 [ 3D07F9C090C7A1D76D624972A5384471 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 00:39:30.0466 1908 amdkmdag - ok 00:39:30.0528 1908 [ 99AB7E4B24C80155DC4296F657FAF3C7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 00:39:30.0575 1908 amdkmdap - ok 00:39:30.0606 1908 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 00:39:30.0653 1908 AmdPPM - ok 00:39:30.0700 1908 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 00:39:30.0715 1908 amdsata - ok 00:39:30.0746 1908 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 00:39:30.0778 1908 amdsbs - ok 00:39:30.0778 1908 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 00:39:30.0809 1908 amdxata - ok 00:39:30.0856 1908 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 00:39:31.0012 1908 AppID - ok 00:39:31.0043 1908 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 00:39:31.0136 1908 AppIDSvc - ok 00:39:31.0199 1908 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 00:39:31.0230 1908 Appinfo - ok 00:39:31.0277 1908 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 00:39:31.0292 1908 arc - ok 00:39:31.0292 1908 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 00:39:31.0308 1908 arcsas - ok 00:39:31.0324 1908 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 00:39:31.0402 1908 AsyncMac - ok 00:39:31.0448 1908 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 00:39:31.0464 1908 atapi - ok 00:39:31.0526 1908 [ 2C0BB386E86670BB1B1A57CAAEF3E50D ] athr C:\Windows\system32\DRIVERS\athrx.sys 00:39:31.0620 1908 athr - ok 00:39:31.0698 1908 [ 4D76B51F3BA702BFD060F0A075AACD22 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 00:39:31.0745 1908 AtiHDAudioService - ok 00:39:31.0776 1908 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 00:39:31.0838 1908 AtiHdmiService - ok 00:39:31.0901 1908 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 00:39:31.0963 1908 AudioEndpointBuilder - ok 00:39:31.0963 1908 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 00:39:32.0010 1908 AudioSrv - ok 00:39:32.0072 1908 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 00:39:32.0150 1908 AxInstSV - ok 00:39:32.0197 1908 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 00:39:32.0244 1908 b06bdrv - ok 00:39:32.0291 1908 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 00:39:32.0338 1908 b57nd60a - ok 00:39:32.0384 1908 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 00:39:32.0431 1908 BDESVC - ok 00:39:32.0447 1908 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 00:39:32.0540 1908 Beep - ok 00:39:32.0618 1908 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 00:39:32.0696 1908 BFE - ok 00:39:32.0728 1908 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 00:39:32.0806 1908 BITS - ok 00:39:32.0837 1908 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 00:39:32.0884 1908 blbdrive - ok 00:39:32.0915 1908 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 00:39:32.0962 1908 bowser - ok 00:39:32.0977 1908 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 00:39:33.0055 1908 BrFiltLo - ok 00:39:33.0071 1908 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 00:39:33.0118 1908 BrFiltUp - ok 00:39:33.0180 1908 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 00:39:33.0242 1908 Browser - ok 00:39:33.0274 1908 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 00:39:33.0336 1908 Brserid - ok 00:39:33.0352 1908 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 00:39:33.0383 1908 BrSerWdm - ok 00:39:33.0414 1908 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 00:39:33.0445 1908 BrUsbMdm - ok 00:39:33.0476 1908 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 00:39:33.0508 1908 BrUsbSer - ok 00:39:33.0554 1908 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 00:39:33.0632 1908 BthEnum - ok 00:39:33.0648 1908 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 00:39:33.0695 1908 BTHMODEM - ok 00:39:33.0742 1908 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 00:39:33.0773 1908 BthPan - ok 00:39:33.0820 1908 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 00:39:33.0866 1908 BTHPORT - ok 00:39:33.0913 1908 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 00:39:33.0991 1908 bthserv - ok 00:39:34.0038 1908 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 00:39:34.0069 1908 BTHUSB - ok 00:39:34.0100 1908 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 00:39:34.0163 1908 cdfs - ok 00:39:34.0210 1908 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 00:39:34.0241 1908 cdrom - ok 00:39:34.0303 1908 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 00:39:34.0366 1908 CertPropSvc - ok 00:39:34.0397 1908 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 00:39:34.0444 1908 circlass - ok 00:39:34.0475 1908 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 00:39:34.0506 1908 CLFS - ok 00:39:34.0568 1908 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:39:34.0600 1908 clr_optimization_v2.0.50727_32 - ok 00:39:34.0646 1908 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 00:39:34.0662 1908 clr_optimization_v2.0.50727_64 - ok 00:39:34.0756 1908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:39:34.0771 1908 clr_optimization_v4.0.30319_32 - ok 00:39:34.0802 1908 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 00:39:34.0818 1908 clr_optimization_v4.0.30319_64 - ok 00:39:34.0849 1908 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 00:39:34.0896 1908 CmBatt - ok 00:39:34.0912 1908 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 00:39:34.0927 1908 cmdide - ok 00:39:34.0974 1908 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 00:39:35.0036 1908 CNG - ok 00:39:35.0083 1908 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 00:39:35.0114 1908 Compbatt - ok 00:39:35.0161 1908 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 00:39:35.0208 1908 CompositeBus - ok 00:39:35.0224 1908 COMSysApp - ok 00:39:35.0255 1908 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 00:39:35.0270 1908 crcdisk - ok 00:39:35.0317 1908 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll 00:39:35.0364 1908 CryptSvc - ok 00:39:35.0442 1908 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 00:39:35.0520 1908 DcomLaunch - ok 00:39:35.0551 1908 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 00:39:35.0629 1908 defragsvc - ok 00:39:35.0660 1908 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 00:39:35.0754 1908 DfsC - ok 00:39:35.0816 1908 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 00:39:35.0863 1908 Dhcp - ok 00:39:35.0894 1908 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 00:39:35.0972 1908 discache - ok 00:39:36.0004 1908 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 00:39:36.0035 1908 Disk - ok 00:39:36.0066 1908 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 00:39:36.0113 1908 Dnscache - ok 00:39:36.0144 1908 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 00:39:36.0222 1908 dot3svc - ok 00:39:36.0269 1908 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 00:39:36.0331 1908 DPS - ok 00:39:36.0378 1908 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 00:39:36.0409 1908 drmkaud - ok 00:39:36.0472 1908 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 00:39:36.0503 1908 DXGKrnl - ok 00:39:36.0534 1908 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 00:39:36.0596 1908 EapHost - ok 00:39:36.0706 1908 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 00:39:36.0799 1908 ebdrv - ok 00:39:36.0830 1908 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 00:39:36.0893 1908 EFS - ok 00:39:36.0971 1908 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 00:39:37.0033 1908 ehRecvr - ok 00:39:37.0049 1908 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 00:39:37.0111 1908 ehSched - ok 00:39:37.0174 1908 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 00:39:37.0205 1908 elxstor - ok 00:39:37.0252 1908 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 00:39:37.0283 1908 ErrDev - ok 00:39:37.0330 1908 [ 438021C3F32F30E227D0F5DFD118B7B1 ] ETD C:\Windows\system32\DRIVERS\ETD.sys 00:39:37.0392 1908 ETD - ok 00:39:37.0439 1908 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 00:39:37.0532 1908 EventSystem - ok 00:39:37.0548 1908 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 00:39:37.0626 1908 exfat - ok 00:39:37.0642 1908 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 00:39:37.0735 1908 fastfat - ok 00:39:37.0798 1908 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 00:39:37.0860 1908 Fax - ok 00:39:37.0891 1908 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 00:39:37.0922 1908 fdc - ok 00:39:37.0954 1908 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 00:39:38.0032 1908 fdPHost - ok 00:39:38.0047 1908 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 00:39:38.0094 1908 FDResPub - ok 00:39:38.0125 1908 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 00:39:38.0141 1908 FileInfo - ok 00:39:38.0156 1908 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 00:39:38.0219 1908 Filetrace - ok 00:39:38.0250 1908 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 00:39:38.0266 1908 flpydisk - ok 00:39:38.0297 1908 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 00:39:38.0312 1908 FltMgr - ok 00:39:38.0390 1908 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 00:39:38.0453 1908 FontCache - ok 00:39:38.0515 1908 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 00:39:38.0531 1908 FontCache3.0.0.0 - ok 00:39:38.0562 1908 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 00:39:38.0578 1908 FsDepends - ok 00:39:38.0624 1908 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 00:39:38.0640 1908 Fs_Rec - ok 00:39:38.0687 1908 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 00:39:38.0718 1908 fvevol - ok 00:39:38.0749 1908 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 00:39:38.0765 1908 gagp30kx - ok 00:39:38.0827 1908 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 00:39:38.0921 1908 gpsvc - ok 00:39:38.0952 1908 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 00:39:38.0999 1908 hcw85cir - ok 00:39:39.0061 1908 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 00:39:39.0108 1908 HdAudAddService - ok 00:39:39.0155 1908 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 00:39:39.0202 1908 HDAudBus - ok 00:39:39.0233 1908 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 00:39:39.0248 1908 HidBatt - ok 00:39:39.0248 1908 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 00:39:39.0295 1908 HidBth - ok 00:39:39.0311 1908 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 00:39:39.0358 1908 HidIr - ok 00:39:39.0373 1908 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 00:39:39.0451 1908 hidserv - ok 00:39:39.0498 1908 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 00:39:39.0529 1908 HidUsb - ok 00:39:39.0560 1908 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 00:39:39.0623 1908 hkmsvc - ok 00:39:39.0670 1908 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 00:39:39.0716 1908 HomeGroupListener - ok 00:39:39.0763 1908 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 00:39:39.0810 1908 HomeGroupProvider - ok 00:39:39.0857 1908 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 00:39:39.0888 1908 HpSAMD - ok 00:39:39.0950 1908 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 00:39:40.0028 1908 HTTP - ok 00:39:40.0060 1908 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 00:39:40.0075 1908 hwpolicy - ok 00:39:40.0122 1908 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 00:39:40.0138 1908 i8042prt - ok 00:39:40.0184 1908 [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 00:39:40.0216 1908 iaStor - ok 00:39:40.0278 1908 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 00:39:40.0309 1908 iaStorV - ok 00:39:40.0356 1908 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 00:39:40.0403 1908 idsvc - ok 00:39:40.0574 1908 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 00:39:40.0777 1908 igfx - ok 00:39:40.0824 1908 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 00:39:40.0840 1908 iirsp - ok 00:39:40.0902 1908 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 00:39:40.0996 1908 IKEEXT - ok 00:39:41.0042 1908 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 00:39:41.0089 1908 Impcd - ok 00:39:41.0198 1908 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 00:39:41.0261 1908 IntcAzAudAddService - ok 00:39:41.0308 1908 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 00:39:41.0323 1908 intelide - ok 00:39:41.0354 1908 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 00:39:41.0401 1908 intelppm - ok 00:39:41.0432 1908 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 00:39:41.0510 1908 IPBusEnum - ok 00:39:41.0557 1908 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:39:41.0588 1908 IpFilterDriver - ok 00:39:41.0635 1908 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 00:39:41.0682 1908 iphlpsvc - ok 00:39:41.0713 1908 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 00:39:41.0745 1908 IPMIDRV - ok 00:39:41.0776 1908 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 00:39:41.0838 1908 IPNAT - ok 00:39:41.0854 1908 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 00:39:41.0885 1908 IRENUM - ok 00:39:41.0916 1908 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 00:39:41.0916 1908 isapnp - ok 00:39:41.0963 1908 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 00:39:41.0994 1908 iScsiPrt - ok 00:39:42.0041 1908 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 00:39:42.0072 1908 kbdclass - ok 00:39:42.0103 1908 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 00:39:42.0135 1908 kbdhid - ok 00:39:42.0166 1908 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 00:39:42.0181 1908 KeyIso - ok 00:39:42.0228 1908 [ B355CDD82F914D681DADEF1049D8174A ] KovaPlusFltr C:\Windows\system32\drivers\KovaPlusFltr.sys 00:39:42.0259 1908 KovaPlusFltr - ok 00:39:42.0291 1908 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 00:39:42.0306 1908 KSecDD - ok 00:39:42.0353 1908 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 00:39:42.0369 1908 KSecPkg - ok 00:39:42.0415 1908 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 00:39:42.0478 1908 ksthunk - ok 00:39:42.0525 1908 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 00:39:42.0587 1908 KtmRm - ok 00:39:42.0649 1908 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 00:39:42.0727 1908 LanmanServer - ok 00:39:42.0774 1908 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 00:39:42.0868 1908 LanmanWorkstation - ok 00:39:42.0899 1908 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 00:39:42.0961 1908 lltdio - ok 00:39:43.0008 1908 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 00:39:43.0086 1908 lltdsvc - ok 00:39:43.0117 1908 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 00:39:43.0180 1908 lmhosts - ok 00:39:43.0227 1908 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 00:39:43.0258 1908 LSI_FC - ok 00:39:43.0258 1908 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 00:39:43.0289 1908 LSI_SAS - ok 00:39:43.0305 1908 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 00:39:43.0320 1908 LSI_SAS2 - ok 00:39:43.0336 1908 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 00:39:43.0351 1908 LSI_SCSI - ok 00:39:43.0383 1908 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 00:39:43.0461 1908 luafv - ok 00:39:43.0492 1908 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 00:39:43.0507 1908 Mcx2Svc - ok 00:39:43.0539 1908 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 00:39:43.0554 1908 megasas - ok 00:39:43.0601 1908 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 00:39:43.0617 1908 MegaSR - ok 00:39:43.0757 1908 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 00:39:43.0757 1908 Microsoft Office Groove Audit Service - ok 00:39:43.0788 1908 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 00:39:43.0835 1908 MMCSS - ok 00:39:43.0851 1908 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 00:39:43.0897 1908 Modem - ok 00:39:43.0944 1908 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 00:39:43.0960 1908 monitor - ok 00:39:44.0007 1908 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 00:39:44.0022 1908 mouclass - ok 00:39:44.0053 1908 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 00:39:44.0069 1908 mouhid - ok 00:39:44.0100 1908 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 00:39:44.0116 1908 mountmgr - ok 00:39:44.0116 1908 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 00:39:44.0131 1908 mpio - ok 00:39:44.0163 1908 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 00:39:44.0194 1908 mpsdrv - ok 00:39:44.0241 1908 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 00:39:44.0334 1908 MpsSvc - ok 00:39:44.0350 1908 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 00:39:44.0381 1908 MRxDAV - ok 00:39:44.0412 1908 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 00:39:44.0459 1908 mrxsmb - ok 00:39:44.0506 1908 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:39:44.0537 1908 mrxsmb10 - ok 00:39:44.0568 1908 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:39:44.0615 1908 mrxsmb20 - ok 00:39:44.0646 1908 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 00:39:44.0677 1908 msahci - ok 00:39:44.0709 1908 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 00:39:44.0724 1908 msdsm - ok 00:39:44.0755 1908 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 00:39:44.0787 1908 MSDTC - ok 00:39:44.0818 1908 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 00:39:44.0896 1908 Msfs - ok 00:39:44.0911 1908 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 00:39:45.0005 1908 mshidkmdf - ok 00:39:45.0021 1908 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 00:39:45.0036 1908 msisadrv - ok 00:39:45.0083 1908 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 00:39:45.0145 1908 MSiSCSI - ok 00:39:45.0145 1908 msiserver - ok 00:39:45.0192 1908 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 00:39:45.0223 1908 MSKSSRV - ok 00:39:45.0239 1908 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 00:39:45.0317 1908 MSPCLOCK - ok 00:39:45.0348 1908 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 00:39:45.0426 1908 MSPQM - ok 00:39:45.0442 1908 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 00:39:45.0473 1908 MsRPC - ok 00:39:45.0504 1908 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 00:39:45.0520 1908 mssmbios - ok 00:39:45.0567 1908 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 00:39:45.0629 1908 MSTEE - ok 00:39:45.0645 1908 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 00:39:45.0660 1908 MTConfig - ok 00:39:45.0707 1908 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 00:39:45.0723 1908 Mup - ok 00:39:45.0769 1908 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 00:39:45.0863 1908 napagent - ok 00:39:45.0910 1908 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 00:39:45.0957 1908 NativeWifiP - ok 00:39:46.0019 1908 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 00:39:46.0066 1908 NDIS - ok 00:39:46.0097 1908 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 00:39:46.0159 1908 NdisCap - ok 00:39:46.0206 1908 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 00:39:46.0269 1908 NdisTapi - ok 00:39:46.0300 1908 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 00:39:46.0378 1908 Ndisuio - ok 00:39:46.0409 1908 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 00:39:46.0487 1908 NdisWan - ok 00:39:46.0503 1908 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 00:39:46.0581 1908 NDProxy - ok 00:39:46.0627 1908 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 00:39:46.0659 1908 NetBIOS - ok 00:39:46.0690 1908 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 00:39:46.0752 1908 NetBT - ok 00:39:46.0768 1908 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 00:39:46.0768 1908 Netlogon - ok 00:39:46.0830 1908 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 00:39:46.0908 1908 Netman - ok 00:39:46.0939 1908 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 00:39:47.0002 1908 netprofm - ok 00:39:47.0033 1908 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 00:39:47.0049 1908 NetTcpPortSharing - ok 00:39:47.0080 1908 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 00:39:47.0095 1908 nfrd960 - ok 00:39:47.0127 1908 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 00:39:47.0173 1908 NlaSvc - ok 00:39:47.0314 1908 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 00:39:47.0407 1908 NOBU - ok 00:39:47.0423 1908 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 00:39:47.0470 1908 Npfs - ok 00:39:47.0485 1908 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 00:39:47.0563 1908 nsi - ok 00:39:47.0595 1908 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 00:39:47.0673 1908 nsiproxy - ok 00:39:47.0751 1908 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 00:39:47.0813 1908 Ntfs - ok 00:39:47.0829 1908 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 00:39:47.0907 1908 Null - ok 00:39:47.0938 1908 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 00:39:47.0953 1908 nvraid - ok 00:39:47.0969 1908 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 00:39:47.0985 1908 nvstor - ok 00:39:48.0031 1908 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 00:39:48.0047 1908 nv_agp - ok 00:39:48.0156 1908 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 00:39:48.0187 1908 odserv - ok 00:39:48.0219 1908 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 00:39:48.0250 1908 ohci1394 - ok 00:39:48.0312 1908 [ 2B8E4C792BED0E5882702720BC528AE5 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 00:39:48.0343 1908 ose - ok 00:39:48.0562 1908 [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 00:39:48.0780 1908 osppsvc - ok 00:39:48.0811 1908 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 00:39:48.0874 1908 p2pimsvc - ok 00:39:48.0905 1908 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 00:39:48.0936 1908 p2psvc - ok 00:39:48.0983 1908 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 00:39:49.0014 1908 Parport - ok 00:39:49.0045 1908 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 00:39:49.0077 1908 partmgr - ok 00:39:49.0108 1908 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 00:39:49.0155 1908 PcaSvc - ok 00:39:49.0170 1908 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 00:39:49.0201 1908 pci - ok 00:39:49.0248 1908 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 00:39:49.0264 1908 pciide - ok 00:39:49.0279 1908 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 00:39:49.0311 1908 pcmcia - ok 00:39:49.0326 1908 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 00:39:49.0342 1908 pcw - ok 00:39:49.0451 1908 [ A1688A4FB2EC49D040C027EF6DC7A87B ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe 00:39:49.0498 1908 PDF Architect Helper Service - ok 00:39:49.0560 1908 [ E23FF9B2F8EEAB2BDDA681C21C48E843 ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe 00:39:49.0591 1908 PDF Architect Service - ok 00:39:49.0638 1908 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 00:39:49.0732 1908 PEAUTH - ok 00:39:49.0810 1908 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 00:39:49.0841 1908 PerfHost - ok 00:39:49.0919 1908 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 00:39:50.0013 1908 pla - ok 00:39:50.0059 1908 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 00:39:50.0122 1908 PlugPlay - ok 00:39:50.0153 1908 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 00:39:50.0169 1908 PNRPAutoReg - ok 00:39:50.0200 1908 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 00:39:50.0215 1908 PNRPsvc - ok 00:39:50.0262 1908 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 00:39:50.0340 1908 PolicyAgent - ok 00:39:50.0356 1908 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 00:39:50.0418 1908 Power - ok 00:39:50.0449 1908 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 00:39:50.0512 1908 PptpMiniport - ok 00:39:50.0543 1908 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 00:39:50.0574 1908 Processor - ok 00:39:50.0605 1908 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 00:39:50.0652 1908 ProfSvc - ok 00:39:50.0668 1908 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 00:39:50.0683 1908 ProtectedStorage - ok 00:39:50.0730 1908 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 00:39:50.0808 1908 Psched - ok 00:39:50.0871 1908 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 00:39:50.0933 1908 ql2300 - ok 00:39:50.0964 1908 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 00:39:50.0980 1908 ql40xx - ok 00:39:51.0027 1908 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 00:39:51.0073 1908 QWAVE - ok 00:39:51.0089 1908 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 00:39:51.0136 1908 QWAVEdrv - ok 00:39:51.0151 1908 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 00:39:51.0198 1908 RasAcd - ok 00:39:51.0229 1908 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 00:39:51.0307 1908 RasAgileVpn - ok 00:39:51.0339 1908 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 00:39:51.0401 1908 RasAuto - ok 00:39:51.0463 1908 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 00:39:51.0526 1908 Rasl2tp - ok 00:39:51.0573 1908 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 00:39:51.0651 1908 RasMan - ok 00:39:51.0682 1908 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 00:39:51.0744 1908 RasPppoe - ok 00:39:51.0760 1908 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 00:39:51.0822 1908 RasSstp - ok 00:39:51.0853 1908 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 00:39:51.0931 1908 rdbss - ok 00:39:51.0963 1908 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 00:39:51.0994 1908 rdpbus - ok 00:39:52.0025 1908 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 00:39:52.0103 1908 RDPCDD - ok 00:39:52.0134 1908 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 00:39:52.0181 1908 RDPENCDD - ok 00:39:52.0181 1908 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 00:39:52.0243 1908 RDPREFMP - ok 00:39:52.0275 1908 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 00:39:52.0306 1908 RDPWD - ok 00:39:52.0368 1908 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 00:39:52.0399 1908 rdyboost - ok 00:39:52.0431 1908 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 00:39:52.0509 1908 RemoteAccess - ok 00:39:52.0540 1908 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 00:39:52.0602 1908 RemoteRegistry - ok 00:39:52.0649 1908 [ F85AE59A52885F4B09AADAFB23001A3B ] Rezip C:\Windows\SysWOW64\Rezip.exe 00:39:52.0665 1908 Rezip ( UnsignedFile.Multi.Generic ) - warning 00:39:52.0665 1908 Rezip - detected UnsignedFile.Multi.Generic (1) 00:39:52.0711 1908 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 00:39:52.0758 1908 RFCOMM - ok 00:39:52.0789 1908 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 00:39:52.0852 1908 RpcEptMapper - ok 00:39:52.0883 1908 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 00:39:52.0914 1908 RpcLocator - ok 00:39:52.0945 1908 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 00:39:53.0023 1908 RpcSs - ok 00:39:53.0070 1908 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 00:39:53.0133 1908 rspndr - ok 00:39:53.0164 1908 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 00:39:53.0211 1908 RTL8167 - ok 00:39:53.0289 1908 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\Windows\SysWOW64\drivers\rtport.sys 00:39:53.0304 1908 rtport - ok 00:39:53.0335 1908 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\Windows\system32\Drivers\SABI.sys 00:39:53.0382 1908 SABI - ok 00:39:53.0398 1908 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 00:39:53.0413 1908 SamSs - ok 00:39:53.0445 1908 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 00:39:53.0476 1908 sbp2port - ok 00:39:53.0491 1908 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 00:39:53.0569 1908 SCardSvr - ok 00:39:53.0601 1908 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 00:39:53.0694 1908 scfilter - ok 00:39:53.0741 1908 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 00:39:53.0819 1908 Schedule - ok 00:39:53.0850 1908 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 00:39:53.0897 1908 SCPolicySvc - ok 00:39:53.0944 1908 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 00:39:53.0991 1908 SDRSVC - ok 00:39:54.0037 1908 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 00:39:54.0115 1908 secdrv - ok 00:39:54.0131 1908 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 00:39:54.0193 1908 seclogon - ok 00:39:54.0240 1908 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 00:39:54.0303 1908 SENS - ok 00:39:54.0318 1908 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 00:39:54.0349 1908 SensrSvc - ok 00:39:54.0381 1908 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 00:39:54.0427 1908 Serenum - ok 00:39:54.0459 1908 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 00:39:54.0490 1908 Serial - ok 00:39:54.0521 1908 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 00:39:54.0568 1908 sermouse - ok 00:39:54.0599 1908 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 00:39:54.0693 1908 SessionEnv - ok 00:39:54.0724 1908 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 00:39:54.0771 1908 sffdisk - ok 00:39:54.0786 1908 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 00:39:54.0817 1908 sffp_mmc - ok 00:39:54.0849 1908 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 00:39:54.0895 1908 sffp_sd - ok 00:39:54.0927 1908 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 00:39:54.0958 1908 sfloppy - ok 00:39:55.0005 1908 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 00:39:55.0083 1908 SharedAccess - ok 00:39:55.0114 1908 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 00:39:55.0207 1908 ShellHWDetection - ok 00:39:55.0239 1908 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 00:39:55.0254 1908 SiSRaid2 - ok 00:39:55.0285 1908 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 00:39:55.0301 1908 SiSRaid4 - ok 00:39:55.0363 1908 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 00:39:55.0379 1908 SkypeUpdate - ok 00:39:55.0410 1908 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 00:39:55.0488 1908 Smb - ok 00:39:55.0535 1908 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 00:39:55.0566 1908 SNMPTRAP - ok 00:39:55.0582 1908 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 00:39:55.0597 1908 spldr - ok 00:39:55.0644 1908 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 00:39:55.0707 1908 Spooler - ok 00:39:55.0831 1908 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 00:39:55.0972 1908 sppsvc - ok 00:39:55.0987 1908 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 00:39:56.0065 1908 sppuinotify - ok 00:39:56.0128 1908 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys 00:39:56.0128 1908 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB 00:39:56.0128 1908 sptd ( LockedFile.Multi.Generic ) - warning 00:39:56.0128 1908 sptd - detected LockedFile.Multi.Generic (1) 00:39:56.0159 1908 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 00:39:56.0221 1908 srv - ok 00:39:56.0268 1908 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 00:39:56.0299 1908 srv2 - ok 00:39:56.0331 1908 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 00:39:56.0377 1908 srvnet - ok 00:39:56.0424 1908 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 00:39:56.0487 1908 SSDPSRV - ok 00:39:56.0502 1908 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 00:39:56.0565 1908 SstpSvc - ok 00:39:56.0596 1908 StarOpen - ok 00:39:56.0627 1908 Steam Client Service - ok 00:39:56.0643 1908 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 00:39:56.0674 1908 stexstor - ok 00:39:56.0705 1908 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys 00:39:56.0736 1908 StillCam - ok 00:39:56.0783 1908 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 00:39:56.0830 1908 stisvc - ok 00:39:56.0877 1908 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 00:39:56.0892 1908 swenum - ok 00:39:56.0923 1908 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 00:39:57.0001 1908 swprv - ok 00:39:57.0079 1908 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 00:39:57.0157 1908 SysMain - ok 00:39:57.0204 1908 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 00:39:57.0251 1908 TabletInputService - ok 00:39:57.0282 1908 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 00:39:57.0360 1908 TapiSrv - ok 00:39:57.0391 1908 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 00:39:57.0469 1908 TBS - ok 00:39:57.0579 1908 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 00:39:57.0641 1908 Tcpip - ok 00:39:57.0719 1908 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 00:39:57.0766 1908 TCPIP6 - ok 00:39:57.0797 1908 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 00:39:57.0828 1908 tcpipreg - ok 00:39:57.0859 1908 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 00:39:57.0906 1908 TDPIPE - ok 00:39:57.0937 1908 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 00:39:57.0953 1908 TDTCP - ok 00:39:58.0000 1908 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 00:39:58.0078 1908 tdx - ok 00:39:58.0140 1908 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 00:39:58.0156 1908 TermDD - ok 00:39:58.0218 1908 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 00:39:58.0312 1908 TermService - ok 00:39:58.0343 1908 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 00:39:58.0390 1908 Themes - ok 00:39:58.0421 1908 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 00:39:58.0468 1908 THREADORDER - ok 00:39:58.0499 1908 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 00:39:58.0577 1908 TrkWks - ok 00:39:58.0639 1908 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 00:39:58.0733 1908 TrustedInstaller - ok 00:39:58.0764 1908 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 00:39:58.0811 1908 tssecsrv - ok 00:39:58.0858 1908 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 00:39:58.0889 1908 TsUsbFlt - ok 00:39:58.0936 1908 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 00:39:58.0998 1908 tunnel - ok 00:39:59.0061 1908 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys 00:39:59.0076 1908 TurboB - ok 00:39:59.0107 1908 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 00:39:59.0123 1908 TurboBoost - ok 00:39:59.0154 1908 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 00:39:59.0170 1908 uagp35 - ok 00:39:59.0217 1908 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 00:39:59.0295 1908 udfs - ok 00:39:59.0326 1908 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 00:39:59.0357 1908 UI0Detect - ok 00:39:59.0373 1908 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 00:39:59.0388 1908 uliagpkx - ok 00:39:59.0435 1908 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 00:39:59.0482 1908 umbus - ok 00:39:59.0513 1908 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 00:39:59.0560 1908 UmPass - ok 00:39:59.0591 1908 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 00:39:59.0669 1908 upnphost - ok 00:39:59.0731 1908 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 00:39:59.0778 1908 usbaudio - ok 00:39:59.0825 1908 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 00:39:59.0887 1908 usbccgp - ok 00:39:59.0934 1908 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 00:39:59.0965 1908 usbcir - ok 00:39:59.0997 1908 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 00:40:00.0028 1908 usbehci - ok 00:40:00.0075 1908 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 00:40:00.0121 1908 usbhub - ok 00:40:00.0153 1908 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 00:40:00.0184 1908 usbohci - ok 00:40:00.0231 1908 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 00:40:00.0262 1908 usbprint - ok 00:40:00.0293 1908 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 00:40:00.0340 1908 usbscan - ok 00:40:00.0355 1908 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:40:00.0402 1908 USBSTOR - ok 00:40:00.0449 1908 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 00:40:00.0480 1908 usbuhci - ok 00:40:00.0558 1908 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 00:40:00.0605 1908 usbvideo - ok 00:40:00.0636 1908 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 00:40:00.0699 1908 UxSms - ok 00:40:00.0714 1908 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 00:40:00.0714 1908 VaultSvc - ok 00:40:00.0745 1908 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 00:40:00.0761 1908 vdrvroot - ok 00:40:00.0808 1908 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 00:40:00.0901 1908 vds - ok 00:40:00.0933 1908 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 00:40:00.0964 1908 vga - ok 00:40:00.0979 1908 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 00:40:01.0057 1908 VgaSave - ok 00:40:01.0104 1908 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 00:40:01.0135 1908 vhdmp - ok 00:40:01.0167 1908 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 00:40:01.0182 1908 viaide - ok 00:40:01.0198 1908 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 00:40:01.0229 1908 volmgr - ok 00:40:01.0276 1908 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 00:40:01.0291 1908 volmgrx - ok 00:40:01.0338 1908 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 00:40:01.0354 1908 volsnap - ok 00:40:01.0401 1908 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 00:40:01.0416 1908 vsmraid - ok 00:40:01.0494 1908 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 00:40:01.0603 1908 VSS - ok 00:40:01.0619 1908 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 00:40:01.0635 1908 vwifibus - ok 00:40:01.0666 1908 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 00:40:01.0713 1908 vwififlt - ok 00:40:01.0744 1908 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 00:40:01.0791 1908 vwifimp - ok 00:40:01.0822 1908 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 00:40:01.0884 1908 W32Time - ok 00:40:01.0900 1908 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 00:40:01.0931 1908 WacomPen - ok 00:40:01.0993 1908 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 00:40:02.0071 1908 WANARP - ok 00:40:02.0087 1908 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 00:40:02.0118 1908 Wanarpv6 - ok 00:40:02.0196 1908 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 00:40:02.0274 1908 wbengine - ok 00:40:02.0305 1908 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 00:40:02.0352 1908 WbioSrvc - ok 00:40:02.0383 1908 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 00:40:02.0446 1908 wcncsvc - ok 00:40:02.0493 1908 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 00:40:02.0524 1908 WcsPlugInService - ok 00:40:02.0539 1908 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 00:40:02.0555 1908 Wd - ok 00:40:02.0602 1908 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 00:40:02.0649 1908 Wdf01000 - ok 00:40:02.0664 1908 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 00:40:02.0758 1908 WdiServiceHost - ok 00:40:02.0773 1908 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 00:40:02.0805 1908 WdiSystemHost - ok 00:40:02.0851 1908 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 00:40:02.0883 1908 WebClient - ok 00:40:02.0914 1908 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 00:40:02.0961 1908 Wecsvc - ok 00:40:02.0976 1908 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 00:40:03.0023 1908 wercplsupport - ok 00:40:03.0070 1908 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 00:40:03.0148 1908 WerSvc - ok 00:40:03.0179 1908 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 00:40:03.0241 1908 WfpLwf - ok 00:40:03.0257 1908 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 00:40:03.0257 1908 WIMMount - ok 00:40:03.0288 1908 WinDefend - ok 00:40:03.0304 1908 WinHttpAutoProxySvc - ok 00:40:03.0366 1908 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 00:40:03.0429 1908 Winmgmt - ok 00:40:03.0507 1908 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 00:40:03.0616 1908 WinRM - ok 00:40:03.0678 1908 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 00:40:03.0709 1908 WinUsb - ok 00:40:03.0741 1908 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 00:40:03.0819 1908 Wlansvc - ok 00:40:03.0943 1908 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 00:40:04.0006 1908 wlidsvc - ok 00:40:04.0053 1908 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 00:40:04.0068 1908 WmiAcpi - ok 00:40:04.0099 1908 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 00:40:04.0131 1908 wmiApSrv - ok 00:40:04.0162 1908 WMPNetworkSvc - ok 00:40:04.0193 1908 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 00:40:04.0224 1908 WPCSvc - ok 00:40:04.0255 1908 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 00:40:04.0287 1908 WPDBusEnum - ok 00:40:04.0318 1908 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 00:40:04.0365 1908 ws2ifsl - ok 00:40:04.0380 1908 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 00:40:04.0427 1908 wscsvc - ok 00:40:04.0458 1908 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 00:40:04.0505 1908 WSDPrintDevice - ok 00:40:04.0505 1908 WSearch - ok 00:40:04.0614 1908 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 00:40:04.0692 1908 wuauserv - ok 00:40:04.0739 1908 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 00:40:04.0770 1908 WudfPf - ok 00:40:04.0833 1908 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 00:40:04.0864 1908 WUDFRd - ok 00:40:04.0895 1908 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 00:40:04.0942 1908 wudfsvc - ok 00:40:04.0989 1908 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 00:40:05.0020 1908 WwanSvc - ok 00:40:05.0051 1908 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 00:40:05.0129 1908 yukonw7 - ok 00:40:05.0176 1908 ================ Scan global =============================== 00:40:05.0207 1908 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 00:40:05.0238 1908 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 00:40:05.0254 1908 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 00:40:05.0285 1908 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 00:40:05.0316 1908 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 00:40:05.0316 1908 [Global] - ok 00:40:05.0316 1908 ================ Scan MBR ================================== 00:40:05.0332 1908 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0 00:40:06.0112 1908 \Device\Harddisk0\DR0 - ok 00:40:06.0112 1908 ================ Scan VBR ================================== 00:40:06.0127 1908 [ 98FA392A7F5F4A5EAE8D5AA6861452C8 ] \Device\Harddisk0\DR0\Partition1 00:40:06.0127 1908 \Device\Harddisk0\DR0\Partition1 - ok 00:40:06.0143 1908 [ B4AED65CCDE0A5E481E56860E57A7DD8 ] \Device\Harddisk0\DR0\Partition2 00:40:06.0143 1908 \Device\Harddisk0\DR0\Partition2 - ok 00:40:06.0174 1908 [ 1E6A1AA3E3B2BFB1729990198EF0B2F7 ] \Device\Harddisk0\DR0\Partition3 00:40:06.0174 1908 \Device\Harddisk0\DR0\Partition3 - ok 00:40:06.0174 1908 ============================================================ 00:40:06.0174 1908 Scan finished 00:40:06.0174 1908 ============================================================ 00:40:06.0190 3660 Detected object count: 2 00:40:06.0190 3660 Actual detected object count: 2 00:40:39.0340 3660 Rezip ( UnsignedFile.Multi.Generic ) - skipped by user 00:40:39.0340 3660 Rezip ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:40:39.0340 3660 sptd ( LockedFile.Multi.Generic ) - skipped by user 00:40:39.0340 3660 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 00:41:00.0603 2760 Deinitialize success |
|
14.06.2013, 12:57
| #6 |
| /// Malware-holic | Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang Hi, Scan mit Combofix
__________________ --> Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang |
|
14.06.2013, 19:41
| #7 |
| | Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang Combofix Logfile: Code:
ATTFilter ComboFix 13-06-13.01 - Jay 14.06.2013 20:31:46.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3946.2662 [GMT 2:00]
ausgeführt von:: c:\users\Jay\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\sss
c:\program files (x86)\sss\licence.txt
c:\program files (x86)\sss\ReadMe.txt
c:\program files (x86)\sss\SimpleScreenshot.exe
c:\program files (x86)\sss\upload.php
c:\programdata\FullRemove.exe
c:\users\Jay\AppData\Roaming\convert\convert.exe
c:\users\Jay\Documents\~WRL0672.tmp
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-14 bis 2013-06-14 ))))))))))))))))))))))))))))))
.
.
2013-06-14 18:36 . 2013-06-14 18:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-14 06:31 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDD72AC2-C7CA-416F-B5D5-05509D621DE4}\mpengine.dll
2013-06-12 18:26 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 18:25 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-06-12 18:25 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-06-05 16:31 . 2013-06-05 16:33 -------- d-----w- c:\users\Jay\Hamburg Company Tour
2013-06-02 12:28 . 2013-06-05 16:32 -------- d-----w- c:\users\Jay\Norderney 2013
2013-05-26 16:11 . 2013-05-26 17:55 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2013-05-26 16:10 . 2013-05-26 16:10 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-05-26 15:07 . 2013-05-26 15:08 -------- d-----w- c:\users\Jay\AppData\Roaming\ImgBurn
2013-05-26 14:55 . 2013-05-26 14:55 -------- d-----w- c:\program files (x86)\ImgBurn
2013-05-24 14:38 . 2013-05-24 14:38 -------- d-----w- c:\users\Jay\AppData\Roaming\e-academy Inc
2013-05-24 14:38 . 2013-05-24 14:38 -------- d-----w- c:\users\Jay\AppData\Local\e-academy Inc
2013-05-24 00:38 . 2013-05-24 00:38 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-21 19:32 . 2013-05-21 19:32 -------- d-----w- c:\users\Jay\AppData\Roaming\IrfanView
2013-05-21 19:32 . 2013-05-21 19:32 -------- d-----w- c:\program files (x86)\IrfanView
2013-05-21 19:24 . 2013-05-21 19:24 -------- d-----w- c:\users\Jay\AppData\Roaming\Bildverkleinerer
2013-05-21 19:12 . 2013-06-14 07:40 -------- d-----r- c:\users\Jay\Dropbox
2013-05-21 19:11 . 2013-06-14 07:40 -------- d-----w- c:\users\Jay\AppData\Roaming\Dropbox
2013-05-21 15:42 . 2013-06-12 09:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-21 15:42 . 2013-06-12 09:42 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-21 15:23 . 2013-06-07 21:09 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-05-21 15:18 . 2013-05-21 15:18 -------- d-----w- c:\users\Jay\AppData\Local\Adobe
2013-05-20 19:42 . 2013-05-20 19:42 6572736 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2013-05-20 19:42 . 2013-05-20 19:42 6795992 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2013-05-20 18:25 . 2013-05-20 18:25 5079256 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2013-05-20 18:25 . 2013-05-20 18:25 4843712 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2013-05-20 18:25 . 2013-05-20 18:25 25367232 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2013-05-18 05:24 . 2013-05-18 05:24 2976448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\1031\MSOINTL.DLL
2013-05-16 10:39 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 10:39 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 10:39 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 10:39 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-16 10:39 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-16 10:39 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-16 10:39 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-16 10:39 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 10:39 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-16 10:38 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-16 10:38 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 10:38 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 09:42 . 2013-05-14 23:04 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-14 09:04 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2012-04-28 12:42 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 23:45 . 2013-04-16 23:45 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-04-16 23:45 . 2013-04-16 23:45 971680 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-16 23:45 . 2013-04-16 23:45 311200 ----a-w- c:\windows\system32\javaws.exe
2013-04-16 23:45 . 2013-04-16 23:45 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-04-16 23:45 . 2013-04-16 23:45 188832 ----a-w- c:\windows\system32\javaw.exe
2013-04-16 23:45 . 2013-04-16 23:45 188320 ----a-w- c:\windows\system32\java.exe
2013-04-13 05:49 . 2013-05-16 10:39 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 10:39 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 10:39 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 10:39 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 10:39 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 10:39 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 08:19 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-24 10:54 . 2013-03-24 10:54 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-24 10:54 . 2013-03-24 10:54 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-24 10:54 . 2013-03-24 10:54 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-24 10:54 . 2013-03-24 10:54 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-24 10:54 . 2013-03-24 10:54 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-24 10:54 . 2013-03-24 10:54 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-24 10:54 . 2013-03-24 10:54 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-24 10:54 . 2013-03-24 10:54 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-24 10:54 . 2013-03-24 10:54 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-24 10:54 . 2013-03-24 10:54 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-24 10:54 . 2013-03-24 10:54 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-24 10:54 . 2013-03-24 10:54 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-24 10:54 . 2013-03-24 10:54 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-24 10:54 . 2013-03-24 10:54 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-24 10:54 . 2013-03-24 10:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-24 10:54 . 2013-03-24 10:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-24 10:54 . 2013-03-24 10:54 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-24 10:54 . 2013-03-24 10:54 441856 ----a-w- c:\windows\system32\html.iec
2013-03-24 10:54 . 2013-03-24 10:54 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-24 10:54 . 2013-03-24 10:54 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-24 10:54 . 2013-03-24 10:54 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-24 10:54 . 2013-03-24 10:54 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-24 10:54 . 2013-03-24 10:54 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-24 10:54 . 2013-03-24 10:54 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-24 10:54 . 2013-03-24 10:54 235008 ----a-w- c:\windows\system32\url.dll
2013-03-24 10:54 . 2013-03-24 10:54 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-24 10:54 . 2013-03-24 10:54 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-24 10:54 . 2013-03-24 10:54 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-24 10:54 . 2013-03-24 10:54 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-24 10:54 . 2013-03-24 10:54 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-24 10:54 . 2013-03-24 10:54 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-24 10:54 . 2013-03-24 10:54 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-24 10:54 . 2013-03-24 10:54 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-24 10:54 . 2013-03-24 10:54 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-24 10:54 . 2013-03-24 10:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-24 10:54 . 2013-03-24 10:54 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-24 10:54 . 2013-03-24 10:54 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-24 10:54 . 2013-03-24 10:54 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-24 10:54 . 2013-03-24 10:54 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-24 10:54 . 2013-03-24 10:54 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-24 10:54 . 2013-03-24 10:54 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-24 10:54 . 2013-03-24 10:54 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-24 10:54 . 2013-03-24 10:54 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-24 10:54 . 2013-03-24 10:54 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-24 10:54 . 2013-03-24 10:54 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-24 10:54 . 2013-03-24 10:54 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-24 10:54 . 2013-03-24 10:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-24 10:54 . 2013-03-24 10:54 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-24 10:54 . 2013-03-24 10:54 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-24 10:53 . 2013-03-24 10:53 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-03-24 10:53 . 2013-03-24 10:53 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-03-24 10:53 . 2013-03-24 10:53 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-03-24 10:53 . 2013-03-24 10:53 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-03-24 10:53 . 2013-03-24 10:53 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-03-24 10:53 . 2013-03-24 10:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-03-24 10:53 . 2013-03-24 10:53 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-24 10:53 . 2013-03-24 10:53 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-03-24 10:53 . 2013-03-24 10:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-03-24 10:53 . 2013-03-24 10:53 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-03-24 10:53 . 2013-03-24 10:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-03-24 10:53 . 2013-03-24 10:53 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-03-24 10:53 . 2013-03-24 10:53 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-03-24 10:53 . 2013-03-24 10:53 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-03-24 10:53 . 2013-03-24 10:53 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-24 10:53 . 2013-03-24 10:53 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-03-24 10:53 . 2013-03-24 10:53 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-03-24 10:53 . 2013-03-24 10:53 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-24 10:53 . 2013-03-24 10:53 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-03-24 10:53 . 2013-03-24 10:53 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 130736 ----a-w- c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 130736 ----a-w- c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 130736 ----a-w- c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 130736 ----a-w- c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
c:\users\Jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jay\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe;c:\windows\SysWOW64\Rezip.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 KovaPlusFltr;ROCCAT Kova[+] Mouse;c:\windows\system32\drivers\KovaPlusFltr.sys;c:\windows\SYSNATIVE\drivers\KovaPlusFltr.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-21 09:42]
.
2013-06-14 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-20 19:59 2328776 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-20 19:59 2328776 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-20 19:59 2328776 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 164016 ----a-w- c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 164016 ----a-w- c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 164016 ----a-w- c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-17 14:45 164016 ----a-w- c:\users\Jay\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\Jay\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - d:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 134.102.20.20 134.102.149.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Jay\AppData\Roaming\Mozilla\Firefox\Profiles\72rlucgj.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - Google
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=
FF - ExtSQL: !HIDDEN! 2012-12-25 16:47; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files (x86)\Common Files\DVDVideoSoft\plugins\ff
pref('extensions.shownSelectionUI',true); pref('extensions.autoDisableScopes',0);FF - user.js: general.useragent.extra.brc -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Adobe ARM - c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
AddRemove-Tactical Ops - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-14 20:39:28
ComboFix-quarantined-files.txt 2013-06-14 18:39
.
Vor Suchlauf: 9 Verzeichnis(se), 92.380.524.544 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 95.509.663.744 Bytes frei
.
- - End Of File - - 3F9F369EF679DDE763938237BBC88081
D41D8CD98F00B204E9800998ECF8427E |
|
14.06.2013, 20:03
| #8 |
| /// Malware-holic | Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.06.2013, 12:53
| #9 |
| | Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang Sorry, war das Wochenende nicht da. Hier der Logfile: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.17.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Jay :: JAY-PC [Administrator] 17.06.2013 12:36:02 mbam-log-2013-06-17 (12-36-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 401852 Laufzeit: 59 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\Jay\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jay\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 11 C:\Program Files (x86)\Mozilla Firefox\Plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jay\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jay\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jay\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jay\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jay\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jay\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jay\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jay\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jay\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Jay\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
17.06.2013, 13:30
| #10 |
| /// Malware-holic | Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang Hi soweit kommts noch, dass man sich für ein freies WE entschuldigen muss. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.06.2013, 15:11
| #11 |
| | Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang 7-Zip 9.20 12.07.2012 UNBEKANNT Active@ ISO Burner LSoft Technologies 06.06.2012 2.5.1 NOTWENDIG Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.06.2013 6,00MB 11.7.700.224 NOTWENDIG Adobe Reader XI (11.0.03) - Deutsch Adobe Systems Incorporated 21.05.2013 143MB 11.0.03 NOTWENDIG AMD Catalyst Install Manager Advanced Micro Devices, Inc. 15.04.2013 26,3MB 8.0.911.0 UNNÖTIG AmerigoMedia Hauptstädte-Quiz AmerigoMedia - Thomas Gottfried EDV 15.05.2011 UNNÖTIG Atheros Client Installation Program Atheros 24.11.2010 1.0.5.0621 NOTWENIDG Audacity 2.0.2 Audacity Team 25.12.2012 43,5MB 2.0.2 NOTWENDiG BatteryLifeExtender Samsung 24.11.2010 31,5MB 1.0.5 NOTWENDIG Broadcom 802.11 Network Adapter Broadcom Corporation 24.12.2012 5.60.48.44 NOTWENDIG CamStudio 08.08.2012 UNNÖTIG CCleaner Piriform 24.05.2013 4.02 NOTWENDIG Counter-Strike: Global Offensive Valve 08.04.2013 NOTWENDIG Counter-Strike: Source Valve 29.03.2013 4,48GB 1.0.0.0 NOTWENDIG Crysis® 2 Electronic Arts 01.04.2012 7,57GB 1.0.0.0 UNNÖTIG CyberLink YouCam CyberLink Corp. 05.04.2011 77,2MB 2.0.3911 UNNÖTIG Dropbox Dropbox, Inc. 29.05.2013 2.0.22 NOTWENDIG Easy Content Share Samsung Electronics Co., LTD 24.11.2010 12,4MB 1.0.0.13 UNNÖTIG Easy Display Manager Samsung Electronics Co., Ltd. 24.11.2010 3.2 UNNÖTIG Easy Network Manager Samsung 24.11.2010 34,9MB 4.3.3 UNNÖTIG Easy SpeedUp Manager Samsung Electronics Co.,Ltd. 24.11.2010 2.1.0.11 UNNÖTIG easy Whiteboard 23.04.2011 UNNÖTIG EasyBatteryManager Samsung 24.11.2010 4.0.0.4 UNNÖTIG EasyFileShare Samsung 24.11.2010 29,4MB 1.0.3 UNBEKANNT ETDWare PS/2-x64 7.0.7.0_WHQL ELAN Microelectronics Corp. 24.11.2010 7.0.7.0 UNBEKANNT EVEREST Home Edition v2.20 Lavalys Inc 15.04.2013 2.20 NOTWENDIG Free Sound Recorder v9.4.1 Copyright(C) 2005-2012 FreeSoundRecorder Technologies, Inc. 28.11.2012 22,8MB UNNÖTIG Free Video Converter V 3.1 Koyote Soft 29.11.2012 10,7MB 3.1.0.0 UNNÖTIG Free Video Dub version 2.0.7.423 DVDVideoSoft Ltd. 26.04.2012 63,9MB 2.0.7.423 UNNÖTIG Free Video Flip and Rotate version 2.1.3.903 DVDVideoSoft Ltd. 09.09.2012 79,6MB 2.1.3.903 UNNÖTIG GIMP 2.8.4 The GIMP Team 17.04.3 244MB 2.8.4 UNNÖTIG HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät Hewlett-Packard Co. 14.06.2012 127MB 23.0.504.0 NOTWENDIG HP Deskjet 3070 B611 series Hilfe Hewlett Packard 14.06.2012 8,89MB 140.0.2.2 NOTWENDIG HP Photo Creations HP Photo Creations 14.06.2012 40,0MB 1.0.0.5192 NOTWENDIG ICQ7.5 ICQ 08.05.2011 7.5 UNNÖTIG IDroo 1.0.0.154 Iteral Group Ltd 14.07.2012 1.0.0.154 UNNÖTIG ImgBurn LIGHTNING UK! 26.05.2013 2.5.7.0 UNBEKANNT Intel(R) Rapid Storage Technology Intel Corporation 17.06.2013 9.6.3.1001 UNBEKANNT Intel(R) Turbo Boost Technology Driver Intel Corporation 24.12.2012 01.02.00.1002 UNBEKANNT IrfanView (remove only) Irfan Skiljan 21.05.2013 2,00MB 4.35 UNNÖTIG Java 7 Update 21 (64-bit) Oracle 17.04.2013 128MB 7.0.210 UNBEKANNT Java(TM) 7 Update 4 Oracle 18.05.2012 99,3MB 7.0.40 UNBEKANNT JavaFX 2.1.0 Oracle Corporation 18.05.2012 20,8MB 2.1.0 UNBEKANNT LAME v3.99.3 (for Windows) 25.12.2012 1,52MB UNBEKANNT Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 15.06.2013 19,2MB 1.75.0.1300 NOTWENDIG Marvell Miniport Driver Marvell 24.11.2010 11.22.3.3 UNBEKANNT Microsoft .NET Framework 4 Client Profile Microsoft Corporation 06.04.2011 38,8MB 4.0.30319 NOTWENDIG Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 06.04.2011 2,93MB 4.0.30319 NOTWENDIG 15.0.4420.1017 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 27.05.2011 252KB 8.0.50727.4053 UNBEKANNT Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 18.06.2011 300KB 8.0.61001 UNBEKANNT Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 27.05.2011 200KB 9.0.30729.4148 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 24.11.2010 788KB 9.0.30729.4148 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 18.06.2011 788KB 9.0.30729.6161 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 01.04.2012 234KB 9.0.30729 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 01.05.2011 596KB 9.0.30729 UNBEKANNT Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 18.06.2011 600KB 9.0.30729.6161 UNBEKANNT Mozilla Firefox 21.0 (x86 de) Mozilla 24.05.2013 80,6MB 21.0 NOTWENDIG MSXML 4.0 SP2 (KB954430) Microsoft Corporation 18.06.2012 1,27MB 4.20.9870.0 UNBEKANNT MSXML 4.0 SP2 (KB973688) Microsoft Corporation 18.06.2012 1,33MB 4.20.9876.0 UNBEKANNT Napoleon: Total War The Creative Assembly 27.04.2011 UNNÖTIG Norton Online Backup Symantec Corporation 24.11.2010 6,19MB 2.1.17869 UNNÖTIG Pazera Free MP4 to AVI Converter 1.6 Jacek Pazera 09.09.2012 6,32MB 1.6 UNNÖTIG PDF Architect pdfforge 13.02.2013 91,1MB 1.0.52.8917 UNBEKANNT PDF24 Creator 5.4.0 PDF24.org 25.03.2013 40,3MB UNNÖTIG PDFCreator pdfforge 13.02.2013 1.6.2 UNNÖTIG PKR PKR Ltd 20.07.2012 UNNÖTIG Realtek High Definition Audio Driver Realtek Semiconductor Corp. 24.11.2010 6.0.1.6083 NOTWENDIG REALTEK Wireless LAN Software REALTEK Semiconductor Corp. 24.11.2010 0133.09.1202 NOTWENDIG SAMSUNG Mobile Composite Device Software 17.06.2012 NOTWENDIG SAMSUNG Mobile Modem Driver Set 17.06.2012 NOTWENDIG Samsung Mobile phone USB driver Drive Software 17.06.2012 NOTWENDIG SAMSUNG Mobile USB Modem 1.0 Software 17.06.2012 NOTWENDIG SAMSUNG Mobile USB Modem Software 17.06.2012 NOTWENDIG Samsung PC Studio 3 Samsung Electronics Co., Ltd. 17.06.2012 3.2.2.80601 NOTWENDIG Samsung Recovery Solution 4 Samsung 24.11.2010 4.0.0.6 NOTWENDIG Samsung Support Center Samsung 24.11.2010 45,8MB 1.0.2 NOTWENDIG Samsung Update Plus Samsung Electronics Co., Ltd. 24.11.2010 NOTWENDIG 2.0 NOTWENDIG Secure Download Manager Kivuto Solutions Inc. 24.05.2013 935KB 3.1.0 SimpleScreenshot 1.40 21.06.2011 NOTWENDIG Skype™ 6.3 Skype Technologies S.A. 20.05.2013 20,9MB 6.3.107 NOTWENDIG Steam Valve 27.04.2011 42,1MB 1.0.0.0 NOTWENDIG Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten Hewlett-Packard Co. 14.06.2012 8,13MB 23.0.504.0 UNBEKANNT Tactical Ops Infogrames 28.03.2013 NOTWENDIG TeamSpeak 3 Client TeamSpeak Systems GmbH 01.04.2013 3.0.10 NOTWENDIG User Guide 24.11.2010 1.0 Video Converter Packages 29.11.2012 UNBEKANNT VLC media player 2.0.1 VideoLAN 18.04.2012 2.0.1 NOTWENDIG Vokabel Trainer 5 Manuel Wäschle 06.05.2013 6,31MB NOTWENDIG Windows Live Essentials Microsoft Corporation 25.06.2012 15.4.3555.0308 NOTWENDIG Windows Media Player Firefox Plugin Microsoft Corp 23.06.2011 296KB 1.0.0.8 NOTWENDIG Windows-Treiberpaket - Broadcom Corporation (bcbtums) Bluetooth (03/16/2012 6.5.1.2600) Broadcom Corporation 17.06.2012 03/16/ 2012 6.5.1.2600 NOTWENDIG Windows-Treiberpaket - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) Broadcom Corporation 17.06.2012 03/16/2012 6.5.1.2600 NOTWENDIG Windows-Treiberpaket - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) Broadcom Corporation 24.12.2012 03/16/2012 6.5.1.2600 NOTWENDIG Windows-Treiberpaket - Broadcom Corporation Bluetooth (03/16/2012 6.5.1.2600) Broadcom Corporation 24.12.2012 03/16/2012 6.5.1.2600 NOTWENDIG Windows-Treiberpaket - Broadcom HIDClass (09/11/2009 6.3.0.1500) Broadcom 17.06.2012 09/11/2009 6.3.0.1500 NOTWENDIG XnView 1.98.8 Gougelet Pierre-e 28.05.2012 16,0MB 1.98.8 UNBEKANNT Überwachungstool für die Intel® Turbo-Boost-Technik Intel 05.04.2011 2,15MB 1.0.400.4 UNBEKANNT |
|
18.06.2013, 15:26
| #12 |
| /// Malware-holic | Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang Hi, bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: AMD AmerigoMedia CamStudio Crysis® CyberLink Easy: alle Free : alle GIMP ICQ7.5 IDroo ImgBurn IrfanView Java(TM) JavaFX Napoleon: Norton Pazera PDF: alle PKR Studie Video Converter Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Lauter Mailer-Daemon-Nachrichten im GMX-Posteingang |
| ahnung, dankbar, ebenfalls, emailadresse, gmx, grund, keine ahnung, lauter, missbraucht, postfach, problem, schei, spam, sämtliche, sämtlichen, unterstützung, voll |
WARNUNG an die MITLESER: 
Linear-Darstellung
