| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HTML/Infected.WebPage.Gen gefunden...was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.07.2013, 13:49
| #1 |
 |  HTML/Infected.WebPage.Gen gefunden...was tun? Hallo Trojaner-Board-Team, da ich sehr gute Erfahrungen mit dem Board gemacht habe komme ich hier mal wieder auf euch zurück. Vorhin gerade sprang Avira an und gab mir die Meldung durch, dass was gefunden wurde. defogger, GMER, OTL hab ich alles noch auf dem Rechner, allerdings nicht auf dem Desktop sondern in nem Unterordner...stellt das ein Problem dar? ansonsten würde ich dann beginnen die ganzen log's zu erstellen...schonmal danke von meiner Seite =) |
|
04.07.2013, 13:54
| #2 |
| /// Malware-holic   | HTML/Infected.WebPage.Gen gefunden...was tun? Hi,
__________________öffne avira und poste die Meldung(en) http://www.trojaner-board.de/125889-...en-posten.html lösche die kopieen der von uns verwendeten tools und lad si Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
04.07.2013, 14:07
| #3 |
| | HTML/Infected.WebPage.Gen gefunden...was tun? sry hab noch mehr doofe fragen:
__________________wenn ich bei den funden in avira auf "exprotieren" geklickt hab...wo find ich das exportierte dann? und dein OTL-Link führt leider zu keiner aktuellen seite =( |
|
04.07.2013, 14:31
| #4 |
| /// Malware-holic | HTML/Infected.WebPage.Gen gefunden...was tun? Hi da sind 2 links. wenn du exportiert hast, klicke hier auf Antworten, markiere das Eingabefeld so das du schreiben kannst und fügs dann mit strg+v bzw über rechtsklick ein.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.07.2013, 15:37
| #5 |
| | HTML/Infected.WebPage.Gen gefunden...was tun? also....exportieren geht leider nicht....es kopiert beim klick auf "exportieren" nichts neues in die zwischenablage...da is dann immer noch das, was ich vor stunden mal kopiert habe OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 7/4/2013 4:12:12 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert Koch\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2.97 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 71.18% Memory free 5.93 Gb Paging File | 4.84 Gb Available in Paging File | 81.72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 108.16 Gb Total Space | 34.46 Gb Free Space | 31.86% Space Free | Partition Type: NTFS Drive D: | 342.50 Gb Total Space | 173.73 Gb Free Space | 50.72% Space Free | Partition Type: NTFS Drive E: | 4.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: ROBERTKOCH-PC | User Name: Robert Koch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/04 16:08:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert Koch\Desktop\OTL.exe PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/11/30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/09/26 16:56:20 | 000,522,232 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2012/08/08 16:25:08 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/09 12:34:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/09 12:34:54 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe PRC - [2012/05/09 12:34:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012/05/09 12:34:54 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010/02/25 18:42:02 | 000,716,616 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2010/02/25 18:40:18 | 001,047,880 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2010/01/19 11:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/09/12 14:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/09/07 12:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/09/02 09:56:00 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009/09/02 09:55:32 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009/08/23 06:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/03/28 04:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe ========== Modules (No Company Name) ========== MOD - [2013/05/16 22:14:11 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll MOD - [2013/05/16 22:13:30 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll MOD - [2013/02/13 19:39:14 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\8bb2120d5a48b10e27fe82ad5d3fb982\System.Web.ni.dll MOD - [2013/01/09 23:39:14 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013/01/09 23:38:36 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013/01/09 23:38:07 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013/01/09 23:37:58 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013/01/09 23:37:39 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012/05/09 12:34:56 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010/11/13 02:02:22 | 000,434,176 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 01:19:04 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009/09/16 23:52:48 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2009/09/16 23:52:47 | 001,691,648 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Wizard\2.0.3531.38598__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Wizard.dll MOD - [2009/09/16 23:52:47 | 000,491,520 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2009/09/16 23:52:47 | 000,364,544 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3531.38481__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2009/09/16 23:52:47 | 000,331,776 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2009/09/16 23:52:47 | 000,204,800 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2009/09/16 23:52:47 | 000,118,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3531.38570__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2009/09/16 23:52:47 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3531.38538__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2009/09/16 23:52:47 | 000,077,824 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3531.38551__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2009/09/16 23:52:47 | 000,073,728 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3531.38490__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2009/09/16 23:52:47 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3531.38533__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2009/09/16 23:52:47 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3531.38537__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2009/09/16 23:52:47 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3531.38571__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2009/09/16 23:52:47 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3531.38569__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2009/09/16 23:52:47 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2009/09/16 23:52:47 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3531.38490__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2009/09/16 23:52:46 | 001,011,712 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3531.38595__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll MOD - [2009/09/16 23:52:46 | 000,798,720 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3531.38526__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2009/09/16 23:52:46 | 000,573,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3531.38502__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2009/09/16 23:52:46 | 000,409,600 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3531.38546__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2009/09/16 23:52:46 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3531.38532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll MOD - [2009/09/16 23:52:46 | 000,307,200 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3531.38506__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2009/09/16 23:52:46 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3531.38501__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2009/09/16 23:52:46 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2009/09/16 23:52:46 | 000,090,112 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2009/09/16 23:52:46 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3531.38530__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2009/09/16 23:52:46 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3531.38505__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2009/09/16 23:52:45 | 000,393,216 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2009/09/16 23:52:45 | 000,360,448 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3531.38520__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2009/09/16 23:52:45 | 000,270,336 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2009/09/16 23:52:45 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3531.38524__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2009/09/16 23:52:45 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3531.38525__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2009/09/16 23:52:45 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3531.38531__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2009/09/16 23:52:44 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3498.37534__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2009/09/16 23:52:44 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3498.37533__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2009/09/16 23:52:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3498.37558__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2009/09/16 23:52:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3498.37615__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2009/09/16 23:52:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3498.37612__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2009/09/16 23:52:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3498.37554__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2009/09/16 23:52:44 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3498.37610__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2009/09/16 23:52:44 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2009/09/16 23:52:43 | 000,135,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3498.37541__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2009/09/16 23:52:43 | 000,094,208 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3498.37518__90ba9c70f846762e\CLI.Foundation.dll MOD - [2009/09/16 23:52:43 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2009/09/16 23:52:43 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3498.37515__90ba9c70f846762e\LOG.Foundation.dll MOD - [2009/09/16 23:52:43 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3498.37517__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2009/09/16 23:52:43 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3498.37674__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2009/09/16 23:52:43 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3498.37536__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2009/09/16 23:52:43 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3498.37540__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2009/09/16 23:52:43 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3498.37526__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2009/09/16 23:52:43 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3498.37551__90ba9c70f846762e\MOM.Foundation.dll MOD - [2009/09/16 23:52:43 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2009/09/16 23:52:43 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3498.37571__90ba9c70f846762e\DEM.Graphics.dll MOD - [2009/09/16 23:52:43 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2009/09/16 23:52:43 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3498.37544__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2009/09/16 23:52:43 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3498.37574__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2009/09/16 23:52:43 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3498.37547__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2009/09/16 23:52:42 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3498.37579__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2009/09/16 23:52:42 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2009/09/16 23:52:42 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3498.37603__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2009/09/16 23:52:42 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3498.37602__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2009/09/16 23:52:42 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3498.37575__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2009/09/16 23:52:42 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3498.37580__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2009/09/16 23:52:42 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3498.37555__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2009/09/16 23:52:41 | 000,651,264 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3531.38593__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2009/09/16 23:52:41 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3498.37583__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2009/09/16 23:52:41 | 000,053,248 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3498.37578__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2009/09/16 23:52:41 | 000,049,152 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3498.37577__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2009/09/16 23:52:41 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3531.38575__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2009/09/16 23:52:41 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3498.37582__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2009/09/16 23:52:41 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3498.37557__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2009/09/16 23:52:41 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3498.37572__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2009/09/16 23:52:41 | 000,028,672 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3498.37552__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2009/09/16 23:52:41 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Foundation\2.0.3498.37553__90ba9c70f846762e\APM.Foundation.dll MOD - [2009/09/16 23:52:41 | 000,016,384 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3498.37535__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2009/09/16 23:52:41 | 000,007,168 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3531.38478__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009/09/16 23:52:40 | 000,106,496 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3531.38565__90ba9c70f846762e\MOM.Implementation.dll MOD - [2009/09/16 23:52:40 | 000,065,536 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3531.38563__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2009/09/16 23:52:40 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3498.37522__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2009/09/16 23:52:40 | 000,036,864 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3498.37528__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2009/09/16 23:52:40 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3498.37531__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2009/09/16 23:52:40 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3498.37547__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2009/09/16 23:52:39 | 000,552,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3531.38559__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2009/09/16 23:52:39 | 000,405,504 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3531.38495__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2009/09/16 23:52:39 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3531.38480__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2009/09/16 23:52:39 | 000,057,344 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3531.38479__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2009/09/16 23:52:39 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3498.37546__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2009/09/16 23:52:39 | 000,024,576 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3498.37548__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2009/09/16 23:52:37 | 001,212,416 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3531.38486__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2009/09/16 23:52:37 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3498.37538__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2009/09/16 23:52:37 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2009/09/16 23:52:37 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3498.37549__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2009/09/16 23:52:37 | 000,020,480 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3498.37585__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2009/09/16 23:52:37 | 000,019,456 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3531.38565__90ba9c70f846762e\CCC.Implementation.dll MOD - [2009/09/16 23:52:36 | 000,061,440 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\APM.Server\2.0.3531.38477__90ba9c70f846762e\APM.Server.dll MOD - [2009/09/16 23:52:36 | 000,045,056 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\AEM.Server\2.0.3531.38478__90ba9c70f846762e\AEM.Server.dll MOD - [2009/02/12 07:32:10 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2006/08/12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2013/07/01 15:48:38 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/29 17:35:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/09/26 16:56:04 | 000,479,224 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012/05/09 12:34:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/09 12:34:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/05/04 15:45:36 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010/03/23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010/02/25 18:40:18 | 001,047,880 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010/02/25 18:37:08 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009/09/02 09:55:32 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/06/15 11:10:00 | 000,282,624 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\System32\yk62x86.dll -- (yksvc) SRV - [2009/03/28 04:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ROBERT~1\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\ROBERT~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS -- (ADDMEM) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a7g7kh5z) DRV - [2012/09/26 16:47:21 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2012/09/26 16:45:43 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock) DRV - [2012/05/09 12:34:56 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/05/09 12:34:56 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011/09/16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/06/16 21:40:11 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2010/03/26 22:56:46 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010/03/26 22:56:46 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010/03/23 14:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010/02/25 10:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009/10/08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/09/02 10:31:04 | 005,173,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009/08/10 20:43:34 | 000,237,696 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMC326.sys -- (VMC326) DRV - [2009/07/22 00:18:58 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009/07/17 05:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2009/06/15 11:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007/06/01 17:06:36 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_deDE370 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/04/11 16:51:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 17:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert Koch\AppData\Roaming\mozilla\Extensions [2010/08/11 17:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert Koch\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013/02/13 17:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert Koch\AppData\Roaming\mozilla\Firefox\Profiles\p0hmrhqa.default\extensions [2013/06/29 17:35:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/06/29 17:35:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/06/29 17:35:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013/06/29 17:35:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013/06/29 17:34:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/06/29 17:35:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com/ CHR - Extension: YouTube = C:\Users\Robert Koch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Erster Nutzer = C:\Users\Robert Koch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Erster Nutzer = C:\Users\Robert Koch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/04/03 15:53:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://vpngate2.hrz.tu-chemnitz.de/+CSCOL+/csvrloader32.cab (Cisco SSL VPN Relay Loader) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.68.161.141 217.68.161.171 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBF58A39-371F-4A62-95DA-F5A210E96D7C}: DhcpNameServer = 217.68.161.141 217.68.161.171 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\System32\ie4uinit.exe -UserConfig ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/07/04 16:08:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Robert Koch\Desktop\OTL.exe [2013/07/01 15:42:17 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV [2013/06/29 17:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox ========== Files - Modified Within 30 Days ========== [2013/07/04 16:14:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/07/04 16:11:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/04 16:08:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robert Koch\Desktop\OTL.exe [2013/07/04 13:46:19 | 000,014,832 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/04 13:46:19 | 000,014,832 | ---- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/04 13:38:29 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/04 13:38:23 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/06/20 21:10:37 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2010/12/25 18:26:59 | 000,000,099 | ---- | C] () -- C:\Users\Robert Koch\AppData\Local\fusioncache.dat [2010/04/23 23:20:36 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2010/06/16 22:11:48 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\DAEMON Tools Lite [2011/12/17 18:00:55 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\FFP [2011/12/17 18:05:56 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\FreeFLVConverter [2013/06/10 21:24:21 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\ICQ [2011/05/07 20:58:18 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\ImgBurn [2011/10/29 17:30:23 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\Imperium Romanum [2010/02/01 03:44:43 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\Mount&Blade [2011/08/10 20:37:08 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\My Battle for Middle-earth Files [2010/11/22 23:49:31 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\OpenOffice.org [2013/06/06 18:35:06 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\Origin [2010/11/25 00:06:52 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\SoftGrid Client [2010/04/17 14:44:49 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\Spore [2010/11/22 19:01:50 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\Template [2010/08/11 17:43:57 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\Thunderbird [2010/11/23 00:35:11 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\TP [2010/06/16 22:28:52 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\TuneUp Software [2010/12/25 18:39:30 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\Turbine [2010/06/16 22:19:40 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\Ubisoft [2011/08/13 13:15:05 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\Wildlife Park 2 [2012/05/13 14:15:17 | 000,000,000 | ---D | M] -- C:\Users\Robert Koch\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013/04/07 18:55:48 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011/05/04 16:06:39 | 000,000,000 | ---D | M] -- C:\cofi [2009/07/14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009/09/16 23:49:38 | 000,000,000 | ---D | M] -- C:\Intel [2009/07/14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013/07/03 20:06:35 | 000,000,000 | ---D | M] -- C:\Program Files [2013/04/14 16:55:37 | 000,000,000 | ---D | M] -- C:\ProgramData [2010/01/31 04:26:24 | 000,000,000 | ---D | M] -- C:\Recovery [2013/07/04 16:15:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/08/02 17:57:38 | 000,000,000 | ---D | M] -- C:\Tools [2013/04/07 18:43:02 | 000,000,000 | --SD | M] -- C:\Uninstall.exe [2011/04/29 14:16:07 | 000,000,000 | R--D | M] -- C:\Users [2013/07/01 15:42:17 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009/07/14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009/07/14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009/07/14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009/07/14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010/11/20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009/07/14 06:53:46 | 000,032,632 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT [2009/07/14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT [2010/03/26 22:40:30 | 000,001,094 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job [2010/03/26 22:40:30 | 000,001,098 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job [2012/03/30 10:25:04 | 000,000,884 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys < MD5 for: IASTORV.SYS > [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\ERDNT\cache\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010/06/16 21:40:11 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009/09/02 09:56:26 | 000,446,464 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\windows\system32\ATIDEMGX.dll < %USERPROFILE%\*.* > [2013/07/04 16:30:05 | 002,883,584 | ---- | M] () -- C:\Users\Robert Koch\ntuser.dat [2013/07/04 16:30:05 | 000,262,144 | -HS- | M] () -- C:\Users\Robert Koch\ntuser.dat.LOG1 [2010/01/31 04:27:48 | 000,000,000 | -HS- | M] () -- C:\Users\Robert Koch\ntuser.dat.LOG2 [2012/11/23 23:47:22 | 000,000,000 | -HS- | M] () -- C:\Users\Robert Koch\NTUSER.DAT_tureg_new.LOG1 [2012/11/23 23:47:22 | 000,000,000 | -HS- | M] () -- C:\Users\Robert Koch\NTUSER.DAT_tureg_new.LOG2 [2012/11/23 23:45:06 | 002,883,584 | -HS- | M] () -- C:\Users\Robert Koch\NTUSER.DAT_tureg_old [2012/11/24 02:28:34 | 000,065,536 | -HS- | M] () -- C:\Users\Robert Koch\ntuser.dat{2763cfbe-35b7-11e2-bdf4-806e6f6e6963}.TM.blf [2012/11/24 02:28:34 | 000,524,288 | -HS- | M] () -- C:\Users\Robert Koch\ntuser.dat{2763cfbe-35b7-11e2-bdf4-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2012/11/24 02:28:34 | 000,524,288 | -HS- | M] () -- C:\Users\Robert Koch\ntuser.dat{2763cfbe-35b7-11e2-bdf4-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010/01/31 04:48:36 | 000,065,536 | -HS- | M] () -- C:\Users\Robert Koch\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/01/31 04:48:36 | 000,524,288 | -HS- | M] () -- C:\Users\Robert Koch\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/01/31 04:48:36 | 000,524,288 | -HS- | M] () -- C:\Users\Robert Koch\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2012/01/18 01:48:52 | 000,065,536 | -HS- | M] () -- C:\Users\Robert Koch\ntuser.dat{af71e38f-4127-11e1-9a88-0024540ddbba}.TM.blf [2012/01/18 01:48:52 | 000,524,288 | -HS- | M] () -- C:\Users\Robert Koch\ntuser.dat{af71e38f-4127-11e1-9a88-0024540ddbba}.TMContainer00000000000000000001.regtrans-ms [2012/01/18 01:48:52 | 000,524,288 | -HS- | M] () -- C:\Users\Robert Koch\ntuser.dat{af71e38f-4127-11e1-9a88-0024540ddbba}.TMContainer00000000000000000002.regtrans-ms [2011/06/30 01:22:53 | 000,065,536 | -HS- | M] () -- C:\Users\Robert Koch\ntuser.dat{d64db75c-a244-11e0-8b1d-0024540ddbba}.TM.blf [2011/06/30 01:22:53 | 000,524,288 | -HS- | M] () -- C:\Users\Robert Koch\ntuser.dat{d64db75c-a244-11e0-8b1d-0024540ddbba}.TMContainer00000000000000000001.regtrans-ms [2011/06/30 01:22:53 | 000,524,288 | -HS- | M] () -- C:\Users\Robert Koch\ntuser.dat{d64db75c-a244-11e0-8b1d-0024540ddbba}.TMContainer00000000000000000002.regtrans-ms [2010/01/31 04:27:48 | 000,000,020 | -HS- | M] () -- C:\Users\Robert Koch\ntuser.ini [2012/02/05 19:04:21 | 000,070,656 | -HS- | M] () -- C:\Users\Robert Koch\Thumbs.db < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 7/4/2013 4:12:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robert Koch\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.97 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 71.18% Memory free
5.93 Gb Paging File | 4.84 Gb Available in Paging File | 81.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.16 Gb Total Space | 34.46 Gb Free Space | 31.86% Space Free | Partition Type: NTFS
Drive D: | 342.50 Gb Total Space | 173.73 Gb Free Space | 50.72% Space Free | Partition Type: NTFS
Drive E: | 4.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: ROBERTKOCH-PC | User Name: Robert Koch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E41864-A4F5-418B-93AA-42501071CF19}" = lport=138 | protocol=17 | dir=in | app=system |
"{10237BEA-7D2C-41BD-A98C-75B482185904}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{285791D8-D10F-4746-8713-71070265BEFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{310D26F8-9D0E-4D37-A598-52E02E0FFFB7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{40DE6F0B-9B55-4029-A806-C67D65D2EEA0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{444954A0-4F3B-436D-B219-6D3E5DF96910}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4CE8966E-BFCB-4C98-9917-0C16E3F95476}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5759B7DD-C1FC-460F-B970-CE83ECD82A52}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5B44308A-FE68-4BFF-8F6F-4FF2AD45697B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5C743F41-E407-465E-B8F4-F50DD109AB79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5FC69E79-B0E3-400F-8639-62B3759FB103}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{62D55132-F7AC-4F36-AFB5-C73954D7A943}" = lport=445 | protocol=6 | dir=in | app=system |
"{648EB67A-744F-4017-8B1C-E84DAA426007}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{70833800-FCFD-4DA6-9D83-F2F81C0136DA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{72B56370-7A20-4596-921C-6D0127EFF7CF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{764202B6-797E-495B-8A48-A6EEEC82D0F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7EE927F0-651C-439D-8A2C-FDD4F748ECD2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DDD0EF1-CD19-401D-835D-0B879F67D1C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8F5CBA94-DE9F-4AD0-905A-98354D0EE818}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7A09953-9507-40E4-8975-F0F23A6A9E68}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AA78C912-D4CD-4D6F-8FAC-7E225D07C087}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB110645-300A-4F36-9F58-C41F719EAB8D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADE9C96C-85B6-449C-B21F-D7E413B44176}" = rport=139 | protocol=6 | dir=out | app=system |
"{B4407848-A256-46F9-BCDC-3702E3FF0389}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFE385AA-A268-4639-AB76-711512C12F78}" = rport=445 | protocol=6 | dir=out | app=system |
"{CA1043B8-7BA7-473A-83CD-843D9ABBBD32}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CA4A4B33-9860-4A81-83B7-D5693C75CA2F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDA172ED-B92A-48EB-86D9-02DD3EEF8ED6}" = lport=139 | protocol=6 | dir=in | app=system |
"{CE538158-F3CE-45C9-B10F-E5397C62BC4B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3B3E7B6-1867-4264-8974-56F7F9DCA8F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{E4DD825E-80AB-4417-B5A1-123E681FF270}" = rport=138 | protocol=17 | dir=out | app=system |
"{EBF96DB6-E656-431F-B118-6D198B9B39D7}" = lport=137 | protocol=17 | dir=in | app=system |
"{ECB132DE-FD38-4376-B2B7-39B180CA2D6B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F07C682F-9132-4285-A1F9-D635DA1341DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F8C77FBC-A029-4323-B07C-4F93A3B29883}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0104673A-2604-4E3F-8E92-B6824DB622BC}" = protocol=17 | dir=in | app=d:\spiele\homm5\heroes of might and magic v\bin\h5_game.exe |
"{0C7274DE-B01A-4CC7-A561-2453A57876C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F8DABE6-3CA4-492B-B4CC-B8281B3143F9}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{15807DAC-BAA7-4E47-8B8D-5314204A41BE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{198F2998-DFC4-4170-9A3E-87AB90DFEBFE}" = protocol=6 | dir=in | app=d:\spiele\anno 1404\tools\anno4web.exe |
"{1FE0BD01-17CD-4B05-A238-5DEAAFA4F676}" = protocol=6 | dir=in | app=d:\spiele\homm5\heroes of might and magic v\bin\h5_game.exe |
"{36C38B9C-7D0D-4AF3-B60A-649B30D63BB3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F8F3B2D-95BF-4457-8968-170C934C718C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3FD947EB-FF2A-4C16-A749-4837BF1F578F}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{4849DEFB-D8E5-4454-A3FD-DBC31B821DCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DF44F14-F0D6-4E2C-9620-35500F9AD16C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59327651-1412-4F79-A461-EBA2118425ED}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{59BAC4A6-6991-40F2-9340-FDEAE363ECA3}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6198D3BF-FAB2-43D7-8A65-F8D4D6ABFA80}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{6A48E9D8-2E29-4C26-BFAB-FAC1AF851B87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6A7B2296-EA7D-4598-B5F1-5103354F633F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7105BFCC-168B-44E5-9467-170BFBE253DD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8604D9FD-941E-4B0E-A235-1A9749ADC0E6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8814AD86-BB20-48D1-BA20-BE5788BCB595}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{903604CE-1D0D-4A28-8B10-D92A14C53F48}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{91AC4C33-7385-42A2-9C59-AA50289D8463}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{995ECE8B-5FC0-40DC-B406-7F9DDDC46A22}" = protocol=6 | dir=in | app=d:\spiele\anno 1404\anno4.exe |
"{A040DF98-64D7-42A1-8CDD-283C3117A29A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A2EDD72C-33F0-4FC9-9C5B-1F1CB35D972D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AD2DD58B-7AF2-4E9E-A28D-333C66BA8D12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6317400-2F4A-4A5D-99BE-4949F4BB57A2}" = protocol=6 | dir=in | app=d:\spiele\fm13\fifa manager 13\manager13.exe |
"{B799DD64-DB09-4C03-A1C9-DC25ADE72E74}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{B9FD771B-093F-497F-ADF1-18AA19946791}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE2E0B80-9808-47BE-913F-BC065AA05FCD}" = protocol=6 | dir=out | app=system |
"{CB99E3E1-6AF0-45AB-9025-9EAC8E05C3BD}" = protocol=6 | dir=in | app=d:\spiele\fm13\fifa manager 13\manager13.exe |
"{CC00B7CD-3B2A-4596-B845-FE240C9F05AB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DA023DCA-E988-4D06-934B-777FC0783D47}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DEFF7381-296A-4087-A040-0786EB60246F}" = protocol=17 | dir=in | app=d:\spiele\fm13\fifa manager 13\manager13.exe |
"{E272F976-D9E4-40B8-933A-B72F0E2592D3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{ED2CB9FD-5F55-4709-8469-4A2186E842A6}" = protocol=17 | dir=in | app=d:\spiele\fm13\fifa manager 13\manager13.exe |
"{ED91F72B-4AEC-448C-B5F5-D7BFA8676E36}" = protocol=17 | dir=in | app=d:\spiele\anno 1404\tools\anno4web.exe |
"{F89113B6-E843-4FB9-85CE-113593476870}" = protocol=17 | dir=in | app=d:\spiele\anno 1404\anno4.exe |
"TCP Query User{1467713C-A827-4D0B-8694-976C0FFFD98D}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{34874507-B8CE-4F7D-AA22-487D76A1C301}D:\spiele\counter-strike\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\counter-strike\hl2.exe |
"TCP Query User{463B6F3D-ECF7-4F13-BCE4-E3AFB9F8D8E0}D:\spiele\homm5\heroes of might and magic v\bin\h5_game.exe" = protocol=6 | dir=in | app=d:\spiele\homm5\heroes of might and magic v\bin\h5_game.exe |
"TCP Query User{5DBCCA64-96D4-4134-93EF-36DC9FA1A80B}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{6C57C21C-BA5A-4F26-80B2-6BB3F7F859C3}D:\spiele\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=6 | dir=in | app=d:\spiele\heroes of might and magic v - tribes of the east\bin\h5_game.exe |
"TCP Query User{7958DA51-59A1-468B-AA8F-E571C6699B6B}D:\spiele\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=6 | dir=in | app=d:\spiele\heroes of might and magic v - tribes of the east\bin\h5_game.exe |
"TCP Query User{7F71B13F-7D54-40CE-B484-7618B963C10D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{99967C61-CE5D-4A4D-96B1-72C712A1A9EF}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{9FB2682B-97A2-4B61-8B5B-F891C91046EB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{A37F4AB2-E99C-4042-82C9-2F18EA9E685B}D:\spiele\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\spiele\anno 1404\tools\anno4web.exe |
"TCP Query User{A5CBB47E-04D4-4202-BB63-F26203691FBC}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{A971E4A4-59F8-4D97-A179-C2AFEA79A35F}D:\spiele\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=d:\spiele\anno 1701\anno1701.exe |
"TCP Query User{D3BE49C5-535F-457D-BE26-23E81FA951D4}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"TCP Query User{D76BAC4D-0960-4741-913F-C2C0B9AC4376}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"TCP Query User{E9122620-120B-41D7-8CC7-20EAD7913C01}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{052915DB-643B-4DD5-A016-7283301946BC}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{2E908262-2A08-424E-BFD5-543076776B51}D:\spiele\homm5\heroes of might and magic v\bin\h5_game.exe" = protocol=17 | dir=in | app=d:\spiele\homm5\heroes of might and magic v\bin\h5_game.exe |
"UDP Query User{39D48B6B-4DF4-4AE6-80F8-94FED2A3DC00}D:\spiele\counter-strike\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\counter-strike\hl2.exe |
"UDP Query User{43E5CB56-61D8-4A2F-828A-EC5D87843424}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{54D15AB0-CDAD-49DB-8CFD-2C50AFB8B3AB}D:\spiele\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=17 | dir=in | app=d:\spiele\heroes of might and magic v - tribes of the east\bin\h5_game.exe |
"UDP Query User{7F877567-838F-4A9A-8BBB-6BBCD0CB673D}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
"UDP Query User{878A5FC7-2D81-4A28-8670-85B2CFE2EF4F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{AE992A8E-D599-42FF-BE10-2D62CE700087}D:\spiele\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=d:\spiele\anno 1701\anno1701.exe |
"UDP Query User{C19446BB-5F7E-41D5-BD39-1D1573AE6A2A}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{C6396E4B-A02E-479F-9E1E-F1157551BB86}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{CCC7063F-E624-460F-BA05-D3965D0538CD}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{D4EF1B1F-722C-473C-95E3-D1D2A7AAA71A}D:\spiele\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\spiele\anno 1404\tools\anno4web.exe |
"UDP Query User{D9DEE987-13CE-4AA0-9BE7-00792FC9F05E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{E1C172D9-A02B-4848-B767-1A840237D035}D:\spiele\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=17 | dir=in | app=d:\spiele\heroes of might and magic v - tribes of the east\bin\h5_game.exe |
"UDP Query User{EF566918-2AFD-4299-BE6B-555A4071900D}C:\program files\activision\call of duty 2\cod2mp_s.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 2\cod2mp_s.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{0613F79E-C012-BC98-6E9C-5A47AEE6D37A}" = CCC Help Korean
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0A8CE3AA-99F2-5632-A8D2-636BE6CFE856}" = Catalyst Control Center Core Implementation
"{0EA09877-34E9-4160-B2DE-E7C7703E49ED}" = Cisco AnyConnect Secure Mobility Client
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1664EB8B-057B-0E23-7245-ECE92849FF4C}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1DBD8607-39EE-B7F3-CDE6-A2095B0EE0C9}" = CCC Help Chinese Traditional
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20167022-64F2-4836-B9C9-1DBAA6721FD4}" = CCC Help Hungarian
"{204DD5C2-441A-DADC-E765-595B5C1EDE88}" = CCC Help Norwegian
"{218E2C0C-4740-DBCB-C8E8-D67201A6500A}" = CCC Help English
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26D20F5D-1D37-5BD1-34AB-6411AC34E2A9}" = ccc-utility
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{3501AF2D-A97E-F6DB-521A-4E64EAEF5BDC}" = CCC Help Thai
"{3A7C46AC-060B-6CBF-1862-969F79A5B758}" = CCC Help French
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EB37B26-432C-467C-9FBC-9BDA0E6FBDD7}" = Catalyst Control Center InstallProxy
"{411429D5-83D1-2F9B-9F53-4524DCE99E6D}" = CCC Help Portuguese
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{54FBC914-82D7-E646-2916-B3C6D320E0B4}" = Catalyst Control Center Graphics Previews Vista
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D221DF2-F206-681F-75FE-1C7620BE69A7}" = CCC Help Greek
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{6848704E-C8D4-4F4F-9181-5926D4A11E98}" = ATI Catalyst Install Manager
"{6B9EFC04-713D-F238-E388-F3CDA52E7880}" = Catalyst Control Center Graphics Light
"{6CB778E6-693F-7A2A-C5AD-C7743500D249}" = CCC Help Turkish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.8.8
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D88074D-4378-C049-4264-EB3EE8AC155C}" = CCC Help Japanese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93E42FF5-065E-0D52-2777-8A1849CB8574}" = CCC Help Swedish
"{94D5097B-46D0-A1D9-8983-284E3C675CA9}" = Catalyst Control Center Localization All
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{961B4059-D1C0-43C8-095B-75A18BD0F8C8}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B84A151-81CC-6133-D844-A189FDA1C34F}" = CCC Help Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AE86495C-42F9-F5BE-E878-7798456A509A}" = CCC Help Spanish
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7493783-F638-BEAE-C8C7-665C5A03E652}" = CCC Help Dutch
"{B82ABF2C-CBD3-5528-26DF-F1161A2B34BF}" = Catalyst Control Center Graphics Full New
"{B9B1B5D9-F96D-0257-A23C-8EA9ACCCF8CB}" = CCC Help Czech
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C3181764-B8F3-A705-5362-86E37C476710}" = Catalyst Control Center Graphics Full Existing
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{DA146D61-5542-2F55-C5E4-49D26EBAAA5B}" = CCC Help Russian
"{DB0EF3C1-8AF4-1E28-267E-024999C11828}" = CCC Help Finnish
"{DBB62E6B-66F5-09D2-D2CC-C1877CDD9A8B}" = CCC Help Italian
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5141E62-8A90-D9A1-EB2D-C4D0D9940D90}" = CCC Help German
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F293A67D-04BB-6960-5D13-13F158796960}" = CCC Help Danish
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Red Ex_is1" = Ashampoo Red Ex 1.0.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"Free FLV Converter_is1" = Free FLV Converter V 7.3.0
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"Imperium Romanum" = Imperium Romanum 1.03
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mount&Blade" = Mount&Blade
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/30/2013 7:47:47 AM | Computer Name = RobertKoch-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 6/30/2013 7:49:40 AM | Computer Name = RobertKoch-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 6/30/2013 7:49:42 AM | Computer Name = RobertKoch-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 6/30/2013 11:12:29 AM | Computer Name = RobertKoch-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Oblivion.exe, Version: 1.2.0.416,
Zeitstempel: 0x462392c7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x2700219d ID des fehlerhaften
Prozesses: 0x404 Startzeit der fehlerhaften Anwendung: 0x01ce75a3b8662bb2 Pfad der
fehlerhaften Anwendung: D:\Spiele\Oblivion\Oblivion.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 7a8520ed-e197-11e2-bd8d-0024540ddbba
Error - 7/3/2013 2:11:51 AM | Computer Name = RobertKoch-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917,
Zeitstempel: 0x51c06b1b Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917,
Zeitstempel: 0x51c06a5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00173668 ID des fehlerhaften
Prozesses: 0x1e30 Startzeit der fehlerhaften Anwendung: 0x01ce77b2576d6c81 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: 734ea21e-e3a7-11e2-9f7b-0024540ddbba
Error - 7/3/2013 12:10:49 PM | Computer Name = RobertKoch-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 7/3/2013 12:11:41 PM | Computer Name = RobertKoch-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 7/3/2013 12:13:33 PM | Computer Name = RobertKoch-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 7/3/2013 12:13:34 PM | Computer Name = RobertKoch-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 7/4/2013 8:47:21 AM | Computer Name = RobertKoch-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 22.0.0.4917,
Zeitstempel: 0x51c06b1b Name des fehlerhaften Moduls: xul.dll, Version: 22.0.0.4917,
Zeitstempel: 0x51c06a5b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00173668 ID des fehlerhaften
Prozesses: 0x1f28 Startzeit der fehlerhaften Anwendung: 0x01ce78b1952d806a Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Mozilla Firefox\xul.dll Berichtskennung: ddf4f29b-e4a7-11e2-9591-0024540ddbba
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 7/4/2013 1:45:30 AM | Computer Name = RobertKoch-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1127 NULL object. Cannot establish a connection at this time.
Error - 7/4/2013 2:23:23 AM | Computer Name = RobertKoch-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1280 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
Eine vorhandene Verbindung wurde vom Remotehost geschlossen.
Error - 7/4/2013 2:23:23 AM | Computer Name = RobertKoch-PC | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
1281 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
unknown
Error - 7/4/2013 2:23:23 AM | Computer Name = RobertKoch-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
873 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 7/4/2013 2:23:23 AM | Computer Name = RobertKoch-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
832 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
Error - 7/4/2013 2:23:23 AM | Computer Name = RobertKoch-PC | Source = acvpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
1676 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: Eine vorhandene
Verbindung wurde vom Remotehost geschlossen.
Error - 7/4/2013 2:23:23 AM | Computer Name = RobertKoch-PC | Source = acvpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
384 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
(0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
Error - 7/4/2013 7:38:33 AM | Computer Name = RobertKoch-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 376 Invoked
Function: IRunnable::Run Return Code: -32047093 (0xFE17000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE
Error - 7/4/2013 7:38:35 AM | Computer Name = RobertKoch-PC | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4618
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine
Daten mehr verfügbar.
Error - 7/4/2013 7:38:42 AM | Computer Name = RobertKoch-PC | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1127 NULL object. Cannot establish a connection at this time.
[ Media Center Events ]
Error - 5/5/2011 11:29:24 AM | Computer Name = RobertKoch-PC | Source = MCUpdate | ID = 0
Description = 17:29:24 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')
Error - 5/12/2011 4:05:08 PM | Computer Name = RobertKoch-PC | Source = MCUpdate | ID = 0
Description = 22:05:08 - Fehler beim Herstellen der Internetverbindung. 22:05:08
- Serververbindung konnte nicht hergestellt werden..
Error - 5/12/2011 4:05:20 PM | Computer Name = RobertKoch-PC | Source = MCUpdate | ID = 0
Description = 22:05:13 - Fehler beim Herstellen der Internetverbindung. 22:05:13
- Serververbindung konnte nicht hergestellt werden..
Error - 5/14/2011 5:48:22 AM | Computer Name = RobertKoch-PC | Source = MCUpdate | ID = 0
Description = 11:48:22 - Fehler beim Herstellen der Internetverbindung. 11:48:22
- Serververbindung konnte nicht hergestellt werden..
Error - 5/14/2011 5:48:56 AM | Computer Name = RobertKoch-PC | Source = MCUpdate | ID = 0
Description = 11:48:51 - Fehler beim Herstellen der Internetverbindung. 11:48:51
- Serververbindung konnte nicht hergestellt werden..
Error - 5/24/2011 9:51:46 AM | Computer Name = RobertKoch-PC | Source = MCUpdate | ID = 0
Description = 15:51:46 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')
Error - 5/26/2011 10:11:10 AM | Computer Name = RobertKoch-PC | Source = MCUpdate | ID = 0
Description = 16:11:10 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')
Error - 6/8/2011 4:24:21 AM | Computer Name = RobertKoch-PC | Source = MCUpdate | ID = 0
Description = 10:24:21 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')
Error - 6/13/2011 6:58:23 AM | Computer Name = RobertKoch-PC | Source = MCUpdate | ID = 0
Description = 12:58:23 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename
konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')
[ System Events ]
Error - 7/1/2013 9:39:59 AM | Computer Name = RobertKoch-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 7/1/2013 4:26:52 PM | Computer Name = RobertKoch-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 7/2/2013 1:35:14 AM | Computer Name = RobertKoch-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 7/2/2013 8:17:55 AM | Computer Name = RobertKoch-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 7/3/2013 1:03:19 AM | Computer Name = RobertKoch-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 7/3/2013 8:10:13 AM | Computer Name = RobertKoch-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 7/3/2013 8:10:26 AM | Computer Name = RobertKoch-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 7/3/2013 9:50:32 AM | Computer Name = RobertKoch-PC | Source = bowser | ID = 8003
Description =
Error - 7/4/2013 1:45:50 AM | Computer Name = RobertKoch-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 7/4/2013 7:39:03 AM | Computer Name = RobertKoch-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
< End of report >
|
|
04.07.2013, 17:26
| #6 |
| /// Malware-holic | HTML/Infected.WebPage.Gen gefunden...was tun? dann tipps halt ab. bzw markiere alles und drücke strg+c und fügst dann ein.
__________________ --> HTML/Infected.WebPage.Gen gefunden...was tun? |
|
04.07.2013, 20:04
| #7 |
| | HTML/Infected.WebPage.Gen gefunden...was tun? ich hoffe das ist es was du suchst....is nich einfach mit mir hier zu arbeiten =( Die Datei 'C:\Users\Robert Koch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6SI1G3AO\adclick_de[1].htm' enthielt einen Virus oder unerwünschtes Programm 'HTML/Infected.WebPage.Gen' [virus]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56e2c2e8.qua' verschoben! |
|
04.07.2013, 21:26
| #8 |
| /// Malware-holic | HTML/Infected.WebPage.Gen gefunden...was tun? yepp, thx Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.07.2013, 13:02
| #9 |
| | HTML/Infected.WebPage.Gen gefunden...was tun? hi, schlechte anchrichten....gestern abend hat avira nochmal angeschlagen -.- ich mach nochmal OTL und schick dir den fundbericht von avira, jetz weiß ich ja wies geht...soll ich da nochmal das gleiche wie oben in die TextBox bei OTL kopieren? |
|
05.07.2013, 14:18
| #10 |
| /// Malware-holic | HTML/Infected.WebPage.Gen gefunden...was tun? nein kein otl log, avira fundmeldung und weiter bitte mit dem TDSS Killer
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.07.2013, 14:42
| #11 |
| | HTML/Infected.WebPage.Gen gefunden...was tun? Die Datei 'C:\Users\Robert Koch\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMAYZ4WI\guitar_oclock-peculiar[1].htm' enthielt einen Virus oder unerwünschtes Programm 'HTML/Fasdeo.A' [virus]. Durchgeführte Aktion(en): Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003. Die Datei konnte nicht gelöscht werden! Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4fd36a8d.qua' verschoben! bin dabei tdsskiller durchzuführen |
|
05.07.2013, 14:44
| #12 |
| /// Malware-holic | HTML/Infected.WebPage.Gen gefunden...was tun? ok nächstes mal bitte beides zusammen, da der post dann an deinen vorhergehenen angefügt wird, müsste ich sonst hier immer reingucken
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.07.2013, 14:47
| #13 |
| | HTML/Infected.WebPage.Gen gefunden...was tun? hier TDSSKiller Log: 15:44:13.0662 5512 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 15:44:13.0865 5512 ============================================================ 15:44:13.0865 5512 Current date / time: 2013/07/05 15:44:13.0865 15:44:13.0865 5512 SystemInfo: 15:44:13.0865 5512 15:44:13.0865 5512 OS Version: 6.1.7601 ServicePack: 1.0 15:44:13.0865 5512 Product type: Workstation 15:44:13.0865 5512 ComputerName: ROBERTKOCH-PC 15:44:13.0865 5512 UserName: Robert Koch 15:44:13.0865 5512 Windows directory: C:\windows 15:44:13.0865 5512 System windows directory: C:\windows 15:44:13.0865 5512 Processor architecture: Intel x86 15:44:13.0865 5512 Number of processors: 2 15:44:13.0865 5512 Page size: 0x1000 15:44:13.0865 5512 Boot type: Normal boot 15:44:13.0865 5512 ============================================================ 15:44:15.0300 5512 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:44:15.0300 5512 ============================================================ 15:44:15.0300 5512 \Device\Harddisk0\DR0: 15:44:15.0300 5512 MBR partitions: 15:44:15.0300 5512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000 15:44:15.0300 5512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0xD851000 15:44:15.0300 5512 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xF683800, BlocksNum 0x2AD02000 15:44:15.0300 5512 ============================================================ 15:44:15.0331 5512 C: <-> \Device\Harddisk0\DR0\Partition2 15:44:15.0378 5512 D: <-> \Device\Harddisk0\DR0\Partition3 15:44:15.0378 5512 ============================================================ 15:44:15.0378 5512 Initialize success 15:44:15.0378 5512 ============================================================ 15:45:19.0104 2296 ============================================================ 15:45:19.0104 2296 Scan started 15:45:19.0104 2296 Mode: Manual; SigCheck; TDLFS; 15:45:19.0104 2296 ============================================================ 15:45:19.0510 2296 ================ Scan system memory ======================== 15:45:19.0510 2296 System memory - ok 15:45:19.0510 2296 ================ Scan services ============================= 15:45:19.0681 2296 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys 15:45:19.0837 2296 1394ohci - ok 15:45:19.0884 2296 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys 15:45:19.0915 2296 ACPI - ok 15:45:19.0931 2296 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys 15:45:20.0040 2296 AcpiPmi - ok 15:45:20.0087 2296 [ 45D8E2A2D8B9F33C32A7ADB6900C6E04 ] acsock C:\windows\system32\DRIVERS\acsock.sys 15:45:20.0149 2296 acsock - ok 15:45:20.0243 2296 ADDMEM - ok 15:45:20.0336 2296 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 15:45:20.0352 2296 AdobeARMservice - ok 15:45:20.0414 2296 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:45:20.0446 2296 AdobeFlashPlayerUpdateSvc - ok 15:45:20.0492 2296 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys 15:45:20.0539 2296 adp94xx - ok 15:45:20.0570 2296 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys 15:45:20.0602 2296 adpahci - ok 15:45:20.0633 2296 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys 15:45:20.0680 2296 adpu320 - ok 15:45:20.0711 2296 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll 15:45:20.0773 2296 AeLookupSvc - ok 15:45:20.0820 2296 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys 15:45:20.0867 2296 AFD - ok 15:45:20.0898 2296 [ 6416F9B6B220F0A890525C38235AFAD7 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe 15:45:20.0945 2296 AgereModemAudio - ok 15:45:21.0007 2296 [ 07758C2196A62F207F77556311E7459A ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys 15:45:21.0085 2296 AgereSoftModem - ok 15:45:21.0116 2296 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys 15:45:21.0148 2296 agp440 - ok 15:45:21.0194 2296 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys 15:45:21.0226 2296 aic78xx - ok 15:45:21.0257 2296 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe 15:45:21.0335 2296 ALG - ok 15:45:21.0366 2296 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys 15:45:21.0397 2296 aliide - ok 15:45:21.0428 2296 [ 4CD8AA0DC5C3F1E5A8FF67EB7D85ABB4 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe 15:45:21.0491 2296 AMD External Events Utility - ok 15:45:21.0506 2296 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys 15:45:21.0538 2296 amdagp - ok 15:45:21.0569 2296 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys 15:45:21.0584 2296 amdide - ok 15:45:21.0631 2296 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys 15:45:21.0709 2296 AmdK8 - ok 15:45:21.0725 2296 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys 15:45:21.0772 2296 AmdPPM - ok 15:45:21.0818 2296 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys 15:45:21.0850 2296 amdsata - ok 15:45:21.0865 2296 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys 15:45:21.0896 2296 amdsbs - ok 15:45:21.0912 2296 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys 15:45:21.0943 2296 amdxata - ok 15:45:22.0021 2296 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 15:45:22.0037 2296 AntiVirSchedulerService - ok 15:45:22.0068 2296 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 15:45:22.0099 2296 AntiVirService - ok 15:45:22.0130 2296 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys 15:45:22.0240 2296 AppID - ok 15:45:22.0286 2296 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll 15:45:22.0364 2296 AppIDSvc - ok 15:45:22.0396 2296 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\windows\System32\appinfo.dll 15:45:22.0458 2296 Appinfo - ok 15:45:22.0505 2296 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys 15:45:22.0536 2296 arc - ok 15:45:22.0552 2296 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys 15:45:22.0583 2296 arcsas - ok 15:45:22.0645 2296 [ 39CDCB109BF200CC8A05B9C7E6272D11 ] aspnet_state C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 15:45:22.0676 2296 aspnet_state - ok 15:45:22.0692 2296 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 15:45:22.0801 2296 AsyncMac - ok 15:45:22.0832 2296 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys 15:45:22.0864 2296 atapi - ok 15:45:22.0910 2296 [ 2EB96571FE865F07ED1FD6017575026F ] athr C:\windows\system32\DRIVERS\athr.sys 15:45:22.0988 2296 athr - ok 15:45:23.0129 2296 [ 745C79700646C3F285CD09775618A04B ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys 15:45:23.0378 2296 atikmdag - ok 15:45:23.0410 2296 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\windows\system32\DRIVERS\atksgt.sys 15:45:23.0456 2296 atksgt - ok 15:45:23.0488 2296 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll 15:45:23.0566 2296 AudioEndpointBuilder - ok 15:45:23.0581 2296 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll 15:45:23.0628 2296 Audiosrv - ok 15:45:23.0659 2296 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys 15:45:23.0690 2296 avgntflt - ok 15:45:23.0706 2296 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\windows\system32\DRIVERS\avipbb.sys 15:45:23.0737 2296 avipbb - ok 15:45:23.0753 2296 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\windows\system32\DRIVERS\avkmgr.sys 15:45:23.0784 2296 avkmgr - ok 15:45:23.0815 2296 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll 15:45:23.0909 2296 AxInstSV - ok 15:45:23.0956 2296 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys 15:45:24.0002 2296 b06bdrv - ok 15:45:24.0034 2296 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys 15:45:24.0080 2296 b57nd60x - ok 15:45:24.0127 2296 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll 15:45:24.0190 2296 BDESVC - ok 15:45:24.0205 2296 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys 15:45:24.0268 2296 Beep - ok 15:45:24.0346 2296 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll 15:45:24.0424 2296 BFE - ok 15:45:24.0470 2296 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\System32\qmgr.dll 15:45:24.0548 2296 BITS - ok 15:45:24.0564 2296 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys 15:45:24.0611 2296 blbdrive - ok 15:45:24.0626 2296 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys 15:45:24.0689 2296 bowser - ok 15:45:24.0720 2296 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys 15:45:24.0782 2296 BrFiltLo - ok 15:45:24.0798 2296 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys 15:45:24.0860 2296 BrFiltUp - ok 15:45:24.0907 2296 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys 15:45:24.0970 2296 BridgeMP - ok 15:45:25.0016 2296 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll 15:45:25.0063 2296 Browser - ok 15:45:25.0094 2296 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys 15:45:25.0157 2296 Brserid - ok 15:45:25.0172 2296 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys 15:45:25.0219 2296 BrSerWdm - ok 15:45:25.0235 2296 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys 15:45:25.0297 2296 BrUsbMdm - ok 15:45:25.0313 2296 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys 15:45:25.0375 2296 BrUsbSer - ok 15:45:25.0406 2296 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys 15:45:25.0484 2296 BthEnum - ok 15:45:25.0516 2296 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys 15:45:25.0562 2296 BTHMODEM - ok 15:45:25.0594 2296 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys 15:45:25.0656 2296 BthPan - ok 15:45:25.0687 2296 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys 15:45:25.0750 2296 BTHPORT - ok 15:45:25.0781 2296 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll 15:45:25.0843 2296 bthserv - ok 15:45:25.0874 2296 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys 15:45:25.0906 2296 BTHUSB - ok 15:45:25.0921 2296 catchme - ok 15:45:25.0937 2296 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys 15:45:26.0015 2296 cdfs - ok 15:45:26.0046 2296 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\drivers\cdrom.sys 15:45:26.0093 2296 cdrom - ok 15:45:26.0124 2296 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll 15:45:26.0186 2296 CertPropSvc - ok 15:45:26.0218 2296 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys 15:45:26.0280 2296 circlass - ok 15:45:26.0311 2296 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys 15:45:26.0342 2296 CLFS - ok 15:45:26.0358 2296 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:45:26.0389 2296 clr_optimization_v2.0.50727_32 - ok 15:45:26.0452 2296 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:45:26.0467 2296 clr_optimization_v4.0.30319_32 - ok 15:45:26.0483 2296 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 15:45:26.0530 2296 CmBatt - ok 15:45:26.0576 2296 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys 15:45:26.0608 2296 cmdide - ok 15:45:26.0654 2296 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys 15:45:26.0701 2296 CNG - ok 15:45:26.0717 2296 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 15:45:26.0748 2296 Compbatt - ok 15:45:26.0779 2296 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys 15:45:26.0826 2296 CompositeBus - ok 15:45:26.0826 2296 COMSysApp - ok 15:45:26.0873 2296 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys 15:45:26.0888 2296 crcdisk - ok 15:45:26.0935 2296 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\windows\system32\cryptsvc.dll 15:45:26.0998 2296 CryptSvc - ok 15:45:27.0029 2296 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\windows\system32\DRIVERS\CVirtA.sys 15:45:27.0091 2296 CVirtA - ok 15:45:27.0169 2296 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 15:45:27.0216 2296 CVPND - ok 15:45:27.0263 2296 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\windows\system32\Drivers\CVPNDRVA.sys 15:45:27.0325 2296 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 15:45:27.0325 2296 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 15:45:27.0356 2296 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll 15:45:27.0419 2296 DcomLaunch - ok 15:45:27.0450 2296 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll 15:45:27.0512 2296 defragsvc - ok 15:45:27.0544 2296 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys 15:45:27.0606 2296 DfsC - ok 15:45:27.0622 2296 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll 15:45:27.0684 2296 Dhcp - ok 15:45:27.0715 2296 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys 15:45:27.0778 2296 discache - ok 15:45:27.0778 2296 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys 15:45:27.0824 2296 Disk - ok 15:45:27.0856 2296 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\windows\system32\DRIVERS\dne2000.sys 15:45:27.0871 2296 DNE - ok 15:45:27.0918 2296 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll 15:45:27.0980 2296 Dnscache - ok 15:45:28.0012 2296 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll 15:45:28.0090 2296 dot3svc - ok 15:45:28.0121 2296 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll 15:45:28.0183 2296 DPS - ok 15:45:28.0214 2296 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 15:45:28.0261 2296 drmkaud - ok 15:45:28.0324 2296 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys 15:45:28.0370 2296 DXGKrnl - ok 15:45:28.0417 2296 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll 15:45:28.0480 2296 EapHost - ok 15:45:28.0573 2296 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys 15:45:28.0682 2296 ebdrv - ok 15:45:28.0714 2296 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe 15:45:28.0760 2296 EFS - ok 15:45:28.0838 2296 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe 15:45:28.0916 2296 ehRecvr - ok 15:45:28.0948 2296 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe 15:45:29.0010 2296 ehSched - ok 15:45:29.0057 2296 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys 15:45:29.0088 2296 elxstor - ok 15:45:29.0119 2296 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys 15:45:29.0166 2296 ErrDev - ok 15:45:29.0213 2296 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll 15:45:29.0291 2296 EventSystem - ok 15:45:29.0306 2296 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys 15:45:29.0384 2296 exfat - ok 15:45:29.0416 2296 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys 15:45:29.0478 2296 fastfat - ok 15:45:29.0525 2296 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe 15:45:29.0603 2296 Fax - ok 15:45:29.0634 2296 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys 15:45:29.0665 2296 fdc - ok 15:45:29.0728 2296 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll 15:45:29.0790 2296 fdPHost - ok 15:45:29.0806 2296 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll 15:45:29.0868 2296 FDResPub - ok 15:45:29.0884 2296 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys 15:45:29.0915 2296 FileInfo - ok 15:45:29.0930 2296 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys 15:45:29.0993 2296 Filetrace - ok 15:45:30.0008 2296 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys 15:45:30.0055 2296 flpydisk - ok 15:45:30.0071 2296 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 15:45:30.0118 2296 FltMgr - ok 15:45:30.0164 2296 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\windows\system32\FntCache.dll 15:45:30.0227 2296 FontCache - ok 15:45:30.0305 2296 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:45:30.0320 2296 FontCache3.0.0.0 - ok 15:45:30.0352 2296 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys 15:45:30.0367 2296 FsDepends - ok 15:45:30.0398 2296 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 15:45:30.0430 2296 Fs_Rec - ok 15:45:30.0476 2296 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\windows\system32\DRIVERS\fvevol.sys 15:45:30.0508 2296 fvevol - ok 15:45:30.0539 2296 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys 15:45:30.0570 2296 gagp30kx - ok 15:45:30.0617 2296 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll 15:45:30.0679 2296 gpsvc - ok 15:45:30.0757 2296 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 15:45:30.0773 2296 gupdate - ok 15:45:30.0788 2296 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 15:45:30.0804 2296 gupdatem - ok 15:45:30.0851 2296 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 15:45:30.0866 2296 gusvc - ok 15:45:30.0882 2296 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys 15:45:30.0944 2296 hcw85cir - ok 15:45:30.0976 2296 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys 15:45:31.0038 2296 HdAudAddService - ok 15:45:31.0054 2296 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys 15:45:31.0100 2296 HDAudBus - ok 15:45:31.0116 2296 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys 15:45:31.0147 2296 HidBatt - ok 15:45:31.0178 2296 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys 15:45:31.0225 2296 HidBth - ok 15:45:31.0256 2296 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys 15:45:31.0303 2296 HidIr - ok 15:45:31.0334 2296 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\System32\hidserv.dll 15:45:31.0397 2296 hidserv - ok 15:45:31.0444 2296 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 15:45:31.0490 2296 HidUsb - ok 15:45:31.0522 2296 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll 15:45:31.0584 2296 hkmsvc - ok 15:45:31.0615 2296 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll 15:45:31.0678 2296 HomeGroupListener - ok 15:45:31.0709 2296 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll 15:45:31.0771 2296 HomeGroupProvider - ok 15:45:31.0787 2296 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys 15:45:31.0818 2296 HpSAMD - ok 15:45:31.0834 2296 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys 15:45:31.0896 2296 HTTP - ok 15:45:31.0912 2296 hwdatacard - ok 15:45:31.0943 2296 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys 15:45:31.0974 2296 hwpolicy - ok 15:45:31.0974 2296 hwusbdev - ok 15:45:32.0021 2296 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\drivers\i8042prt.sys 15:45:32.0068 2296 i8042prt - ok 15:45:32.0083 2296 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys 15:45:32.0115 2296 iaStor - ok 15:45:32.0146 2296 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys 15:45:32.0193 2296 iaStorV - ok 15:45:32.0255 2296 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 15:45:32.0286 2296 IDriverT ( UnsignedFile.Multi.Generic ) - warning 15:45:32.0286 2296 IDriverT - detected UnsignedFile.Multi.Generic (1) 15:45:32.0364 2296 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:45:32.0442 2296 idsvc - ok 15:45:32.0583 2296 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys 15:45:32.0785 2296 igfx - ok 15:45:32.0817 2296 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys 15:45:32.0848 2296 iirsp - ok 15:45:32.0895 2296 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll 15:45:32.0988 2296 IKEEXT - ok 15:45:33.0082 2296 [ 5CEEF2CCCB4FE00D3FFBFEB12BCFA07F ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys 15:45:33.0175 2296 IntcAzAudAddService - ok 15:45:33.0222 2296 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys 15:45:33.0253 2296 intelide - ok 15:45:33.0285 2296 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 15:45:33.0316 2296 intelppm - ok 15:45:33.0347 2296 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll 15:45:33.0425 2296 IPBusEnum - ok 15:45:33.0472 2296 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll 15:45:33.0550 2296 iphlpsvc - ok 15:45:33.0581 2296 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys 15:45:33.0628 2296 IPMIDRV - ok 15:45:33.0659 2296 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys 15:45:33.0721 2296 IPNAT - ok 15:45:33.0737 2296 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys 15:45:33.0768 2296 IRENUM - ok 15:45:33.0799 2296 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys 15:45:33.0831 2296 isapnp - ok 15:45:33.0862 2296 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys 15:45:33.0893 2296 iScsiPrt - ok 15:45:33.0924 2296 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\drivers\kbdclass.sys 15:45:33.0955 2296 kbdclass - ok 15:45:33.0971 2296 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\drivers\kbdhid.sys 15:45:34.0033 2296 kbdhid - ok 15:45:34.0065 2296 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe 15:45:34.0096 2296 KeyIso - ok 15:45:34.0127 2296 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\windows\system32\DRIVERS\kmdfmemio.sys 15:45:34.0174 2296 KMDFMEMIO - ok 15:45:34.0205 2296 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys 15:45:34.0236 2296 KSecDD - ok 15:45:34.0252 2296 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys 15:45:34.0299 2296 KSecPkg - ok 15:45:34.0330 2296 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll 15:45:34.0423 2296 KtmRm - ok 15:45:34.0455 2296 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\System32\srvsvc.dll 15:45:34.0533 2296 LanmanServer - ok 15:45:34.0564 2296 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll 15:45:34.0642 2296 LanmanWorkstation - ok 15:45:34.0673 2296 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\windows\system32\DRIVERS\lirsgt.sys 15:45:34.0689 2296 lirsgt - ok 15:45:34.0720 2296 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys 15:45:34.0782 2296 lltdio - ok 15:45:34.0813 2296 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll 15:45:34.0876 2296 lltdsvc - ok 15:45:34.0891 2296 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll 15:45:34.0954 2296 lmhosts - ok 15:45:34.0985 2296 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys 15:45:35.0016 2296 LSI_FC - ok 15:45:35.0032 2296 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys 15:45:35.0079 2296 LSI_SAS - ok 15:45:35.0094 2296 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys 15:45:35.0125 2296 LSI_SAS2 - ok 15:45:35.0141 2296 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys 15:45:35.0172 2296 LSI_SCSI - ok 15:45:35.0188 2296 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys 15:45:35.0250 2296 luafv - ok 15:45:35.0266 2296 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll 15:45:35.0313 2296 Mcx2Svc - ok 15:45:35.0328 2296 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys 15:45:35.0359 2296 megasas - ok 15:45:35.0375 2296 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys 15:45:35.0422 2296 MegaSR - ok 15:45:35.0453 2296 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll 15:45:35.0515 2296 MMCSS - ok 15:45:35.0531 2296 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys 15:45:35.0593 2296 Modem - ok 15:45:35.0609 2296 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys 15:45:35.0640 2296 monitor - ok 15:45:35.0687 2296 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys 15:45:35.0718 2296 mouclass - ok 15:45:35.0749 2296 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 15:45:35.0781 2296 mouhid - ok 15:45:35.0812 2296 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys 15:45:35.0827 2296 mountmgr - ok 15:45:35.0937 2296 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 15:45:35.0983 2296 MozillaMaintenance - ok 15:45:35.0999 2296 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys 15:45:36.0030 2296 mpio - ok 15:45:36.0046 2296 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys 15:45:36.0108 2296 mpsdrv - ok 15:45:36.0155 2296 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll 15:45:36.0233 2296 MpsSvc - ok 15:45:36.0264 2296 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys 15:45:36.0327 2296 MRxDAV - ok 15:45:36.0358 2296 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys 15:45:36.0420 2296 mrxsmb - ok 15:45:36.0451 2296 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys 15:45:36.0498 2296 mrxsmb10 - ok 15:45:36.0514 2296 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys 15:45:36.0545 2296 mrxsmb20 - ok 15:45:36.0561 2296 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys 15:45:36.0592 2296 msahci - ok 15:45:36.0623 2296 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys 15:45:36.0654 2296 msdsm - ok 15:45:36.0670 2296 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe 15:45:36.0732 2296 MSDTC - ok 15:45:36.0763 2296 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys 15:45:36.0841 2296 Msfs - ok 15:45:36.0857 2296 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys 15:45:36.0904 2296 mshidkmdf - ok 15:45:36.0935 2296 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys 15:45:36.0966 2296 msisadrv - ok 15:45:36.0982 2296 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll 15:45:37.0060 2296 MSiSCSI - ok 15:45:37.0060 2296 msiserver - ok 15:45:37.0075 2296 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 15:45:37.0138 2296 MSKSSRV - ok 15:45:37.0153 2296 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 15:45:37.0216 2296 MSPCLOCK - ok 15:45:37.0231 2296 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys 15:45:37.0278 2296 MSPQM - ok 15:45:37.0294 2296 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys 15:45:37.0341 2296 MsRPC - ok 15:45:37.0356 2296 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys 15:45:37.0372 2296 mssmbios - ok 15:45:37.0387 2296 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys 15:45:37.0450 2296 MSTEE - ok 15:45:37.0465 2296 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys 15:45:37.0512 2296 MTConfig - ok 15:45:37.0528 2296 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys 15:45:37.0559 2296 Mup - ok 15:45:37.0590 2296 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll 15:45:37.0653 2296 napagent - ok 15:45:37.0715 2296 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys 15:45:37.0762 2296 NativeWifiP - ok 15:45:37.0793 2296 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys 15:45:37.0840 2296 NDIS - ok 15:45:37.0855 2296 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys 15:45:37.0918 2296 NdisCap - ok 15:45:37.0933 2296 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 15:45:37.0996 2296 NdisTapi - ok 15:45:38.0027 2296 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 15:45:38.0089 2296 Ndisuio - ok 15:45:38.0121 2296 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 15:45:38.0183 2296 NdisWan - ok 15:45:38.0199 2296 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys 15:45:38.0261 2296 NDProxy - ok 15:45:38.0292 2296 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 15:45:38.0355 2296 NetBIOS - ok 15:45:38.0401 2296 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys 15:45:38.0464 2296 NetBT - ok 15:45:38.0479 2296 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe 15:45:38.0511 2296 Netlogon - ok 15:45:38.0542 2296 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll 15:45:38.0620 2296 Netman - ok 15:45:38.0667 2296 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll 15:45:38.0745 2296 netprofm - ok 15:45:38.0791 2296 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:45:38.0823 2296 NetTcpPortSharing - ok 15:45:38.0854 2296 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys 15:45:38.0885 2296 nfrd960 - ok 15:45:38.0916 2296 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll 15:45:38.0963 2296 NlaSvc - ok 15:45:38.0994 2296 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys 15:45:39.0041 2296 Npfs - ok 15:45:39.0072 2296 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll 15:45:39.0119 2296 nsi - ok 15:45:39.0135 2296 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys 15:45:39.0197 2296 nsiproxy - ok 15:45:39.0259 2296 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\windows\system32\drivers\Ntfs.sys 15:45:39.0337 2296 Ntfs - ok 15:45:39.0353 2296 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys 15:45:39.0400 2296 Null - ok 15:45:39.0431 2296 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys 15:45:39.0462 2296 nvraid - ok 15:45:39.0478 2296 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys 15:45:39.0509 2296 nvstor - ok 15:45:39.0556 2296 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys 15:45:39.0587 2296 nv_agp - ok 15:45:39.0618 2296 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys 15:45:39.0649 2296 ohci1394 - ok 15:45:39.0696 2296 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll 15:45:39.0759 2296 p2pimsvc - ok 15:45:39.0790 2296 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll 15:45:39.0821 2296 p2psvc - ok 15:45:39.0868 2296 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys 15:45:39.0915 2296 Parport - ok 15:45:39.0946 2296 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys 15:45:39.0977 2296 partmgr - ok 15:45:39.0993 2296 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys 15:45:40.0039 2296 Parvdm - ok 15:45:40.0055 2296 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll 15:45:40.0102 2296 PcaSvc - ok 15:45:40.0133 2296 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys 15:45:40.0149 2296 pci - ok 15:45:40.0180 2296 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys 15:45:40.0195 2296 pciide - ok 15:45:40.0227 2296 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys 15:45:40.0258 2296 pcmcia - ok 15:45:40.0273 2296 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys 15:45:40.0305 2296 pcw - ok 15:45:40.0336 2296 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys 15:45:40.0429 2296 PEAUTH - ok 15:45:40.0492 2296 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll 15:45:40.0601 2296 pla - ok 15:45:40.0648 2296 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll 15:45:40.0695 2296 PlugPlay - ok 15:45:40.0726 2296 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll 15:45:40.0773 2296 PNRPAutoReg - ok 15:45:40.0788 2296 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll 15:45:40.0819 2296 PNRPsvc - ok 15:45:40.0851 2296 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll 15:45:40.0929 2296 PolicyAgent - ok 15:45:40.0960 2296 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll 15:45:41.0022 2296 Power - ok 15:45:41.0053 2296 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 15:45:41.0100 2296 PptpMiniport - ok 15:45:41.0131 2296 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys 15:45:41.0163 2296 Processor - ok 15:45:41.0194 2296 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll 15:45:41.0256 2296 ProfSvc - ok 15:45:41.0272 2296 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe 15:45:41.0303 2296 ProtectedStorage - ok 15:45:41.0319 2296 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys 15:45:41.0381 2296 Psched - ok 15:45:41.0428 2296 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys 15:45:41.0506 2296 ql2300 - ok 15:45:41.0521 2296 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys 15:45:41.0553 2296 ql40xx - ok 15:45:41.0584 2296 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll 15:45:41.0662 2296 QWAVE - ok 15:45:41.0677 2296 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys 15:45:41.0724 2296 QWAVEdrv - ok 15:45:41.0740 2296 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 15:45:41.0818 2296 RasAcd - ok 15:45:41.0833 2296 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys 15:45:41.0896 2296 RasAgileVpn - ok 15:45:41.0927 2296 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll 15:45:41.0974 2296 RasAuto - ok 15:45:41.0989 2296 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 15:45:42.0052 2296 Rasl2tp - ok 15:45:42.0083 2296 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll 15:45:42.0161 2296 RasMan - ok 15:45:42.0177 2296 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 15:45:42.0239 2296 RasPppoe - ok 15:45:42.0270 2296 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys 15:45:42.0348 2296 RasSstp - ok 15:45:42.0379 2296 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys 15:45:42.0442 2296 rdbss - ok 15:45:42.0457 2296 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys 15:45:42.0489 2296 rdpbus - ok 15:45:42.0535 2296 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 15:45:42.0582 2296 RDPCDD - ok 15:45:42.0598 2296 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys 15:45:42.0660 2296 RDPENCDD - ok 15:45:42.0676 2296 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys 15:45:42.0738 2296 RDPREFMP - ok 15:45:42.0801 2296 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys 15:45:42.0863 2296 RDPWD - ok 15:45:42.0894 2296 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys 15:45:42.0941 2296 rdyboost - ok 15:45:42.0972 2296 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll 15:45:43.0035 2296 RemoteAccess - ok 15:45:43.0066 2296 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll 15:45:43.0144 2296 RemoteRegistry - ok 15:45:43.0159 2296 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys 15:45:43.0222 2296 RFCOMM - ok 15:45:43.0237 2296 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll 15:45:43.0315 2296 RpcEptMapper - ok 15:45:43.0347 2296 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe 15:45:43.0393 2296 RpcLocator - ok 15:45:43.0409 2296 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\System32\rpcss.dll 15:45:43.0471 2296 RpcSs - ok 15:45:43.0503 2296 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 15:45:43.0565 2296 rspndr - ok 15:45:43.0596 2296 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys 15:45:43.0643 2296 RTL8167 - ok 15:45:43.0659 2296 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\windows\system32\Drivers\SABI.sys 15:45:43.0705 2296 SABI - ok 15:45:43.0721 2296 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe 15:45:43.0752 2296 SamSs - ok 15:45:43.0783 2296 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys 15:45:43.0815 2296 sbp2port - ok 15:45:43.0846 2296 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll 15:45:43.0924 2296 SCardSvr - ok 15:45:43.0939 2296 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys 15:45:43.0986 2296 scfilter - ok 15:45:44.0033 2296 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll 15:45:44.0111 2296 Schedule - ok 15:45:44.0127 2296 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll 15:45:44.0173 2296 SCPolicySvc - ok 15:45:44.0205 2296 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll 15:45:44.0267 2296 SDRSVC - ok 15:45:44.0298 2296 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys 15:45:44.0361 2296 secdrv - ok 15:45:44.0392 2296 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll 15:45:44.0454 2296 seclogon - ok 15:45:44.0470 2296 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\system32\sens.dll 15:45:44.0532 2296 SENS - ok 15:45:44.0563 2296 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll 15:45:44.0595 2296 SensrSvc - ok 15:45:44.0626 2296 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys 15:45:44.0657 2296 Serenum - ok 15:45:44.0673 2296 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys 15:45:44.0704 2296 Serial - ok 15:45:44.0735 2296 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys 15:45:44.0797 2296 sermouse - ok 15:45:44.0829 2296 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll 15:45:44.0891 2296 SessionEnv - ok 15:45:44.0922 2296 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys 15:45:44.0969 2296 sffdisk - ok 15:45:44.0985 2296 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys 15:45:45.0016 2296 sffp_mmc - ok 15:45:45.0047 2296 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys 15:45:45.0078 2296 sffp_sd - ok 15:45:45.0109 2296 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys 15:45:45.0156 2296 sfloppy - ok 15:45:45.0203 2296 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll 15:45:45.0297 2296 SharedAccess - ok 15:45:45.0328 2296 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll 15:45:45.0406 2296 ShellHWDetection - ok 15:45:45.0437 2296 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys 15:45:45.0468 2296 sisagp - ok 15:45:45.0515 2296 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys 15:45:45.0531 2296 SiSRaid2 - ok 15:45:45.0562 2296 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys 15:45:45.0593 2296 SiSRaid4 - ok 15:45:45.0655 2296 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 15:45:45.0671 2296 SkypeUpdate - ok 15:45:45.0687 2296 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys 15:45:45.0749 2296 Smb - ok 15:45:45.0796 2296 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe 15:45:45.0827 2296 SNMPTRAP - ok 15:45:45.0843 2296 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys 15:45:45.0874 2296 spldr - ok 15:45:45.0921 2296 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe 15:45:45.0967 2296 Spooler - ok 15:45:46.0061 2296 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe 15:45:46.0170 2296 sppsvc - ok 15:45:46.0217 2296 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll 15:45:46.0264 2296 sppuinotify - ok 15:45:46.0326 2296 [ D15DA1BA189770D93EEA2D7E18F95AF9 ] sptd C:\windows\system32\Drivers\sptd.sys 15:45:46.0326 2296 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: D15DA1BA189770D93EEA2D7E18F95AF9 15:45:46.0326 2296 sptd ( LockedFile.Multi.Generic ) - warning 15:45:46.0326 2296 sptd - detected LockedFile.Multi.Generic (1) 15:45:46.0389 2296 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 15:45:46.0435 2296 SQLWriter - ok 15:45:46.0467 2296 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys 15:45:46.0545 2296 srv - ok 15:45:46.0545 2296 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys 15:45:46.0607 2296 srv2 - ok 15:45:46.0623 2296 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys 15:45:46.0669 2296 srvnet - ok 15:45:46.0685 2296 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 15:45:46.0781 2296 SSDPSRV - ok 15:45:46.0816 2296 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\windows\system32\DRIVERS\ssmdrv.sys 15:45:46.0838 2296 ssmdrv - ok 15:45:46.0858 2296 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll 15:45:46.0916 2296 SstpSvc - ok 15:45:46.0953 2296 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys 15:45:46.0982 2296 stexstor - ok 15:45:47.0034 2296 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll 15:45:47.0093 2296 StiSvc - ok 15:45:47.0135 2296 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys 15:45:47.0164 2296 swenum - ok 15:45:47.0208 2296 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll 15:45:47.0286 2296 swprv - ok 15:45:47.0328 2296 [ 7A9025D8F7852B06D6D08ED536135E7E ] SynTP C:\windows\system32\DRIVERS\SynTP.sys 15:45:47.0360 2296 SynTP - ok 15:45:47.0409 2296 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll 15:45:47.0485 2296 SysMain - ok 15:45:47.0522 2296 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll 15:45:47.0595 2296 TabletInputService - ok 15:45:47.0635 2296 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll 15:45:47.0710 2296 TapiSrv - ok 15:45:47.0744 2296 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll 15:45:47.0814 2296 TBS - ok 15:45:47.0865 2296 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\windows\system32\drivers\tcpip.sys 15:45:47.0946 2296 Tcpip - ok 15:45:47.0982 2296 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys 15:45:48.0036 2296 TCPIP6 - ok 15:45:48.0074 2296 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys 15:45:48.0119 2296 tcpipreg - ok 15:45:48.0164 2296 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys 15:45:48.0221 2296 TDPIPE - ok 15:45:48.0254 2296 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys 15:45:48.0291 2296 TDTCP - ok 15:45:48.0323 2296 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys 15:45:48.0387 2296 tdx - ok 15:45:48.0410 2296 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys 15:45:48.0440 2296 TermDD - ok 15:45:48.0489 2296 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll 15:45:48.0574 2296 TermService - ok 15:45:48.0617 2296 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll 15:45:48.0657 2296 Themes - ok 15:45:48.0683 2296 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll 15:45:48.0735 2296 THREADORDER - ok 15:45:48.0749 2296 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll 15:45:48.0824 2296 TrkWks - ok 15:45:48.0889 2296 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe 15:45:48.0952 2296 TrustedInstaller - ok 15:45:48.0982 2296 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys 15:45:49.0034 2296 tssecsrv - ok 15:45:49.0070 2296 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys 15:45:49.0124 2296 TsUsbFlt - ok 15:45:49.0178 2296 [ C7732ABB05D2AC3E43DDBF916FC2E2DA ] TuneUp.Defrag C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe 15:45:49.0225 2296 TuneUp.Defrag - ok 15:45:49.0280 2296 [ CB853481039F08517939AB269077C118 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe 15:45:49.0323 2296 TuneUp.UtilitiesSvc - ok 15:45:49.0345 2296 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys 15:45:49.0368 2296 TuneUpUtilitiesDrv - ok 15:45:49.0399 2296 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys 15:45:49.0446 2296 tunnel - ok 15:45:49.0488 2296 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys 15:45:49.0519 2296 uagp35 - ok 15:45:49.0558 2296 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys 15:45:49.0624 2296 udfs - ok 15:45:49.0664 2296 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe 15:45:49.0710 2296 UI0Detect - ok 15:45:49.0735 2296 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys 15:45:49.0768 2296 uliagpkx - ok 15:45:49.0786 2296 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys 15:45:49.0818 2296 umbus - ok 15:45:49.0844 2296 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys 15:45:49.0888 2296 UmPass - ok 15:45:49.0911 2296 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll 15:45:49.0997 2296 upnphost - ok 15:45:50.0030 2296 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 15:45:50.0078 2296 usbccgp - ok 15:45:50.0116 2296 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys 15:45:50.0171 2296 usbcir - ok 15:45:50.0204 2296 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys 15:45:50.0233 2296 usbehci - ok 15:45:50.0274 2296 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 15:45:50.0323 2296 usbhub - ok 15:45:50.0345 2296 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys 15:45:50.0388 2296 usbohci - ok 15:45:50.0406 2296 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys 15:45:50.0437 2296 usbprint - ok 15:45:50.0468 2296 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys 15:45:50.0514 2296 usbscan - ok 15:45:50.0549 2296 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 15:45:50.0594 2296 USBSTOR - ok 15:45:50.0624 2296 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys 15:45:50.0655 2296 usbuhci - ok 15:45:50.0694 2296 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys 15:45:50.0747 2296 usbvideo - ok 15:45:50.0780 2296 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll 15:45:50.0838 2296 UxSms - ok 15:45:50.0864 2296 [ FC5BCA83C5000509FEEFBFAE81074835 ] UxTuneUp C:\windows\System32\uxtuneup.dll 15:45:50.0883 2296 UxTuneUp - ok 15:45:50.0901 2296 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe 15:45:50.0925 2296 VaultSvc - ok 15:45:50.0956 2296 [ 94D73B62E458FB56C9CE60AA96D914F9 ] VClone C:\windows\system32\DRIVERS\VClone.sys 15:45:50.0996 2296 VClone - ok 15:45:51.0015 2296 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys 15:45:51.0046 2296 vdrvroot - ok 15:45:51.0089 2296 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe 15:45:51.0166 2296 vds - ok 15:45:51.0209 2296 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys 15:45:51.0243 2296 vga - ok 15:45:51.0267 2296 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys 15:45:51.0333 2296 VgaSave - ok 15:45:51.0374 2296 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys 15:45:51.0413 2296 vhdmp - ok 15:45:51.0451 2296 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys 15:45:51.0482 2296 viaagp - ok 15:45:51.0501 2296 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys 15:45:51.0547 2296 ViaC7 - ok 15:45:51.0582 2296 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys 15:45:51.0611 2296 viaide - ok 15:45:51.0654 2296 [ 88C52F322117F60B7A0C89D683E30F6A ] VMC326 C:\windows\system32\Drivers\VMC326.sys 15:45:51.0706 2296 VMC326 - ok 15:45:51.0727 2296 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys 15:45:51.0759 2296 volmgr - ok 15:45:51.0784 2296 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys 15:45:51.0814 2296 volmgrx - ok 15:45:51.0847 2296 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys 15:45:51.0890 2296 volsnap - ok 15:45:51.0943 2296 [ 8CA9793CBEE993660FF7FC2769A4E252 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe 15:45:51.0971 2296 vpnagent - ok 15:45:52.0000 2296 [ FDDAFA1C89B0B07494AF5879F7ECE857 ] vpnva C:\windows\system32\DRIVERS\vpnva.sys 15:45:52.0028 2296 vpnva - ok 15:45:52.0044 2296 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys 15:45:52.0078 2296 vsmraid - ok 15:45:52.0126 2296 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe 15:45:52.0222 2296 VSS - ok 15:45:52.0239 2296 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys 15:45:52.0280 2296 vwifibus - ok 15:45:52.0297 2296 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys 15:45:52.0330 2296 vwififlt - ok 15:45:52.0377 2296 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll 15:45:52.0455 2296 W32Time - ok 15:45:52.0486 2296 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys 15:45:52.0533 2296 WacomPen - ok 15:45:52.0549 2296 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys 15:45:52.0611 2296 WANARP - ok 15:45:52.0627 2296 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys 15:45:52.0673 2296 Wanarpv6 - ok 15:45:52.0736 2296 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe 15:45:52.0814 2296 wbengine - ok 15:45:52.0845 2296 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll 15:45:52.0892 2296 WbioSrvc - ok 15:45:52.0939 2296 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll 15:45:52.0985 2296 wcncsvc - ok 15:45:53.0017 2296 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll 15:45:53.0063 2296 WcsPlugInService - ok 15:45:53.0110 2296 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys 15:45:53.0141 2296 Wd - ok 15:45:53.0173 2296 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys 15:45:53.0235 2296 Wdf01000 - ok 15:45:53.0251 2296 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll 15:45:53.0313 2296 WdiServiceHost - ok 15:45:53.0329 2296 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll 15:45:53.0360 2296 WdiSystemHost - ok 15:45:53.0391 2296 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll 15:45:53.0453 2296 WebClient - ok 15:45:53.0485 2296 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll 15:45:53.0547 2296 Wecsvc - ok 15:45:53.0563 2296 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll 15:45:53.0625 2296 wercplsupport - ok 15:45:53.0656 2296 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll 15:45:53.0719 2296 WerSvc - ok 15:45:53.0750 2296 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys 15:45:53.0797 2296 WfpLwf - ok 15:45:53.0812 2296 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys 15:45:53.0843 2296 WIMMount - ok 15:45:53.0906 2296 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 15:45:53.0937 2296 WinDefend - ok 15:45:53.0953 2296 WinHttpAutoProxySvc - ok 15:45:54.0031 2296 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll 15:45:54.0109 2296 Winmgmt - ok 15:45:54.0155 2296 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll 15:45:54.0249 2296 WinRM - ok 15:45:54.0327 2296 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll 15:45:54.0389 2296 Wlansvc - ok 15:45:54.0499 2296 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:45:54.0577 2296 wlidsvc - ok 15:45:54.0608 2296 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys 15:45:54.0655 2296 WmiAcpi - ok 15:45:54.0717 2296 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe 15:45:54.0779 2296 wmiApSrv - ok 15:45:54.0842 2296 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 15:45:54.0904 2296 WMPNetworkSvc - ok 15:45:54.0935 2296 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll 15:45:54.0998 2296 WPCSvc - ok 15:45:55.0029 2296 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll 15:45:55.0076 2296 WPDBusEnum - ok 15:45:55.0107 2296 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys 15:45:55.0169 2296 ws2ifsl - ok 15:45:55.0201 2296 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\system32\wscsvc.dll 15:45:55.0232 2296 wscsvc - ok 15:45:55.0247 2296 WSearch - ok 15:45:55.0325 2296 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll 15:45:55.0403 2296 wuauserv - ok 15:45:55.0435 2296 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys 15:45:55.0481 2296 WudfPf - ok 15:45:55.0497 2296 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys 15:45:55.0544 2296 WUDFRd - ok 15:45:55.0575 2296 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll 15:45:55.0606 2296 wudfsvc - ok 15:45:55.0653 2296 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\windows\System32\wwansvc.dll 15:45:55.0715 2296 WwanSvc - ok 15:45:55.0747 2296 [ F0CEEA6CC0E5BFEFC745B66DC5E9816B ] yksvc C:\windows\System32\yk62x86.dll 15:45:55.0809 2296 yksvc - ok 15:45:55.0856 2296 [ 3EB1576F77B60A6C79DD7742B67219B8 ] yukonw7 C:\windows\system32\DRIVERS\yk62x86.sys 15:45:55.0903 2296 yukonw7 - ok 15:45:55.0934 2296 ================ Scan global =============================== 15:45:55.0996 2296 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll 15:45:56.0027 2296 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll 15:45:56.0059 2296 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\windows\system32\winsrv.dll 15:45:56.0090 2296 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll 15:45:56.0137 2296 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe 15:45:56.0168 2296 [Global] - ok 15:45:56.0168 2296 ================ Scan MBR ================================== 15:45:56.0183 2296 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 15:45:56.0511 2296 \Device\Harddisk0\DR0 - ok 15:45:56.0511 2296 ================ Scan VBR ================================== 15:45:56.0542 2296 [ 620D63C6C70847CF6C08D4E280E7D476 ] \Device\Harddisk0\DR0\Partition1 15:45:56.0542 2296 \Device\Harddisk0\DR0\Partition1 - ok 15:45:56.0558 2296 [ 3C5044C33DB994F22F0C1BC855F85372 ] \Device\Harddisk0\DR0\Partition2 15:45:56.0558 2296 \Device\Harddisk0\DR0\Partition2 - ok 15:45:56.0573 2296 [ 1B703C0789609CF2330FD1EB71430ED0 ] \Device\Harddisk0\DR0\Partition3 15:45:56.0589 2296 \Device\Harddisk0\DR0\Partition3 - ok 15:45:56.0589 2296 ============================================================ 15:45:56.0589 2296 Scan finished 15:45:56.0589 2296 ============================================================ 15:45:56.0605 6040 Detected object count: 3 15:45:56.0605 6040 Actual detected object count: 3 15:46:12.0719 6040 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 15:46:12.0719 6040 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:46:12.0719 6040 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 15:46:12.0719 6040 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:46:12.0719 6040 sptd ( LockedFile.Multi.Generic ) - skipped by user 15:46:12.0719 6040 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 15:46:57.0884 5556 Deinitialize success |
|
05.07.2013, 14:48
| #14 |
| /// Malware-holic | HTML/Infected.WebPage.Gen gefunden...was tun? Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.07.2013, 16:09
| #15 |
| | HTML/Infected.WebPage.Gen gefunden...was tun? soo...isses normal dass dabei soviel gelöscht wird? ComboFix Log: Code:
ATTFilter ComboFix 13-07-04.01 - Robert Koch 05.07.2013 16:51:28.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3037.2209 [GMT 2:00]
ausgeführt von:: c:\users\Robert Koch\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Uninstall.exe
c:\uninstall.exe\023.dat
c:\uninstall.exe\023v.dat
c:\uninstall.exe\023w7.dat
c:\uninstall.exe\023w8.dat
c:\uninstall.exe\ActiveDrv.vbs
c:\uninstall.exe\AppDataFile.cfx
c:\uninstall.exe\AppDataFolder.cfx
c:\uninstall.exe\appinit.bad
c:\uninstall.exe\asp.str
c:\uninstall.exe\Assoc.cmd
c:\uninstall.exe\ATTRIB.3XE
c:\uninstall.exe\Auto-RC.cmd
c:\uninstall.exe\av.cmd
c:\uninstall.exe\av.vbs
c:\uninstall.exe\AWF.cmd
c:\uninstall.exe\badclsid.c
c:\uninstall.exe\BFE.dat
c:\uninstall.exe\Boot-Rk.cmd
c:\uninstall.exe\Boot.bat
c:\uninstall.exe\BootDrv.vbs
c:\uninstall.exe\c.bat
c:\uninstall.exe\c.mrk
c:\uninstall.exe\Catch-sub.cmd
c:\uninstall.exe\catchme.3XE
c:\uninstall.exe\CCS.bat
c:\uninstall.exe\CF-Script.cmd
c:\uninstall.exe\CF24884.3XE
c:\uninstall.exe\CHCP.bat
c:\uninstall.exe\clsid.c
c:\uninstall.exe\Combobatch.bat
c:\uninstall.exe\ComboFix-Download.3XE
c:\uninstall.exe\Create.cmd
c:\uninstall.exe\Creg.dat
c:\uninstall.exe\CregC.cmd
c:\uninstall.exe\CregC.dat
c:\uninstall.exe\CSCRIPT.3XE
c:\uninstall.exe\dd.3XE
c:\uninstall.exe\ddsDo.sed
c:\uninstall.exe\de-DE\ATTRIB.3XE.mui
c:\uninstall.exe\de-DE\CF24884.3XE.mui
c:\uninstall.exe\de-DE\cmd.3XE.mui
c:\uninstall.exe\de-DE\CSCRIPT.3XE.mui
c:\uninstall.exe\de-DE\PING.3XE.mui
c:\uninstall.exe\de-DE\REGT.3XE.mui
c:\uninstall.exe\de-DE\ROUTE.3XE.mui
c:\uninstall.exe\DelClsid.bat
c:\uninstall.exe\DelClsid64.bat
c:\uninstall.exe\desktop.ini
c:\uninstall.exe\DesktopFile.cfx
c:\uninstall.exe\DisclaimED.dat
c:\uninstall.exe\DPF.str
c:\uninstall.exe\DrvRun.vbs
c:\uninstall.exe\dumphive.3XE
c:\uninstall.exe\embedded.sed
c:\uninstall.exe\en-US\iexplore.exe
c:\uninstall.exe\ERDNT.e_e
c:\uninstall.exe\ERDNTDOS.LOC
c:\uninstall.exe\ERDNTWIN.LOC
c:\uninstall.exe\ERUNT.3XE
c:\uninstall.exe\erunt.dat
c:\uninstall.exe\ERUNT.LOC
c:\uninstall.exe\Exe.reg
c:\uninstall.exe\extract.3XE
c:\uninstall.exe\FavoriteFolder.cfx
c:\uninstall.exe\FavoritesFile.cfx
c:\uninstall.exe\FD-SV.cmd
c:\uninstall.exe\ffdefstr.dll
c:\uninstall.exe\ffext.pif
c:\uninstall.exe\FileKill.3XE
c:\uninstall.exe\files.pif
c:\uninstall.exe\Fin.dat
c:\uninstall.exe\FIND3M.bat
c:\uninstall.exe\FIXLSP.bat
c:\uninstall.exe\FIXLSP64.cmd
c:\uninstall.exe\FKMGen.cmd
c:\uninstall.exe\ForeignWht
c:\uninstall.exe\GetHive.cmd
c:\uninstall.exe\grep.3XE
c:\uninstall.exe\gsar.3XE
c:\uninstall.exe\handle.3XE
c:\uninstall.exe\hidec.3XE
c:\uninstall.exe\history.bat
c:\uninstall.exe\hwid.pif
c:\uninstall.exe\iexplore.exe
c:\uninstall.exe\image001.gif
c:\uninstall.exe\Imefile.dat
c:\uninstall.exe\Install-RC.cmd
c:\uninstall.exe\iphlpsvc.vista.dat
c:\uninstall.exe\iphlpsvc.w7.dat
c:\uninstall.exe\iphlpsvc.w8.dat
c:\uninstall.exe\katch.cmd
c:\uninstall.exe\Kill-All.cmd
c:\uninstall.exe\kmd.dat
c:\uninstall.exe\KNetSvcs.vbs
c:\uninstall.exe\Lang.bat
c:\uninstall.exe\List-B.bat
c:\uninstall.exe\List-C.bat
c:\uninstall.exe\List-D.bat
c:\uninstall.exe\List.bat
c:\uninstall.exe\lnkread.vbs
c:\uninstall.exe\LocalAppDataFile.cfx
c:\uninstall.exe\LocalAppDataFolder.cfx
c:\uninstall.exe\LocalService.dat
c:\uninstall.exe\LocalServiceNetworkRestricted.dat
c:\uninstall.exe\LocalSettingsFile.cfx
c:\uninstall.exe\LocalSystemNetworkRestricted.dat
c:\uninstall.exe\mbr.3XE
c:\uninstall.exe\mbr.chk
c:\uninstall.exe\md5sum.pif
c:\uninstall.exe\MDWht.dat
c:\uninstall.exe\MoveIt.bat
c:\uninstall.exe\MpsSvc.dat
c:\uninstall.exe\mtee.3XE
c:\uninstall.exe\MUI
c:\uninstall.exe\mynul.dat
c:\uninstall.exe\MZChanged.dat
c:\uninstall.exe\N_\13012
c:\uninstall.exe\N_\13661
c:\uninstall.exe\N_\19826
c:\uninstall.exe\N_\20205
c:\uninstall.exe\N_\21000
c:\uninstall.exe\N_\21327
c:\uninstall.exe\N_\23197
c:\uninstall.exe\N_\27253
c:\uninstall.exe\N_\28621
c:\uninstall.exe\N_\28949
c:\uninstall.exe\N_\3610
c:\uninstall.exe\N_\7534
c:\uninstall.exe\N_\pingtest
c:\uninstall.exe\ncmd.com
c:\uninstall.exe\ND_.bat
c:\uninstall.exe\ND_64.bat
c:\uninstall.exe\ndis_combofix.dat
c:\uninstall.exe\netsvc.bad.dat
c:\uninstall.exe\netsvc.dat
c:\uninstall.exe\netsvc.vista.dat
c:\uninstall.exe\netsvc.xp.dat
c:\uninstall.exe\NetworkService.dat
c:\uninstall.exe\NirCmd.3XE
c:\uninstall.exe\NircmdB.exe
c:\uninstall.exe\NirCmdC.3XE
c:\uninstall.exe\NIRKMD.3XE
c:\uninstall.exe\NlsLanguageDefault
c:\uninstall.exe\NT-OS.cmd
c:\uninstall.exe\NULL
c:\uninstall.exe\OSid.vbs
c:\uninstall.exe\pausep.3XE
c:\uninstall.exe\PersonalFile.cfx
c:\uninstall.exe\PersonalFolder.cfx
c:\uninstall.exe\pev.3XE
c:\uninstall.exe\PEV.exe
c:\uninstall.exe\pevb.3XE
c:\uninstall.exe\PING.3XE
c:\uninstall.exe\Policies.dat
c:\uninstall.exe\powp.dat
c:\uninstall.exe\Prep.inf
c:\uninstall.exe\ProfilesFile.cfx
c:\uninstall.exe\ProfilesFolder.cfx
c:\uninstall.exe\ProgramsFile.cfx
c:\uninstall.exe\ProgramsFolder.cfx
c:\uninstall.exe\Purity.dat
c:\uninstall.exe\PV.3XE
c:\uninstall.exe\pv.com
c:\uninstall.exe\rar_sfx.cmd
c:\uninstall.exe\RCLink.dat
c:\uninstall.exe\REGDACL.sed
c:\uninstall.exe\RegDo.sed
c:\uninstall.exe\region.dat
c:\uninstall.exe\RegScan.cmd
c:\uninstall.exe\RegScan64.cmd
c:\uninstall.exe\Resident.txt
c:\uninstall.exe\restore_pt.vbs
c:\uninstall.exe\Rkey.cmd
c:\uninstall.exe\rmbr.3XE
c:\uninstall.exe\rogues.dat
c:\uninstall.exe\ROUTE.3XE
c:\uninstall.exe\run2.sed
c:\uninstall.exe\Rust.str
c:\uninstall.exe\s0rt.3XE
c:\uninstall.exe\safeboot.dat
c:\uninstall.exe\safeboot.def.dat
c:\uninstall.exe\safeboot.def.vista.dat
c:\uninstall.exe\Safeboot.def.w7.dat
c:\uninstall.exe\Safeboot.def.w8.dat
c:\uninstall.exe\sed.3XE
c:\uninstall.exe\SetEnvmt.bat
c:\uninstall.exe\setpath.3XE
c:\uninstall.exe\setpath_N.cmd
c:\uninstall.exe\SF.exe
c:\uninstall.exe\sfx.cmd
c:\uninstall.exe\ShAccess.dat
c:\uninstall.exe\SnapShot.cmd
c:\uninstall.exe\sqlite3.3XE
c:\uninstall.exe\SRestore.cmd
c:\uninstall.exe\srizbi.md5
c:\uninstall.exe\Start_dat
c:\uninstall.exe\StartMenuFile.cfx
c:\uninstall.exe\StartMenuFolder.cfx
c:\uninstall.exe\StartUpFile.cfx
c:\uninstall.exe\SuppScan.cmd
c:\uninstall.exe\svc_wht.dat
c:\uninstall.exe\SvcDrv.vbs
c:\uninstall.exe\svchost.dat
c:\uninstall.exe\svchost.vista.dat
c:\uninstall.exe\svchost.vista.x64.dat
c:\uninstall.exe\svchost.w7.dat
c:\uninstall.exe\svchost.w7.x64.dat
c:\uninstall.exe\svchost.w8.dat
c:\uninstall.exe\svchost.w8.x64.dat
c:\uninstall.exe\swreg.3XE
c:\uninstall.exe\swsc.3XE
c:\uninstall.exe\swxcacls.3XE
c:\uninstall.exe\system_ini.dat
c:\uninstall.exe\tail.3XE
c:\uninstall.exe\TemplatesFile.cfx
c:\uninstall.exe\TemplatesFolder.cfx
c:\uninstall.exe\toolbar.sed
c:\uninstall.exe\Update-CF.cmd
c:\uninstall.exe\VBR.pif
c:\uninstall.exe\VerCF.bat
c:\uninstall.exe\VikPev00
c:\uninstall.exe\VInfo
c:\uninstall.exe\VInfo2
c:\uninstall.exe\VINFO3
c:\uninstall.exe\Vipev.dat
c:\uninstall.exe\Vista.krl
c:\uninstall.exe\vistaMcode.dat
c:\uninstall.exe\vistareg.dat
c:\uninstall.exe\vun.dat
c:\uninstall.exe\VwinTemp.dacl
c:\uninstall.exe\w_sock.dll
c:\uninstall.exe\W7.mac
c:\uninstall.exe\w7Mcode.dat
c:\uninstall.exe\w7reg.dat
c:\uninstall.exe\w8reg.dat
c:\uninstall.exe\Wmi_rem.vbs
c:\uninstall.exe\xpmcode.dat
c:\uninstall.exe\xpreg.dat
c:\uninstall.exe\XPSBoot.reg
c:\uninstall.exe\zDomain.dat
c:\uninstall.exe\zhsvc.dat
c:\uninstall.exe\zip.3XE
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-05 bis 2013-07-05 ))))))))))))))))))))))))))))))
.
.
2013-07-05 14:59 . 2013-07-05 14:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-05 14:59 . 2013-07-05 14:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-05 12:03 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{52966833-D409-4418-9B1F-665524001987}\mpengine.dll
2013-07-01 13:42 . 2013-07-01 13:47 -------- d--h--w- c:\windows\AxInstSV
2013-06-12 06:29 . 2013-06-08 11:13 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 06:29 . 2013-06-08 11:41 218112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-12 06:00 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-06-12 06:00 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-12 06:00 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 06:00 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 06:00 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 06:00 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 06:00 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 06:00 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 05:59 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-12 05:59 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 05:59 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 05:59 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-01 13:48 . 2012-03-30 08:25 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-01 13:48 . 2011-06-22 09:01 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 17:41 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-05-15 22:17 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-15 18:19 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 18:19 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 06:01 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-15 18:19 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-15 18:19 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-15 18:20 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-07 14:33 . 2013-04-07 14:33 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-07 14:33 . 2013-04-07 14:33 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-04-07 14:33 . 2013-04-07 14:33 158720 ----a-w- c:\windows\system32\msls31.dll
2013-04-07 14:33 . 2013-04-07 14:33 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-07 14:33 . 2013-04-07 14:33 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-04-07 14:33 . 2013-04-07 14:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-07 14:33 . 2013-04-07 14:33 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-04-07 14:33 . 2013-04-07 14:33 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-04-07 14:33 . 2013-04-07 14:33 138752 ----a-w- c:\windows\system32\wextract.exe
2013-04-07 14:33 . 2013-04-07 14:33 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-07 14:33 . 2013-04-07 14:33 12800 ----a-w- c:\windows\system32\mshta.exe
2013-04-07 14:33 . 2013-04-07 14:33 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-07 14:33 . 2013-04-07 14:33 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-07 14:33 . 2013-04-07 14:33 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-04-07 14:33 . 2013-04-07 14:33 361984 ----a-w- c:\windows\system32\html.iec
2013-04-07 14:33 . 2013-04-07 14:33 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-07 14:33 . 2013-04-07 14:33 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-01 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-09-26 522232]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico -user_logon [2010-11-22 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"=c:\tools\DAEMON Tools Lite\daemon.exe -autorun
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" silent loginmode=4
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"PDFPrint"=c:\program files\PDF24\pdf24.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-03 162408]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2012-09-26 87976]
R3 ADDMEM;ADDMEM;c:\users\ROBERT~1\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-16 721904]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 36000]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-09-02 172032]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2007-06-01 13312]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-09-26 479224]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2009-08-10 237696]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-06-15 313856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 53730724
*Deregistered* - 53730724
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 19:06 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:48]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 20:40]
.
2013-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 20:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 217.68.161.141 217.68.161.171
DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://vpngate2.hrz.tu-chemnitz.de/+CSCOL+/csvrloader32.cab
FF - ProfilePath - c:\users\Robert Koch\AppData\Roaming\Mozilla\Firefox\Profiles\p0hmrhqa.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1016556084-3091970497-507946437-1000\Software\SecuROM\License information*]
"datasecu"=hex:43,0f,b4,cc,5a,94,18,6c,f7,f8,ee,93,2d,2c,25,cb,af,b5,00,c5,39,
9a,d1,ab,9a,97,5f,be,cc,10,c8,14,10,9a,03,96,52,c7,b0,8c,02,2b,b4,8b,5f,47,\
"rkeysecu"=hex:dd,bf,2e,50,8b,28,d8,e2,65,2b,5d,e9,d1,a3,fb,37
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-07-05 17:04:42
ComboFix-quarantined-files.txt 2013-07-05 15:04
.
Vor Suchlauf: 10 Verzeichnis(se), 40.134.500.352 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 40.296.992.768 Bytes frei
.
- - End Of File - - 9F5E9F6EF1C60728C34CB158FFA45BED
A36C5E4F47E84449FF07ED3517B43A31
|
|
| Themen zu HTML/Infected.WebPage.Gen gefunden...was tun? |
| avira, desktop, erfahrungen, erstelle, gefunde, gen, gmer, html/infected.webpage.gen, log, log's, meldung, problem, rechner, seite, troja, würde |
WARNUNG an die MITLESER: 
Linear-Darstellung
