| |
| |||||||
Log-Analyse und Auswertung: Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.07.2013, 23:07
| #16 |
 |  Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind. Guten Abend!! Tut mir leid dass ich mich jetzt erst melde! Hier einmal diese aswMBR! Der TDSS-Killer hat nichts gefunden! Liebe Grüße Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-07-21 23:37:20
-----------------------------
23:37:20.298 OS Version: Windows x64 6.1.7601 Service Pack 1
23:37:20.298 Number of processors: 4 586 0x2505
23:37:20.298 ComputerName: BINA-PC UserName: Bina
23:37:42.357 Initialize success
23:37:47.895 AVAST engine defs: 13072101
23:38:28.798 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:38:28.814 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
23:38:28.938 Disk 0 MBR read successfully
23:38:28.938 Disk 0 MBR scan
23:38:28.954 Disk 0 unknown MBR code
23:38:28.985 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20480 MB offset 2048
23:38:29.016 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 41945088
23:38:29.032 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 183296 MB offset 42149888
23:38:29.048 Disk 0 Partition - 00 0F Extended LBA 273062 MB offset 417540096
23:38:29.079 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 273061 MB offset 417542144
23:38:29.266 Disk 0 scanning C:\windows\system32\drivers
23:38:44.773 Service scanning
23:39:12.151 Modules scanning
23:39:12.665 Disk 0 trace - called modules:
23:39:12.712 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:39:12.712 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004796060]
23:39:12.728 3 CLASSPNP.SYS[fffff88001ba343f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80044bd050]
23:39:13.711 AVAST engine scan C:\windows
23:39:17.252 AVAST engine scan C:\windows\system32
23:41:57.059 AVAST engine scan C:\windows\system32\drivers
23:42:12.675 AVAST engine scan C:\Users\Bina
23:53:16.846 AVAST engine scan C:\ProgramData
23:55:49.946 Scan finished successfully
23:59:49.361 Disk 0 MBR has been saved successfully to "C:\Users\Bina\Desktop\MBR.dat"
23:59:49.376 The log file has been saved successfully to "C:\Users\Bina\Desktop\aswMBR.txt"
|
|
22.07.2013, 00:32
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind.Zitat:
__________________ |
|
22.07.2013, 09:57
| #18 |
| | Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind. Sorry, dachte ich hätte irgendwo gelesen, dass man nur Logs mit
__________________Fünden angeben soll  Code:
ATTFilter 00:03:14.0569 4980 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
00:03:15.0006 4980 ============================================================
00:03:15.0006 4980 Current date / time: 2013/07/22 00:03:15.0006
00:03:15.0006 4980 SystemInfo:
00:03:15.0006 4980
00:03:15.0006 4980 OS Version: 6.1.7601 ServicePack: 1.0
00:03:15.0006 4980 Product type: Workstation
00:03:15.0006 4980 ComputerName: BINA-PC
00:03:15.0006 4980 UserName: Bina
00:03:15.0006 4980 Windows directory: C:\windows
00:03:15.0006 4980 System windows directory: C:\windows
00:03:15.0006 4980 Running under WOW64
00:03:15.0006 4980 Processor architecture: Intel x64
00:03:15.0006 4980 Number of processors: 4
00:03:15.0006 4980 Page size: 0x1000
00:03:15.0006 4980 Boot type: Normal boot
00:03:15.0006 4980 ============================================================
00:03:15.0755 4980 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:03:15.0770 4980 ============================================================
00:03:15.0770 4980 \Device\Harddisk0\DR0:
00:03:15.0786 4980 MBR partitions:
00:03:15.0786 4980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2800800, BlocksNum 0x32000
00:03:15.0786 4980 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2832800, BlocksNum 0x16600000
00:03:15.0817 4980 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x18E33000, BlocksNum 0x21552800
00:03:15.0817 4980 ============================================================
00:03:15.0864 4980 C: <-> \Device\Harddisk0\DR0\Partition2
00:03:15.0895 4980 D: <-> \Device\Harddisk0\DR0\Partition3
00:03:15.0895 4980 ============================================================
00:03:15.0895 4980 Initialize success
00:03:15.0895 4980 ============================================================
00:04:00.0262 4608 ============================================================
00:04:00.0262 4608 Scan started
00:04:00.0262 4608 Mode: Manual; SigCheck; TDLFS;
00:04:00.0262 4608 ============================================================
00:04:00.0979 4608 ================ Scan system memory ========================
00:04:00.0979 4608 System memory - ok
00:04:00.0979 4608 ================ Scan services =============================
00:04:01.0182 4608 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
00:04:01.0338 4608 1394ohci - ok
00:04:01.0385 4608 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
00:04:01.0432 4608 ACPI - ok
00:04:01.0479 4608 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
00:04:01.0525 4608 AcpiPmi - ok
00:04:01.0666 4608 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:04:01.0697 4608 AdobeARMservice - ok
00:04:01.0869 4608 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:04:01.0900 4608 AdobeFlashPlayerUpdateSvc - ok
00:04:01.0962 4608 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
00:04:02.0009 4608 adp94xx - ok
00:04:02.0071 4608 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
00:04:02.0118 4608 adpahci - ok
00:04:02.0134 4608 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
00:04:02.0181 4608 adpu320 - ok
00:04:02.0212 4608 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
00:04:02.0337 4608 AeLookupSvc - ok
00:04:02.0399 4608 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
00:04:02.0461 4608 AFD - ok
00:04:02.0508 4608 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
00:04:02.0539 4608 agp440 - ok
00:04:02.0586 4608 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
00:04:02.0633 4608 ALG - ok
00:04:02.0680 4608 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
00:04:02.0711 4608 aliide - ok
00:04:02.0727 4608 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
00:04:02.0758 4608 amdide - ok
00:04:02.0805 4608 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
00:04:02.0851 4608 AmdK8 - ok
00:04:02.0867 4608 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
00:04:02.0914 4608 AmdPPM - ok
00:04:02.0961 4608 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
00:04:02.0992 4608 amdsata - ok
00:04:03.0039 4608 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
00:04:03.0070 4608 amdsbs - ok
00:04:03.0101 4608 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
00:04:03.0132 4608 amdxata - ok
00:04:03.0179 4608 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
00:04:03.0273 4608 AppID - ok
00:04:03.0304 4608 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
00:04:03.0413 4608 AppIDSvc - ok
00:04:03.0460 4608 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll
00:04:03.0522 4608 Appinfo - ok
00:04:03.0600 4608 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:04:03.0631 4608 Apple Mobile Device - ok
00:04:03.0709 4608 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
00:04:03.0741 4608 arc - ok
00:04:03.0756 4608 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
00:04:03.0787 4608 arcsas - ok
00:04:03.0834 4608 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
00:04:03.0881 4608 aswFsBlk - ok
00:04:03.0928 4608 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
00:04:03.0959 4608 aswMonFlt - ok
00:04:03.0990 4608 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
00:04:04.0021 4608 aswRdr - ok
00:04:04.0099 4608 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
00:04:04.0115 4608 aswRvrt - ok
00:04:04.0193 4608 [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
00:04:04.0287 4608 aswSnx - ok
00:04:04.0318 4608 [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP C:\windows\system32\drivers\aswSP.sys
00:04:04.0365 4608 aswSP - ok
00:04:04.0380 4608 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
00:04:04.0411 4608 aswTdi - ok
00:04:04.0489 4608 [ 22F521108881DC59837F6FC614E0568F ] aswVmm C:\windows\system32\drivers\aswVmm.sys
00:04:04.0521 4608 aswVmm - ok
00:04:04.0567 4608 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
00:04:04.0677 4608 AsyncMac - ok
00:04:04.0723 4608 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
00:04:04.0755 4608 atapi - ok
00:04:04.0833 4608 [ 2C0BB386E86670BB1B1A57CAAEF3E50D ] athr C:\windows\system32\DRIVERS\athrx.sys
00:04:04.0942 4608 athr - ok
00:04:05.0020 4608 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
00:04:05.0160 4608 AudioEndpointBuilder - ok
00:04:05.0191 4608 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
00:04:05.0301 4608 AudioSrv - ok
00:04:05.0379 4608 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
00:04:05.0410 4608 avast! Antivirus - ok
00:04:05.0472 4608 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
00:04:05.0535 4608 AxInstSV - ok
00:04:05.0597 4608 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
00:04:05.0659 4608 b06bdrv - ok
00:04:05.0722 4608 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
00:04:05.0784 4608 b57nd60a - ok
00:04:05.0831 4608 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
00:04:05.0878 4608 BDESVC - ok
00:04:05.0893 4608 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
00:04:06.0003 4608 Beep - ok
00:04:06.0096 4608 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
00:04:06.0221 4608 BFE - ok
00:04:06.0283 4608 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
00:04:06.0439 4608 BITS - ok
00:04:06.0486 4608 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
00:04:06.0533 4608 blbdrive - ok
00:04:06.0642 4608 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:04:06.0673 4608 Bonjour Service - ok
00:04:06.0736 4608 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
00:04:06.0783 4608 bowser - ok
00:04:06.0814 4608 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
00:04:06.0861 4608 BrFiltLo - ok
00:04:06.0892 4608 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
00:04:06.0939 4608 BrFiltUp - ok
00:04:07.0001 4608 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
00:04:07.0110 4608 BridgeMP - ok
00:04:07.0157 4608 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
00:04:07.0219 4608 Browser - ok
00:04:07.0266 4608 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
00:04:07.0297 4608 Brserid - ok
00:04:07.0329 4608 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
00:04:07.0375 4608 BrSerWdm - ok
00:04:07.0407 4608 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
00:04:07.0453 4608 BrUsbMdm - ok
00:04:07.0469 4608 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
00:04:07.0516 4608 BrUsbSer - ok
00:04:07.0594 4608 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
00:04:07.0656 4608 BthEnum - ok
00:04:07.0672 4608 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
00:04:07.0734 4608 BTHMODEM - ok
00:04:07.0765 4608 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
00:04:07.0828 4608 BthPan - ok
00:04:07.0890 4608 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
00:04:07.0953 4608 BTHPORT - ok
00:04:07.0999 4608 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
00:04:08.0109 4608 bthserv - ok
00:04:08.0140 4608 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
00:04:08.0187 4608 BTHUSB - ok
00:04:08.0249 4608 catchme - ok
00:04:08.0296 4608 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
00:04:08.0421 4608 cdfs - ok
00:04:08.0467 4608 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
00:04:08.0514 4608 cdrom - ok
00:04:08.0577 4608 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
00:04:08.0686 4608 CertPropSvc - ok
00:04:08.0733 4608 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
00:04:08.0795 4608 circlass - ok
00:04:08.0842 4608 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
00:04:08.0889 4608 CLFS - ok
00:04:09.0045 4608 [ 4C6406CF07D4EBB70C5774D55C6688FB ] CLHNServiceForPowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
00:04:09.0060 4608 CLHNServiceForPowerDVD12 - ok
00:04:09.0154 4608 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:04:09.0185 4608 clr_optimization_v2.0.50727_32 - ok
00:04:09.0232 4608 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:04:09.0263 4608 clr_optimization_v2.0.50727_64 - ok
00:04:09.0341 4608 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:04:09.0388 4608 clr_optimization_v4.0.30319_32 - ok
00:04:09.0435 4608 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:04:09.0466 4608 clr_optimization_v4.0.30319_64 - ok
00:04:09.0513 4608 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
00:04:09.0544 4608 CmBatt - ok
00:04:09.0575 4608 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
00:04:09.0606 4608 cmdide - ok
00:04:09.0669 4608 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
00:04:09.0762 4608 CNG - ok
00:04:09.0809 4608 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
00:04:09.0840 4608 Compbatt - ok
00:04:09.0887 4608 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
00:04:09.0949 4608 CompositeBus - ok
00:04:09.0965 4608 COMSysApp - ok
00:04:09.0996 4608 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
00:04:10.0012 4608 crcdisk - ok
00:04:10.0090 4608 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\windows\system32\cryptsvc.dll
00:04:10.0168 4608 CryptSvc - ok
00:04:10.0230 4608 [ EA22BCA708B37B82ADEBC822A171B92E ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
00:04:10.0261 4608 CyberLink PowerDVD 12 Media Server Monitor Service - ok
00:04:10.0308 4608 [ 3168D2F171A64590E7A11355CAE60A1E ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
00:04:10.0339 4608 CyberLink PowerDVD 12 Media Server Service - ok
00:04:10.0402 4608 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
00:04:10.0558 4608 DcomLaunch - ok
00:04:10.0573 4608 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
00:04:10.0698 4608 defragsvc - ok
00:04:10.0761 4608 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
00:04:10.0870 4608 DfsC - ok
00:04:10.0932 4608 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
00:04:10.0979 4608 Dhcp - ok
00:04:10.0995 4608 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
00:04:11.0119 4608 discache - ok
00:04:11.0166 4608 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
00:04:11.0197 4608 Disk - ok
00:04:11.0229 4608 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
00:04:11.0291 4608 Dnscache - ok
00:04:11.0322 4608 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
00:04:11.0447 4608 dot3svc - ok
00:04:11.0478 4608 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
00:04:11.0603 4608 DPS - ok
00:04:11.0650 4608 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
00:04:11.0712 4608 drmkaud - ok
00:04:11.0775 4608 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
00:04:11.0868 4608 DXGKrnl - ok
00:04:11.0899 4608 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
00:04:12.0009 4608 EapHost - ok
00:04:12.0133 4608 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
00:04:12.0305 4608 ebdrv - ok
00:04:12.0352 4608 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
00:04:12.0399 4608 EFS - ok
00:04:12.0477 4608 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
00:04:12.0555 4608 ehRecvr - ok
00:04:12.0586 4608 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
00:04:12.0648 4608 ehSched - ok
00:04:12.0695 4608 [ 9A47AC3DFCF81D30922CDAAF1C2D579F ] ElbyCDIO C:\windows\system32\Drivers\ElbyCDIO.sys
00:04:12.0726 4608 ElbyCDIO - ok
00:04:12.0804 4608 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
00:04:12.0851 4608 elxstor - ok
00:04:12.0882 4608 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
00:04:12.0913 4608 ErrDev - ok
00:04:12.0976 4608 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
00:04:13.0116 4608 EventSystem - ok
00:04:13.0163 4608 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
00:04:13.0288 4608 exfat - ok
00:04:13.0319 4608 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
00:04:13.0428 4608 fastfat - ok
00:04:13.0491 4608 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
00:04:13.0584 4608 Fax - ok
00:04:13.0615 4608 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
00:04:13.0662 4608 fdc - ok
00:04:13.0709 4608 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
00:04:13.0818 4608 fdPHost - ok
00:04:13.0834 4608 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
00:04:13.0943 4608 FDResPub - ok
00:04:13.0990 4608 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
00:04:14.0021 4608 FileInfo - ok
00:04:14.0052 4608 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
00:04:14.0177 4608 Filetrace - ok
00:04:14.0208 4608 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
00:04:14.0255 4608 flpydisk - ok
00:04:14.0302 4608 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
00:04:14.0349 4608 FltMgr - ok
00:04:14.0427 4608 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
00:04:14.0505 4608 FontCache - ok
00:04:14.0567 4608 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:04:14.0598 4608 FontCache3.0.0.0 - ok
00:04:14.0614 4608 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
00:04:14.0645 4608 FsDepends - ok
00:04:14.0707 4608 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
00:04:14.0739 4608 fssfltr - ok
00:04:14.0832 4608 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:04:14.0941 4608 fsssvc - ok
00:04:14.0988 4608 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
00:04:15.0019 4608 Fs_Rec - ok
00:04:15.0066 4608 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
00:04:15.0113 4608 fvevol - ok
00:04:15.0144 4608 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
00:04:15.0175 4608 gagp30kx - ok
00:04:15.0238 4608 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
00:04:15.0253 4608 GEARAspiWDM - ok
00:04:15.0316 4608 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
00:04:15.0472 4608 gpsvc - ok
00:04:15.0503 4608 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
00:04:15.0550 4608 hcw85cir - ok
00:04:15.0612 4608 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
00:04:15.0659 4608 HdAudAddService - ok
00:04:15.0721 4608 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
00:04:15.0768 4608 HDAudBus - ok
00:04:15.0784 4608 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
00:04:15.0815 4608 HidBatt - ok
00:04:15.0846 4608 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
00:04:15.0893 4608 HidBth - ok
00:04:15.0924 4608 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
00:04:15.0971 4608 HidIr - ok
00:04:16.0002 4608 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
00:04:16.0111 4608 hidserv - ok
00:04:16.0158 4608 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
00:04:16.0189 4608 HidUsb - ok
00:04:16.0236 4608 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
00:04:16.0345 4608 hkmsvc - ok
00:04:16.0392 4608 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
00:04:16.0439 4608 HomeGroupListener - ok
00:04:16.0486 4608 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
00:04:16.0533 4608 HomeGroupProvider - ok
00:04:16.0564 4608 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
00:04:16.0595 4608 HpSAMD - ok
00:04:16.0657 4608 [ CF44B25AE808765D7308F412AD492DDB ] HTCAND64 C:\windows\system32\Drivers\ANDROIDUSB.sys
00:04:16.0689 4608 HTCAND64 - ok
00:04:16.0767 4608 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
00:04:16.0891 4608 HTTP - ok
00:04:16.0938 4608 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
00:04:16.0954 4608 hwpolicy - ok
00:04:17.0016 4608 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
00:04:17.0047 4608 i8042prt - ok
00:04:17.0094 4608 [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
00:04:17.0125 4608 iaStor - ok
00:04:17.0188 4608 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
00:04:17.0235 4608 iaStorV - ok
00:04:17.0313 4608 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:04:17.0391 4608 idsvc - ok
00:04:17.0609 4608 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
00:04:17.0905 4608 igfx - ok
00:04:17.0937 4608 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
00:04:17.0968 4608 iirsp - ok
00:04:18.0015 4608 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
00:04:18.0171 4608 IKEEXT - ok
00:04:18.0217 4608 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
00:04:18.0264 4608 Impcd - ok
00:04:18.0373 4608 [ 801946CE25DD2179FE68599826B0BB88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
00:04:18.0514 4608 IntcAzAudAddService - ok
00:04:18.0561 4608 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
00:04:18.0592 4608 intelide - ok
00:04:18.0639 4608 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
00:04:18.0685 4608 intelppm - ok
00:04:18.0717 4608 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
00:04:18.0841 4608 IPBusEnum - ok
00:04:18.0888 4608 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
00:04:18.0997 4608 IpFilterDriver - ok
00:04:19.0075 4608 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
00:04:19.0138 4608 iphlpsvc - ok
00:04:19.0153 4608 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
00:04:19.0200 4608 IPMIDRV - ok
00:04:19.0231 4608 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
00:04:19.0341 4608 IPNAT - ok
00:04:19.0434 4608 [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:04:19.0481 4608 iPod Service - ok
00:04:19.0543 4608 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
00:04:19.0606 4608 IRENUM - ok
00:04:19.0653 4608 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
00:04:19.0684 4608 isapnp - ok
00:04:19.0715 4608 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
00:04:19.0762 4608 iScsiPrt - ok
00:04:19.0809 4608 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
00:04:19.0840 4608 kbdclass - ok
00:04:19.0887 4608 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
00:04:19.0918 4608 kbdhid - ok
00:04:19.0965 4608 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
00:04:19.0996 4608 KeyIso - ok
00:04:20.0043 4608 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
00:04:20.0074 4608 KSecDD - ok
00:04:20.0121 4608 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
00:04:20.0152 4608 KSecPkg - ok
00:04:20.0199 4608 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
00:04:20.0308 4608 ksthunk - ok
00:04:20.0339 4608 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
00:04:20.0464 4608 KtmRm - ok
00:04:20.0542 4608 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
00:04:20.0667 4608 LanmanServer - ok
00:04:20.0729 4608 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
00:04:20.0838 4608 LanmanWorkstation - ok
00:04:20.0885 4608 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
00:04:21.0010 4608 lltdio - ok
00:04:21.0041 4608 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
00:04:21.0166 4608 lltdsvc - ok
00:04:21.0197 4608 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
00:04:21.0306 4608 lmhosts - ok
00:04:21.0353 4608 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
00:04:21.0384 4608 LSI_FC - ok
00:04:21.0415 4608 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
00:04:21.0447 4608 LSI_SAS - ok
00:04:21.0462 4608 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
00:04:21.0493 4608 LSI_SAS2 - ok
00:04:21.0509 4608 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
00:04:21.0556 4608 LSI_SCSI - ok
00:04:21.0571 4608 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
00:04:21.0665 4608 luafv - ok
00:04:21.0727 4608 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
00:04:21.0759 4608 Mcx2Svc - ok
00:04:21.0774 4608 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
00:04:21.0805 4608 megasas - ok
00:04:21.0837 4608 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
00:04:21.0868 4608 MegaSR - ok
00:04:21.0977 4608 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:04:22.0008 4608 Microsoft Office Groove Audit Service - ok
00:04:22.0024 4608 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
00:04:22.0149 4608 MMCSS - ok
00:04:22.0164 4608 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
00:04:22.0273 4608 Modem - ok
00:04:22.0320 4608 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
00:04:22.0367 4608 monitor - ok
00:04:22.0429 4608 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys
00:04:22.0461 4608 mouclass - ok
00:04:22.0507 4608 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
00:04:22.0554 4608 mouhid - ok
00:04:22.0601 4608 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
00:04:22.0632 4608 mountmgr - ok
00:04:22.0726 4608 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:04:22.0757 4608 MozillaMaintenance - ok
00:04:22.0788 4608 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
00:04:22.0819 4608 mpio - ok
00:04:22.0851 4608 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
00:04:22.0960 4608 mpsdrv - ok
00:04:23.0022 4608 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
00:04:23.0194 4608 MpsSvc - ok
00:04:23.0241 4608 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
00:04:23.0287 4608 MRxDAV - ok
00:04:23.0319 4608 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
00:04:23.0365 4608 mrxsmb - ok
00:04:23.0397 4608 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
00:04:23.0459 4608 mrxsmb10 - ok
00:04:23.0475 4608 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
00:04:23.0521 4608 mrxsmb20 - ok
00:04:23.0537 4608 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
00:04:23.0568 4608 msahci - ok
00:04:23.0599 4608 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
00:04:23.0631 4608 msdsm - ok
00:04:23.0662 4608 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
00:04:23.0693 4608 MSDTC - ok
00:04:23.0724 4608 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
00:04:23.0833 4608 Msfs - ok
00:04:23.0865 4608 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
00:04:23.0958 4608 mshidkmdf - ok
00:04:23.0989 4608 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
00:04:24.0021 4608 msisadrv - ok
00:04:24.0052 4608 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
00:04:24.0161 4608 MSiSCSI - ok
00:04:24.0161 4608 msiserver - ok
00:04:24.0208 4608 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
00:04:24.0317 4608 MSKSSRV - ok
00:04:24.0348 4608 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
00:04:24.0457 4608 MSPCLOCK - ok
00:04:24.0473 4608 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
00:04:24.0582 4608 MSPQM - ok
00:04:24.0613 4608 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
00:04:24.0660 4608 MsRPC - ok
00:04:24.0691 4608 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
00:04:24.0723 4608 mssmbios - ok
00:04:24.0769 4608 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
00:04:24.0879 4608 MSTEE - ok
00:04:24.0894 4608 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
00:04:24.0925 4608 MTConfig - ok
00:04:24.0957 4608 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
00:04:24.0988 4608 Mup - ok
00:04:25.0035 4608 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
00:04:25.0144 4608 napagent - ok
00:04:25.0191 4608 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
00:04:25.0253 4608 NativeWifiP - ok
00:04:25.0347 4608 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
00:04:25.0378 4608 NAUpdate - ok
00:04:25.0456 4608 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
00:04:25.0534 4608 NDIS - ok
00:04:25.0581 4608 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
00:04:25.0690 4608 NdisCap - ok
00:04:25.0737 4608 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
00:04:25.0846 4608 NdisTapi - ok
00:04:25.0908 4608 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
00:04:26.0017 4608 Ndisuio - ok
00:04:26.0080 4608 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
00:04:26.0189 4608 NdisWan - ok
00:04:26.0220 4608 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
00:04:26.0329 4608 NDProxy - ok
00:04:26.0376 4608 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
00:04:26.0485 4608 NetBIOS - ok
00:04:26.0532 4608 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
00:04:26.0657 4608 NetBT - ok
00:04:26.0704 4608 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
00:04:26.0735 4608 Netlogon - ok
00:04:26.0797 4608 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
00:04:26.0907 4608 Netman - ok
00:04:26.0938 4608 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
00:04:27.0063 4608 netprofm - ok
00:04:27.0094 4608 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:04:27.0125 4608 NetTcpPortSharing - ok
00:04:27.0156 4608 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
00:04:27.0187 4608 nfrd960 - ok
00:04:27.0234 4608 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
00:04:27.0281 4608 NlaSvc - ok
00:04:27.0297 4608 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
00:04:27.0390 4608 Npfs - ok
00:04:27.0437 4608 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
00:04:27.0531 4608 nsi - ok
00:04:27.0546 4608 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
00:04:27.0655 4608 nsiproxy - ok
00:04:27.0733 4608 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
00:04:27.0858 4608 Ntfs - ok
00:04:27.0921 4608 [ EAAC965642EF5F818AED508CADF83E4B ] ntk_PowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
00:04:27.0936 4608 ntk_PowerDVD12 - ok
00:04:27.0967 4608 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
00:04:28.0077 4608 Null - ok
00:04:28.0123 4608 [ CB599955CE2CE9694721562F9481CD84 ] NVHDA C:\windows\system32\drivers\nvhda64v.sys
00:04:28.0155 4608 NVHDA - ok
00:04:28.0498 4608 [ A518A34F345ABF771E66AC48932FFEA8 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
00:04:29.0122 4608 nvlddmkm - ok
00:04:29.0169 4608 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
00:04:29.0200 4608 nvraid - ok
00:04:29.0231 4608 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
00:04:29.0278 4608 nvstor - ok
00:04:29.0325 4608 [ 5FDEB48CD1A35C6754F6E345308B99D5 ] nvsvc C:\windows\system32\nvvsvc.exe
00:04:29.0371 4608 nvsvc - ok
00:04:29.0418 4608 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
00:04:29.0449 4608 nv_agp - ok
00:04:29.0559 4608 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:04:29.0605 4608 odserv - ok
00:04:29.0637 4608 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
00:04:29.0683 4608 ohci1394 - ok
00:04:29.0746 4608 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:04:29.0777 4608 ose - ok
00:04:29.0824 4608 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
00:04:29.0886 4608 p2pimsvc - ok
00:04:29.0917 4608 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
00:04:29.0980 4608 p2psvc - ok
00:04:30.0011 4608 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
00:04:30.0058 4608 Parport - ok
00:04:30.0105 4608 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
00:04:30.0136 4608 partmgr - ok
00:04:30.0167 4608 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
00:04:30.0214 4608 PcaSvc - ok
00:04:30.0245 4608 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
00:04:30.0292 4608 pci - ok
00:04:30.0323 4608 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
00:04:30.0354 4608 pciide - ok
00:04:30.0401 4608 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
00:04:30.0432 4608 pcmcia - ok
00:04:30.0448 4608 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
00:04:30.0479 4608 pcw - ok
00:04:30.0510 4608 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
00:04:30.0635 4608 PEAUTH - ok
00:04:30.0729 4608 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
00:04:30.0775 4608 PerfHost - ok
00:04:30.0869 4608 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
00:04:31.0041 4608 pla - ok
00:04:31.0087 4608 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
00:04:31.0150 4608 PlugPlay - ok
00:04:31.0181 4608 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
00:04:31.0228 4608 PNRPAutoReg - ok
00:04:31.0259 4608 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
00:04:31.0306 4608 PNRPsvc - ok
00:04:31.0353 4608 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
00:04:31.0477 4608 PolicyAgent - ok
00:04:31.0509 4608 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
00:04:31.0633 4608 Power - ok
00:04:31.0680 4608 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
00:04:31.0774 4608 PptpMiniport - ok
00:04:31.0805 4608 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
00:04:31.0867 4608 Processor - ok
00:04:31.0914 4608 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
00:04:31.0961 4608 ProfSvc - ok
00:04:31.0977 4608 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
00:04:32.0008 4608 ProtectedStorage - ok
00:04:32.0070 4608 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
00:04:32.0179 4608 Psched - ok
00:04:32.0242 4608 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
00:04:32.0351 4608 ql2300 - ok
00:04:32.0382 4608 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
00:04:32.0429 4608 ql40xx - ok
00:04:32.0460 4608 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
00:04:32.0507 4608 QWAVE - ok
00:04:32.0538 4608 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
00:04:32.0601 4608 QWAVEdrv - ok
00:04:32.0616 4608 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
00:04:32.0710 4608 RasAcd - ok
00:04:32.0757 4608 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
00:04:32.0850 4608 RasAgileVpn - ok
00:04:32.0881 4608 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
00:04:32.0991 4608 RasAuto - ok
00:04:33.0037 4608 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
00:04:33.0147 4608 Rasl2tp - ok
00:04:33.0193 4608 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
00:04:33.0303 4608 RasMan - ok
00:04:33.0349 4608 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
00:04:33.0459 4608 RasPppoe - ok
00:04:33.0505 4608 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
00:04:33.0615 4608 RasSstp - ok
00:04:33.0661 4608 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
00:04:33.0786 4608 rdbss - ok
00:04:33.0817 4608 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
00:04:33.0864 4608 rdpbus - ok
00:04:33.0895 4608 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
00:04:34.0005 4608 RDPCDD - ok
00:04:34.0036 4608 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
00:04:34.0129 4608 RDPENCDD - ok
00:04:34.0176 4608 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
00:04:34.0270 4608 RDPREFMP - ok
00:04:34.0317 4608 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
00:04:34.0363 4608 RDPWD - ok
00:04:34.0426 4608 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
00:04:34.0457 4608 rdyboost - ok
00:04:34.0488 4608 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
00:04:34.0597 4608 RemoteAccess - ok
00:04:34.0644 4608 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
00:04:34.0738 4608 RemoteRegistry - ok
00:04:34.0753 4608 Rezip - ok
00:04:34.0816 4608 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
00:04:34.0863 4608 RFCOMM - ok
00:04:34.0941 4608 [ 7CCAEBCAB6FC1ED0206C07E083E79207 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
00:04:34.0972 4608 RichVideo - ok
00:04:34.0987 4608 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
00:04:35.0097 4608 RpcEptMapper - ok
00:04:35.0128 4608 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
00:04:35.0175 4608 RpcLocator - ok
00:04:35.0221 4608 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
00:04:35.0331 4608 RpcSs - ok
00:04:35.0393 4608 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
00:04:35.0502 4608 rspndr - ok
00:04:35.0549 4608 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
00:04:35.0596 4608 RTL8167 - ok
00:04:35.0674 4608 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\windows\SysWOW64\drivers\rtport.sys
00:04:35.0689 4608 rtport - ok
00:04:35.0736 4608 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys
00:04:35.0783 4608 SABI - ok
00:04:35.0799 4608 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
00:04:35.0830 4608 SamSs - ok
00:04:35.0877 4608 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
00:04:35.0908 4608 sbp2port - ok
00:04:35.0939 4608 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
00:04:36.0064 4608 SCardSvr - ok
00:04:36.0111 4608 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
00:04:36.0204 4608 scfilter - ok
00:04:36.0267 4608 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
00:04:36.0423 4608 Schedule - ok
00:04:36.0469 4608 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
00:04:36.0563 4608 SCPolicySvc - ok
00:04:36.0610 4608 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
00:04:36.0657 4608 SDRSVC - ok
00:04:36.0703 4608 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
00:04:36.0813 4608 secdrv - ok
00:04:36.0844 4608 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
00:04:36.0937 4608 seclogon - ok
00:04:36.0969 4608 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
00:04:37.0093 4608 SENS - ok
00:04:37.0109 4608 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
00:04:37.0156 4608 SensrSvc - ok
00:04:37.0203 4608 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
00:04:37.0234 4608 Serenum - ok
00:04:37.0265 4608 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
00:04:37.0312 4608 Serial - ok
00:04:37.0343 4608 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
00:04:37.0390 4608 sermouse - ok
00:04:37.0437 4608 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
00:04:37.0546 4608 SessionEnv - ok
00:04:37.0577 4608 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
00:04:37.0624 4608 sffdisk - ok
00:04:37.0639 4608 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
00:04:37.0671 4608 sffp_mmc - ok
00:04:37.0686 4608 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
00:04:37.0733 4608 sffp_sd - ok
00:04:37.0795 4608 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
00:04:37.0827 4608 sfloppy - ok
00:04:37.0858 4608 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
00:04:37.0983 4608 SharedAccess - ok
00:04:38.0029 4608 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
00:04:38.0154 4608 ShellHWDetection - ok
00:04:38.0170 4608 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
00:04:38.0201 4608 SiSRaid2 - ok
00:04:38.0232 4608 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
00:04:38.0263 4608 SiSRaid4 - ok
00:04:38.0357 4608 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:04:38.0388 4608 SkypeUpdate - ok
00:04:38.0419 4608 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
00:04:38.0529 4608 Smb - ok
00:04:38.0591 4608 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
00:04:38.0653 4608 SNMPTRAP - ok
00:04:38.0669 4608 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
00:04:38.0700 4608 spldr - ok
00:04:38.0731 4608 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
00:04:38.0809 4608 Spooler - ok
00:04:38.0934 4608 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
00:04:39.0184 4608 sppsvc - ok
00:04:39.0215 4608 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
00:04:39.0293 4608 sppuinotify - ok
00:04:39.0340 4608 sptd - ok
00:04:39.0371 4608 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
00:04:39.0418 4608 srv - ok
00:04:39.0465 4608 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
00:04:39.0527 4608 srv2 - ok
00:04:39.0543 4608 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
00:04:39.0589 4608 srvnet - ok
00:04:39.0652 4608 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
00:04:39.0777 4608 SSDPSRV - ok
00:04:39.0792 4608 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
00:04:39.0917 4608 SstpSvc - ok
00:04:39.0933 4608 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
00:04:39.0964 4608 stexstor - ok
00:04:40.0026 4608 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
00:04:40.0104 4608 stisvc - ok
00:04:40.0135 4608 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
00:04:40.0167 4608 swenum - ok
00:04:40.0198 4608 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
00:04:40.0338 4608 swprv - ok
00:04:40.0401 4608 [ 3C80203C725C28CEA5713D1AB242880A ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
00:04:40.0432 4608 SynTP - ok
00:04:40.0510 4608 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
00:04:40.0650 4608 SysMain - ok
00:04:40.0697 4608 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
00:04:40.0744 4608 TabletInputService - ok
00:04:40.0806 4608 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
00:04:40.0931 4608 TapiSrv - ok
00:04:40.0947 4608 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
00:04:41.0056 4608 TBS - ok
00:04:41.0149 4608 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\windows\system32\drivers\tcpip.sys
00:04:41.0290 4608 Tcpip - ok
00:04:41.0399 4608 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
00:04:41.0508 4608 TCPIP6 - ok
00:04:41.0555 4608 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
00:04:41.0586 4608 tcpipreg - ok
00:04:41.0633 4608 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
00:04:41.0680 4608 TDPIPE - ok
00:04:41.0727 4608 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
00:04:41.0758 4608 TDTCP - ok
00:04:41.0805 4608 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
00:04:41.0898 4608 tdx - ok
00:04:41.0961 4608 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
00:04:41.0992 4608 TermDD - ok
00:04:42.0039 4608 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
00:04:42.0163 4608 TermService - ok
00:04:42.0210 4608 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
00:04:42.0273 4608 Themes - ok
00:04:42.0304 4608 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
00:04:42.0397 4608 THREADORDER - ok
00:04:42.0429 4608 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
00:04:42.0538 4608 TrkWks - ok
00:04:42.0616 4608 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
00:04:42.0709 4608 TrustedInstaller - ok
00:04:42.0756 4608 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
00:04:42.0850 4608 tssecsrv - ok
00:04:42.0912 4608 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
00:04:42.0943 4608 TsUsbFlt - ok
00:04:42.0990 4608 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
00:04:43.0099 4608 tunnel - ok
00:04:43.0131 4608 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
00:04:43.0162 4608 uagp35 - ok
00:04:43.0209 4608 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
00:04:43.0318 4608 udfs - ok
00:04:43.0365 4608 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
00:04:43.0396 4608 UI0Detect - ok
00:04:43.0443 4608 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
00:04:43.0474 4608 uliagpkx - ok
00:04:43.0521 4608 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
00:04:43.0552 4608 umbus - ok
00:04:43.0614 4608 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
00:04:43.0645 4608 UmPass - ok
00:04:43.0692 4608 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
00:04:43.0817 4608 upnphost - ok
00:04:43.0879 4608 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
00:04:43.0911 4608 USBAAPL64 - ok
00:04:43.0942 4608 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
00:04:43.0973 4608 usbccgp - ok
00:04:44.0004 4608 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
00:04:44.0051 4608 usbcir - ok
00:04:44.0098 4608 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
00:04:44.0145 4608 usbehci - ok
00:04:44.0191 4608 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
00:04:44.0238 4608 usbhub - ok
00:04:44.0269 4608 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
00:04:44.0316 4608 usbohci - ok
00:04:44.0347 4608 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
00:04:44.0410 4608 usbprint - ok
00:04:44.0457 4608 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
00:04:44.0488 4608 USBSTOR - ok
00:04:44.0550 4608 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
00:04:44.0581 4608 usbuhci - ok
00:04:44.0644 4608 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
00:04:44.0691 4608 usbvideo - ok
00:04:44.0769 4608 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\windows\system32\drivers\usb8023x.sys
00:04:44.0815 4608 usb_rndisx - ok
00:04:44.0847 4608 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
00:04:44.0971 4608 UxSms - ok
00:04:44.0987 4608 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
00:04:45.0018 4608 VaultSvc - ok
00:04:45.0081 4608 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\windows\system32\DRIVERS\VClone.sys
00:04:45.0112 4608 VClone - ok
00:04:45.0159 4608 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
00:04:45.0190 4608 vdrvroot - ok
00:04:45.0237 4608 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
00:04:45.0377 4608 vds - ok
00:04:45.0393 4608 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
00:04:45.0439 4608 vga - ok
00:04:45.0455 4608 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
00:04:45.0564 4608 VgaSave - ok
00:04:45.0595 4608 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
00:04:45.0642 4608 vhdmp - ok
00:04:45.0689 4608 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
00:04:45.0720 4608 viaide - ok
00:04:45.0767 4608 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
00:04:45.0798 4608 volmgr - ok
00:04:45.0845 4608 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
00:04:45.0892 4608 volmgrx - ok
00:04:45.0939 4608 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
00:04:45.0970 4608 volsnap - ok
00:04:46.0001 4608 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
00:04:46.0032 4608 vsmraid - ok
00:04:46.0110 4608 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
00:04:46.0297 4608 VSS - ok
00:04:46.0313 4608 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
00:04:46.0344 4608 vwifibus - ok
00:04:46.0391 4608 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
00:04:46.0453 4608 vwififlt - ok
00:04:46.0516 4608 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
00:04:46.0625 4608 W32Time - ok
00:04:46.0656 4608 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
00:04:46.0703 4608 WacomPen - ok
00:04:46.0750 4608 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
00:04:46.0859 4608 WANARP - ok
00:04:46.0890 4608 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
00:04:46.0984 4608 Wanarpv6 - ok
00:04:47.0077 4608 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
00:04:47.0171 4608 WatAdminSvc - ok
00:04:47.0249 4608 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
00:04:47.0358 4608 wbengine - ok
00:04:47.0374 4608 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
00:04:47.0452 4608 WbioSrvc - ok
00:04:47.0499 4608 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
00:04:47.0561 4608 wcncsvc - ok
00:04:47.0577 4608 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
00:04:47.0623 4608 WcsPlugInService - ok
00:04:47.0655 4608 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
00:04:47.0686 4608 Wd - ok
00:04:47.0733 4608 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
00:04:47.0811 4608 Wdf01000 - ok
00:04:47.0826 4608 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
00:04:47.0889 4608 WdiServiceHost - ok
00:04:47.0904 4608 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
00:04:47.0951 4608 WdiSystemHost - ok
00:04:47.0998 4608 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
00:04:48.0076 4608 WebClient - ok
00:04:48.0107 4608 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
00:04:48.0216 4608 Wecsvc - ok
00:04:48.0247 4608 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
00:04:48.0357 4608 wercplsupport - ok
00:04:48.0403 4608 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
00:04:48.0513 4608 WerSvc - ok
00:04:48.0575 4608 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
00:04:48.0669 4608 WfpLwf - ok
00:04:48.0684 4608 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
00:04:48.0715 4608 WIMMount - ok
00:04:48.0747 4608 WinDefend - ok
00:04:48.0762 4608 WinHttpAutoProxySvc - ok
00:04:48.0825 4608 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
00:04:48.0949 4608 Winmgmt - ok
00:04:49.0027 4608 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
00:04:49.0215 4608 WinRM - ok
00:04:49.0277 4608 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
00:04:49.0324 4608 WinUsb - ok
00:04:49.0371 4608 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
00:04:49.0480 4608 Wlansvc - ok
00:04:49.0605 4608 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:04:49.0761 4608 wlidsvc - ok
00:04:49.0807 4608 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
00:04:49.0839 4608 WmiAcpi - ok
00:04:49.0870 4608 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
00:04:49.0932 4608 wmiApSrv - ok
00:04:49.0979 4608 WMPNetworkSvc - ok
00:04:50.0041 4608 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
00:04:50.0073 4608 WPCSvc - ok
00:04:50.0119 4608 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
00:04:50.0166 4608 WPDBusEnum - ok
00:04:50.0197 4608 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
00:04:50.0307 4608 ws2ifsl - ok
00:04:50.0338 4608 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
00:04:50.0385 4608 wscsvc - ok
00:04:50.0400 4608 WSearch - ok
00:04:50.0494 4608 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
00:04:50.0665 4608 wuauserv - ok
00:04:50.0728 4608 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
00:04:50.0775 4608 WudfPf - ok
00:04:50.0821 4608 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
00:04:50.0868 4608 WUDFRd - ok
00:04:50.0884 4608 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
00:04:50.0946 4608 wudfsvc - ok
00:04:50.0977 4608 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll
00:04:51.0024 4608 WwanSvc - ok
00:04:51.0071 4608 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
00:04:51.0133 4608 yukonw7 - ok
00:04:51.0243 4608 [ 74983ADDCA2D9618512C088D856D6615 ] {329F96B6-DF1E-4328-BFDA-39EA953C1312} C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
00:04:51.0274 4608 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
00:04:51.0352 4608 ================ Scan global ===============================
00:04:51.0383 4608 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
00:04:51.0430 4608 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
00:04:51.0445 4608 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
00:04:51.0477 4608 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
00:04:51.0508 4608 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
00:04:51.0523 4608 [Global] - ok
00:04:51.0523 4608 ================ Scan MBR ==================================
00:04:51.0539 4608 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
00:04:52.0132 4608 \Device\Harddisk0\DR0 - ok
00:04:52.0132 4608 ================ Scan VBR ==================================
00:04:52.0132 4608 [ 377D7E08FDF136635779511095F2CA43 ] \Device\Harddisk0\DR0\Partition1
00:04:52.0132 4608 \Device\Harddisk0\DR0\Partition1 - ok
00:04:52.0163 4608 [ 3069FB983A4801A399A31386BA809A9B ] \Device\Harddisk0\DR0\Partition2
00:04:52.0163 4608 \Device\Harddisk0\DR0\Partition2 - ok
00:04:52.0194 4608 [ 2FD2E4AD3141AE8A480693156560974E ] \Device\Harddisk0\DR0\Partition3
00:04:52.0194 4608 \Device\Harddisk0\DR0\Partition3 - ok
00:04:52.0194 4608 ============================================================
00:04:52.0194 4608 Scan finished
00:04:52.0194 4608 ============================================================
00:04:52.0210 5052 Detected object count: 0
00:04:52.0210 5052 Actual detected object count: 0
00:05:14.0128 2840 Deinitialize success
|
|
22.07.2013, 23:04
| #19 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind.Zitat:
JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.07.2013, 10:21
| #20 |
| | Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind. Junkware Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Home Premium x64
Ran by Bina on 23.07.2013 at 10:42:00,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\winamptbserver.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\searchqutoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\searchqumediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2431245
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3297265
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F92E1E8B-855D-408B-8DFF-4765E3AE7BE9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
~~~ Files
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnu.xpt"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npdnupdater2.xpt"
Successfully deleted: [File] "C:\end"
Successfully deleted: [File] "C:\windows\syswow64\conduitengine.tmp"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\winamp toolbar"
Successfully deleted: [Folder] "C:\Users\Bina\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Users\Bina\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Bina\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\Bina\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Bina\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Bina\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Bina\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Bina\appdata\locallow\searchquband"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\winamp toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"
Successfully deleted: [Empty Folder] C:\Users\Bina\appdata\local\{43A40377-517B-42E7-AC2E-BF62120C097C}
Successfully deleted: [Empty Folder] C:\Users\Bina\appdata\local\{48BD4254-9BFD-4E98-8627-AAF7C48516CE}
Successfully deleted: [Empty Folder] C:\Users\Bina\appdata\local\{6C0DC9BA-9B4D-4CA3-B901-F24EB153B260}
Successfully deleted: [Empty Folder] C:\Users\Bina\appdata\local\{D3DBCE07-72B1-4146-BB8A-2F29494331FB}
Successfully deleted: [Empty Folder] C:\Users\Bina\appdata\local\{DD49C1F1-C3BD-4985-B936-5F537EA3D29B}
~~~ FireFox
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\Bina\AppData\Roaming\mozilla\firefox\profiles\3xc856kd.default\user.js
Successfully deleted: [Folder] C:\Users\Bina\AppData\Roaming\mozilla\firefox\profiles\3xc856kd.default\smartbar
Successfully deleted: [Folder] C:\Users\Bina\AppData\Roaming\mozilla\firefox\profiles\3xc856kd.default\winamptoolbardata
Successfully deleted the following from C:\Users\Bina\AppData\Roaming\mozilla\firefox\profiles\3xc856kd.default\prefs.js
user_pref("CT3297265.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3297265.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3297265.FF19Solved", "true");
user_pref("CT3297265.FirstTime", "true");
user_pref("CT3297265.FirstTimeFF3", "true");
user_pref("CT3297265.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3297265&ctid=CT3297265&SearchSource=2&CUI=UN13355325333199033&UM=2&q=");
user_pref("CT3297265.UserID", "UN13355325333199033");
user_pref("CT3297265.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3297265.autoDisableScopes", -1);
user_pref("CT3297265.browser.search.defaultthis.engineName", "true");
user_pref("CT3297265.countryCode", "DE");
user_pref("CT3297265.defaultSearch", "true");
user_pref("CT3297265.enableAlerts", "true");
user_pref("CT3297265.enableFix404ByUser", "TRUE");
user_pref("CT3297265.enableSearchFromAddressBar", "true");
user_pref("CT3297265.firstTimeDialogOpened", "true");
user_pref("CT3297265.fixPageNotFoundError", "true");
user_pref("CT3297265.fixPageNotFoundErrorByUser", "true");
user_pref("CT3297265.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3297265.fixUrls", true);
user_pref("CT3297265.fullUserID", "UN13355325333199033.IN.20130714114941");
user_pref("CT3297265.homepageuserchanged", true);
user_pref("CT3297265.installDate", "14/07/2013 11:49:42");
user_pref("CT3297265.installId", "stub.exe");
user_pref("CT3297265.installSessionId", "{A01D4E7A-FCB0-4B89-81F0-4976747380A6}");
user_pref("CT3297265.installSp", "true");
user_pref("CT3297265.installType", "conduitnsisintegration");
user_pref("CT3297265.installUsage", "2013-07-14T15:51:44.3809533+03:00");
user_pref("CT3297265.installUsageEarly", "2013-07-14T13:03:13.0855268+03:00");
user_pref("CT3297265.installerVersion", "1.4.3.3");
user_pref("CT3297265.isCheckedStartAsHidden", true);
user_pref("CT3297265.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3297265.isFirstTimeToolbarLoading", "false");
user_pref("CT3297265.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3297265.keyword", "true");
user_pref("CT3297265.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3297265&octid=CT3297265&SearchSource=15&CUI=UN1335532533319903
user_pref("CT3297265.lastVersion", "10.16.4.19");
user_pref("CT3297265.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
user_pref("CT3297265.migrateAppsAndComponents", true);
user_pref("CT3297265.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.chip.de%2Fdownloads%2Fc1_downloads_hs_getfile_v1_33182961.html%3Ft%3D1373835747%26v%3D3
user_pref("CT3297265.openThankYouPage", "false");
user_pref("CT3297265.openUninstallPage", "true");
user_pref("CT3297265.originalHomepage", "hxxp://www.google.de");
user_pref("CT3297265.originalSearchAddressUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");
user_pref("CT3297265.originalSearchEngine", "Google");
user_pref("CT3297265.originalSearchEngineName", "Search Results");
user_pref("CT3297265.revertSettingsEnabled", "false");
user_pref("CT3297265.search.searchAppId", "130102701223206401");
user_pref("CT3297265.search.searchCount", "0");
user_pref("CT3297265.searchFromAddressBarEnabledByUser", "true");
user_pref("CT3297265.searchInNewTabEnabledByUser", "true");
user_pref("CT3297265.searchInNewTabEnabledInHidden", "true");
user_pref("CT3297265.searchRevert", "false");
user_pref("CT3297265.searchSuggestEnabledByUser", "true");
user_pref("CT3297265.searchUserMode", "2");
user_pref("CT3297265.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3297265.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3297265.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3297265.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3297265\"}");
user_pref("CT3297265.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DivXBrowserBarDE.OurToolbar.com//xpi\"}");
user_pref("CT3297265.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DivX Browser Bar DE\"}");
user_pref("CT3297265.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3297265.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3297265.serviceLayer_services_Configuration_lastUpdate", "1373796194128");
user_pref("CT3297265.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1373806303677");
user_pref("CT3297265.serviceLayer_services_appsMetadata_lastUpdate", "1373806303299");
user_pref("CT3297265.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1373806303136");
user_pref("CT3297265.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1373796194003");
user_pref("CT3297265.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1373806302946");
user_pref("CT3297265.serviceLayer_services_login_10.16.4.19_lastUpdate", "1373823844858");
user_pref("CT3297265.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1373806303325");
user_pref("CT3297265.serviceLayer_services_searchAPI_lastUpdate", "1373796193693");
user_pref("CT3297265.serviceLayer_services_serviceMap_lastUpdate", "1373795593554");
user_pref("CT3297265.serviceLayer_services_toolbarContextMenu_lastUpdate", "1373806302996");
user_pref("CT3297265.serviceLayer_services_toolbarSettings_lastUpdate", "1373828033744");
user_pref("CT3297265.serviceLayer_services_translation_lastUpdate", "1373806303612");
user_pref("CT3297265.settingsINI", true);
user_pref("CT3297265.shouldFirstTimeDialog", "false");
user_pref("CT3297265.showToolbarPermission", "false");
user_pref("CT3297265.smartbar.CTID", "CT3297265");
user_pref("CT3297265.smartbar.Uninstall", "0");
user_pref("CT3297265.smartbar.homepage", "true");
user_pref("CT3297265.smartbar.isHidden", true);
user_pref("CT3297265.smartbar.toolbarName", "DivX Browser Bar DE ");
user_pref("CT3297265.startPage", "true");
user_pref("CT3297265.toolbarBornServerTime", "14-7-2013");
user_pref("CT3297265.toolbarCurrentServerTime", "14-7-2013");
user_pref("CT3297265.toolbarLoginClientTime", "Sun Jul 14 2013 14:51:42 GMT+0200");
user_pref("CT3297265.versionFromInstaller", "10.16.4.19");
user_pref("CT3297265_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1373835657778,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "");
user_pref("Smartbar.ConduitSearchEngineList", "DivX Browser Bar DE Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3297265&ctid=CT3297265&SearchSource=2&CUI=UN13355325333199033&UM=2&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3297265");
user_pref("browser.search.defaultenginename", "Search Results");
user_pref("browser.search.defaultthis.engineName", "DivX Browser Bar DE Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3297265&CUI=UN13355325333199033&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Search Results");
user_pref("browser.search.selectedEngine", "DivX Browser Bar DE Customized Web Search");
user_pref("extensions.vshare@toolbar.update.enabled", false);
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3297265&ctid=CT3297265&SearchSource=2&CUI=UN13355325333199033&UM=2&q=");
user_pref("plugin.state.npconduitfirefoxplugin", 0);
user_pref("smartbar.addressBarOwnerCTID", "CT3297265");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3297265&CUI=UN13355325333199033&UM=2&SearchSource=13,hxxp://search.conduit.com/?octid=CT3297265&ct
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3297265&SearchSource=2&CUI=UN13355325333199033&UM=2&q=,hxxp://search.condui
user_pref("smartbar.defaultSearchOwnerCTID", "CT3297265");
user_pref("smartbar.homePageOwnerCTID", "CT3297265");
user_pref("smartbar.machineId", "XVXKPX8GB4TCUWNXP7LR/7HQ3PBQP0GSVZXZ+WI7XPNF3ONPCWS7/ONI2QDRYETAN6CVUHOJRQ4STKHFM1P8EQ");
user_pref("vshare.install.date", "1300147200000");
user_pref("vshare.install.dumpFileCount", 0);
user_pref("vshare.install.dumpFileDisabled", false);
user_pref("vshare.install.finished", "1.0.0");
user_pref("vshare.install.guid", "{4699f18d-22bf-4c0b-a483-edf5f2f755f7}");
user_pref("vshare.install.isHidden", true);
user_pref("vshare.install.istoolbarhp", true);
user_pref("vshare.install.istoolbarsearch", true);
user_pref("vshare.install.laststatreq", "1301961600000");
user_pref("vshare.install.newtab", true);
user_pref("vshare.install.overlayVersion", 1);
user_pref("vshare.install.userHPSettings", "hxxp://www.facebook.com/home.php?");
user_pref("vshare.install.userSPSettings", "Google");
Emptied folder: C:\Users\Bina\AppData\Roaming\mozilla\firefox\profiles\3xc856kd.default\minidumps [190 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2013 at 10:50:44,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.306 - Datei am 23/07/2013 um 10:52:15 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Bina - BINA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Bina\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\DivX_Browser_Bar_DE
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Bina\AppData\LocalLow\DivX_Browser_Bar_DE
Ordner Gelöscht : C:\Users\Bina\AppData\Roaming\Mozilla\Firefox\Profiles\3xc856kd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DivX_Browser_Bar_DE
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\Software\DivX_Browser_Bar_DE
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F663448B-1B58-43EA-8EF6-A410B6E82DEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F663448B-1B58-43EA-8EF6-A410B6E82DEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{301EEA78-FF7D-40A3-85F6-803F08AEBAE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE2B31D0-77F8-4BC0-888E-CE930360874A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DAD39C6-F4AC-4984-8E9B-F666269B9EB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DivX_Browser_Bar_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{6DAD39C6-F4AC-4984-8E9B-F666269B9EB1}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Bina\AppData\Roaming\Mozilla\Firefox\Profiles\3xc856kd.default\prefs.js
Gelöscht : user_pref("CT3297265.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3297265.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT3297265.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3297265.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT3297265.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Gelöscht : user_pref("CT3297265.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.chip.de%2Fdo[...]
Gelöscht : user_pref("CT3297265.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3297265.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT3297265.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT3297265.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT3297265.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3297265.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3297265.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT3297265.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Gelöscht : user_pref("CT3297265_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("show.CT3297265", false);
*************************
AdwCleaner[S1].txt - [10465 octets] - [23/07/2013 10:52:15]
########## EOF - C:\AdwCleaner[S1].txt - [10526 octets] ##########
Code:
ATTFilter OTL logfile created on: 7/23/2013 11:01:13 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bina\Desktop\Trojan Board 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.86 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 67.10% Memory free 7.73 Gb Paging File | 6.40 Gb Available in Paging File | 82.89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 179.00 Gb Total Space | 35.03 Gb Free Space | 19.57% Space Free | Partition Type: NTFS Drive D: | 266.66 Gb Total Space | 123.74 Gb Free Space | 46.40% Space Free | Partition Type: NTFS Computer Name: BINA-PC | User Name: Bina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Bina\Desktop\Trojan Board\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink) PRC - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\DLNA\DMS\_PyDMSCtrl.pyd () MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd () MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\koan\_ctypes.pyd () MOD - C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd () MOD - C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (CyberLink PowerDVD 12 Media Server Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe (CyberLink) SRV - (CLHNServiceForPowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe (CyberLink Corp.) SRV - (CyberLink PowerDVD 12 Media Server Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe (CyberLink) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys () DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys () DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (sptd) -- C:\windows\SysNative\drivers\sptd.sys.vir (Duplex Secure Ltd.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys () DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl (CyberLink Corp.) DRV - (ntk_PowerDVD12) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys (Cyberlink Corp.) DRV - (rtport) -- C:\Windows\SysWOW64\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/07/14 12:12:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/07/14 23:07:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/27 18:50:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/23 10:45:38 | 000,000,000 | ---D | M] [2013/07/14 21:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bina\AppData\Roaming\mozilla\Extensions [2013/07/23 10:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bina\AppData\Roaming\mozilla\Firefox\Profiles\3xc856kd.default\extensions [2011/05/29 23:38:58 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Bina\AppData\Roaming\mozilla\Firefox\Profiles\3xc856kd.default\extensions\2020Player@2020Technologies.com [2013/06/18 15:40:14 | 002,494,702 | ---- | M] () (No name found) -- C:\Users\Bina\AppData\Roaming\mozilla\firefox\profiles\3xc856kd.default\extensions\nasanightlaunch@example.com.xpi [2012/12/12 11:59:01 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Bina\AppData\Roaming\mozilla\firefox\profiles\3xc856kd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013/07/14 21:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/06/27 18:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013/06/27 18:50:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/05/25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2013/07/18 20:35:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.) O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-522234228-4192544273-3428825822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Bina\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Bina\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1111/Navigram.cab (Navigram Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.25.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F96EEFF-043E-470A-85AA-1D0C59A2263E}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92071B0F-B1C4-4A63-AA34-2BC15A05C928}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D72B9451-1AC0-4A8F-A8DD-9ACB3D910F52}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/23 10:41:56 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013/07/23 10:39:01 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Bina\Desktop\JRT.exe [2013/07/22 00:01:35 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bina\Desktop\tdsskiller.exe [2013/07/19 19:27:01 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Bina\Desktop\aswMBR.exe [2013/07/18 22:28:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013/07/18 22:26:39 | 000,000,000 | ---D | C] -- C:\Users\Bina\Desktop\mbar-1.06.0.1004 [2013/07/18 22:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag [2013/07/18 22:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag [2013/07/18 21:17:20 | 000,000,000 | ---D | C] -- C:\windows\Sun [2013/07/18 21:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013/07/18 21:14:06 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013/07/18 21:13:50 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013/07/18 21:13:50 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013/07/18 21:13:50 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013/07/18 20:44:28 | 000,000,000 | ---D | C] -- C:\Users\Bina\Desktop\Trojan Board [2013/07/18 20:44:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/07/18 20:23:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013/07/18 20:23:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013/07/18 20:23:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013/07/18 20:23:07 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/07/18 20:22:47 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013/07/18 20:18:29 | 005,089,814 | R--- | C] (Swearware) -- C:\Users\Bina\Desktop\ComboFix.exe [2013/07/17 19:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013/07/17 19:44:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013/07/17 19:44:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013/07/17 19:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013/07/17 19:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013/07/17 19:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2013/07/17 19:41:14 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_42.dll [2013/07/17 19:41:12 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll [2013/07/17 19:39:42 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2013/07/17 19:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2013/07/17 19:38:25 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Roaming\Winamp [2013/07/17 19:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2013/07/17 19:14:27 | 000,000,000 | ---D | C] -- C:\Users\Bina\Desktop\MP3 Juni [2013/07/17 18:57:43 | 000,000,000 | ---D | C] -- C:\FRST [2013/07/16 23:08:06 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Local\MediaShow [2013/07/16 23:04:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink [2013/07/16 23:04:31 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Local\MediaServer [2013/07/16 23:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD [2013/07/16 23:03:47 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Local\CyberLink [2013/07/16 23:03:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12 [2013/07/16 22:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap [2013/07/16 22:40:48 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013/07/14 23:25:14 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Roaming\Malwarebytes [2013/07/14 23:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/14 23:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/07/14 23:24:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013/07/14 23:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/07/14 23:23:48 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Local\Programs [2013/07/14 23:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender [2013/07/14 23:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender [2013/07/14 23:07:35 | 001,030,952 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys [2013/07/14 23:07:35 | 000,072,016 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys [2013/07/14 22:56:03 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2013/07/14 22:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2013/07/14 12:55:38 | 000,000,000 | ---D | C] -- C:\Users\Bina\AppData\Local\DDMSettings [2013/07/14 12:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2013/07/14 11:47:12 | 000,081,768 | ---- | C] (Conduit) -- C:\ministub.exe [2013/07/14 11:19:19 | 000,000,000 | ---D | C] -- C:\Users\Bina\Desktop\Maik [2013/07/11 23:08:40 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013/07/11 23:08:39 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013/07/11 23:08:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2013/07/11 23:08:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2013/07/11 23:08:36 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2013/07/11 23:08:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2013/07/11 23:08:36 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe [2013/07/11 23:08:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe [2013/07/11 23:08:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2013/07/11 23:08:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2013/07/11 23:08:36 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2013/07/11 23:08:32 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013/07/11 23:08:32 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013/07/11 23:08:31 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013/07/11 23:08:30 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013/07/11 22:04:24 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll [2013/07/11 22:04:24 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll [2013/07/11 22:04:23 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL [2013/07/11 22:04:23 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL [2013/07/11 22:00:54 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll [2013/06/27 18:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011/01/03 17:04:10 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\Bina\AppData\Roaming\nostart.exe [2010/12/15 23:26:05 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\Bina\AppData\Roaming\WinDefender.exe ========== Files - Modified Within 30 Days ========== [2013/07/23 11:03:51 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/23 11:03:51 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/23 10:55:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/07/23 10:55:52 | 4148,744,192 | -HS- | M] () -- C:\hiberfil.sys [2013/07/23 10:39:36 | 000,666,633 | ---- | M] () -- C:\Users\Bina\Desktop\adwcleaner.exe [2013/07/23 10:39:14 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Bina\Desktop\JRT.exe [2013/07/23 02:26:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/07/22 00:01:43 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bina\Desktop\tdsskiller.exe [2013/07/21 23:59:49 | 000,000,512 | ---- | M] () -- C:\Users\Bina\Desktop\MBR.dat [2013/07/21 18:46:27 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk [2013/07/21 18:36:23 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/07/21 18:36:23 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2013/07/21 18:36:23 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/07/21 18:36:23 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2013/07/21 18:36:23 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/07/19 19:27:18 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Bina\Desktop\aswMBR.exe [2013/07/18 22:24:58 | 013,399,154 | ---- | M] () -- C:\Users\Bina\Desktop\mbar-1.06.0.1004.zip [2013/07/18 22:03:06 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2013/07/18 21:13:42 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013/07/18 21:13:40 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013/07/18 21:13:40 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013/07/18 21:13:39 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2013/07/18 21:13:39 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll [2013/07/18 21:13:39 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013/07/18 20:49:25 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013/07/18 20:49:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013/07/18 20:35:16 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2013/07/18 20:19:08 | 005,089,814 | R--- | M] (Swearware) -- C:\Users\Bina\Desktop\ComboFix.exe [2013/07/17 19:41:16 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk [2013/07/16 23:03:39 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk [2013/07/16 20:33:23 | 000,000,958 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/07/16 18:58:41 | 000,000,020 | ---- | M] () -- C:\Users\Bina\defogger_reenable [2013/07/14 23:07:44 | 001,030,952 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys [2013/07/14 23:07:44 | 000,378,944 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys [2013/07/14 23:07:44 | 000,189,936 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys [2013/07/14 23:07:44 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum [2013/07/14 23:07:44 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSP.sys.sum [2013/07/14 23:07:44 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum [2013/07/14 23:07:34 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2013/07/14 22:55:50 | 579,095,703 | ---- | M] () -- C:\windows\MEMORY.DMP [2013/07/14 22:33:30 | 000,001,456 | ---- | M] () -- C:\Users\Bina\Desktop\TaskMan.exe - Verknüpfung.lnk [2013/07/14 22:30:54 | 000,433,848 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013/07/14 22:15:30 | 000,007,630 | ---- | M] () -- C:\Users\Bina\AppData\Local\Resmon.ResmonCfg [2013/07/14 17:46:56 | 000,001,614 | ---- | M] () -- C:\Users\Bina\Documents\cc_20130714_174651.reg [2013/07/14 15:48:56 | 000,042,022 | ---- | M] () -- C:\Users\Bina\Documents\cc_20130714_154837.reg [2013/07/14 11:47:18 | 000,081,768 | ---- | M] (Conduit) -- C:\ministub.exe ========== Files Created - No Company Name ========== [2013/07/23 10:39:28 | 000,666,633 | ---- | C] () -- C:\Users\Bina\Desktop\adwcleaner.exe [2013/07/21 23:59:49 | 000,000,512 | ---- | C] () -- C:\Users\Bina\Desktop\MBR.dat [2013/07/18 22:24:14 | 013,399,154 | ---- | C] () -- C:\Users\Bina\Desktop\mbar-1.06.0.1004.zip [2013/07/18 22:03:06 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk [2013/07/18 20:23:20 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013/07/18 20:23:20 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013/07/18 20:23:20 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013/07/18 20:23:20 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013/07/18 20:23:20 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013/07/17 19:41:16 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk [2013/07/16 23:03:38 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk [2013/07/16 18:58:40 | 000,000,020 | ---- | C] () -- C:\Users\Bina\defogger_reenable [2013/07/14 23:24:21 | 000,000,958 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013/07/14 23:07:44 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum [2013/07/14 23:07:44 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSP.sys.sum [2013/07/14 23:07:44 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum [2013/07/14 23:07:35 | 000,189,936 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys [2013/07/14 23:07:35 | 000,065,336 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys [2013/07/14 22:55:50 | 579,095,703 | ---- | C] () -- C:\windows\MEMORY.DMP [2013/07/14 22:33:30 | 000,001,456 | ---- | C] () -- C:\Users\Bina\Desktop\TaskMan.exe - Verknüpfung.lnk [2013/07/14 22:15:30 | 000,007,630 | ---- | C] () -- C:\Users\Bina\AppData\Local\Resmon.ResmonCfg [2013/07/14 17:46:53 | 000,001,614 | ---- | C] () -- C:\Users\Bina\Documents\cc_20130714_174651.reg [2013/07/14 15:48:39 | 000,042,022 | ---- | C] () -- C:\Users\Bina\Documents\cc_20130714_154837.reg [2013/04/09 14:01:25 | 000,484,352 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll [2012/09/10 15:41:56 | 000,000,051 | ---- | C] () -- C:\ProgramData\knguqevllwtgaeu [2012/01/03 22:30:30 | 000,000,867 | ---- | C] () -- C:\Users\Bina\.recently-used.xbel [2011/08/15 20:49:28 | 000,000,040 | ---- | C] () -- C:\Users\Bina\AppData\Local\Images.fl [2007/03/12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files (x86)\navigram_register.exe ========== ZeroAccess Check ========== [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > Code:
ATTFilter OTL Extras logfile created on: 7/23/2013 11:01:13 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bina\Desktop\Trojan Board
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.86 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 67.10% Memory free
7.73 Gb Paging File | 6.40 Gb Available in Paging File | 82.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 35.03 Gb Free Space | 19.57% Space Free | Partition Type: NTFS
Drive D: | 266.66 Gb Total Space | 123.74 Gb Free Space | 46.40% Space Free | Partition Type: NTFS
Computer Name: BINA-PC | User Name: Bina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Bina\AppData\Roaming\WinDefender.exe" = C:\Users\Bina\AppData\Roaming\WinDefender.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Bina\AppData\Roaming\firefox.exe" = C:\Users\Bina\AppData\Roaming\firefox.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Roaming\test.exe" = C:\Users\Bina\AppData\Roaming\test.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Roaming\server.exe" = C:\Users\Bina\AppData\Roaming\server.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Local\Temp\svchost.exe" = C:\Users\Bina\AppData\Local\Temp\svchost.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Local\Temp\server.exe" = C:\Users\Bina\AppData\Local\Temp\server.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Roaming\new.exe" = C:\Users\Bina\AppData\Roaming\new.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Roaming\WinDefender.exe" = C:\Users\Bina\AppData\Roaming\WinDefender.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Users\Bina\AppData\Roaming\firefox.exe" = C:\Users\Bina\AppData\Roaming\firefox.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Roaming\test.exe" = C:\Users\Bina\AppData\Roaming\test.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Roaming\server.exe" = C:\Users\Bina\AppData\Roaming\server.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Local\Temp\svchost.exe" = C:\Users\Bina\AppData\Local\Temp\svchost.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Local\Temp\server.exe" = C:\Users\Bina\AppData\Local\Temp\server.exe:*:Enabled:Windows Messanger
"C:\Users\Bina\AppData\Roaming\new.exe" = C:\Users\Bina\AppData\Roaming\new.exe:*:Enabled:Windows Messanger
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C6D1B2-7F49-4A39-AF32-E99A95D2B07D}" = rport=138 | protocol=17 | dir=out | app=system |
"{0A6BF111-9A62-4DF4-9B06-8703E2EFDAF0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0CDBA5C4-37CC-44F7-9EAA-781D258289E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{224D6B52-A658-4EB4-BE48-E638E349F83D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{316066D2-11CA-4570-BFED-BAC9574F0358}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{32D469AE-4A65-4279-917F-076C18D355B7}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E251D9B-DD03-422D-9E79-ABA6D665D8D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47935D80-1729-4101-B12E-DD464B957E65}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47ACC041-CA4F-486E-B485-ADAE4FB3B65B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{57A298F4-A108-49E4-A12B-0196497137AE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{58A2BC1F-7C4F-4010-988A-56473FCB53E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C27127F-8CF2-4B2F-84B6-A3A09CAA032E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7099478B-B3D6-4364-A12D-933F8F3DB4DA}" = rport=137 | protocol=17 | dir=out | app=system |
"{80E1DBE4-4D81-4F83-AC18-23D0B70640CC}" = lport=139 | protocol=6 | dir=in | app=system |
"{81683327-42EB-49B9-91BE-BF5F81FFA6E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8EB33ACC-E8D3-4922-AF41-0A2244D86C81}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9571660D-F9CF-4FB7-942F-ED026F4143CA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0FE82B3-1407-43E4-8C0B-9E5651FEF8C1}" = lport=445 | protocol=6 | dir=in | app=system |
"{A536A900-1CDC-4ACF-85F3-901AF7594448}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AAD76EF7-CBA5-4CFD-951E-65CD6DAA660D}" = rport=445 | protocol=6 | dir=out | app=system |
"{AC1435AA-6ADA-4E97-B5BE-07F670C10D1F}" = lport=138 | protocol=17 | dir=in | app=system |
"{B4AB12E1-00CE-4D3D-9F73-7FA7EE16519B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B5C67B5C-0F9F-44A2-A0BE-4C6F36F07EF0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E07298DD-40C8-46F5-AECA-D6051E41FF97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E7965D1D-FB8C-4B39-8633-205CB7C8C515}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E83E5F40-589C-4A4B-8E41-51D86763631F}" = lport=137 | protocol=17 | dir=in | app=system |
"{E886F392-56C9-4A5F-990F-63CFB726D21E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EDA5D9A5-C690-41E8-BE02-50C89477DCBE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0052185F-4EC0-4155-90E8-B4AC671186E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{02440D04-34B4-423F-91C3-64C2C44C3D22}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{02F47C93-EFCF-4E39-AF7C-6598B9309F45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{04741F2C-FA0D-43A9-A53C-8384D3B902A1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{0A4D82FE-1510-44E2-ACF1-C68CFBD5022B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{0E5E6E84-26FC-4BBA-9740-4F04558DEB32}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{13D664E8-A134-4759-B79E-DF3F8CAE2C1C}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{16547D14-40E6-4F09-A299-E44D4B70DEEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16968817-39FF-440D-A0BF-691DF4DD6B0A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1A8D1C61-8C3F-4E02-8F4E-A7033367F851}" = protocol=17 | dir=in | app=c:\program files (x86)\usenet.nl\usenet.nl.exe |
"{1FEF0FAE-C932-49FA-A3FC-A846BB3AF08F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2613263D-8972-44BC-BD0C-BB7804248428}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{27EE1E10-7359-49AE-BAD7-ADE320A63DFA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe |
"{2CC6E027-736F-419F-9575-DD692CB117BF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2D4487B0-02D7-45DE-9060-16719BEA28F2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{310EDACB-5FC7-4F05-9308-B1C804BC8BB3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{40B234E7-FD43-489B-8C48-1BEA306AFAB0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4C42A27F-D762-477C-AF55-E0772B57CC1C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5175BA8D-E64D-41E8-843C-49F5F5D55F0E}" = protocol=6 | dir=out | app=system |
"{5A4CB546-335C-47B2-AF36-60D559FD276A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{62507234-FCDA-4112-996C-CCB9ADF20A1B}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{64D64F87-3DEB-49D2-B156-1D83EAF6C473}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{67BE4414-6AAD-4FF5-879B-7043A9BB8629}" = protocol=17 | dir=in | app=c:\users\bina\appdata\roaming\lsass.exe |
"{6ADE5C6E-9114-4D4E-B05E-378A047EEBCE}" = protocol=17 | dir=in | app=c:\program files (x86)\obviousidea\photolikr\photolikr.exe |
"{70C17189-AD40-4E75-873A-7D6930717247}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{76B8E139-9F57-4407-B0C3-25F7F26FB2E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7733C7B0-FD64-4E2D-BCEE-7F9166C231C5}" = protocol=6 | dir=in | app=c:\program files (x86)\obviousidea\photolikr\photolikr.exe |
"{781782EF-9A20-46FB-827E-4F6B32A49F7F}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{793ACF67-7367-423E-8F0F-853E185F7D4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83665532-5E57-4CDD-A3D0-25E454872465}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F67A099-DE60-4C6A-B8D1-DCB8CDEF95EC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{906046B7-C455-4A43-BDC6-E5D9DA2B0E25}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{946316A1-AA82-4DFD-8D3A-1BD753779EC9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9C2559BE-9DED-454B-9334-A073C16D178A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ACFCF543-C67B-4AEE-9478-2D741F973198}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe |
"{AEB75AF0-D24F-4336-9A72-D8EDCEE4332F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B5B200FF-CB25-41EF-A8F1-D3378D3DC6FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBB0746A-F6FF-4ED9-9B2A-73922351F8FF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe |
"{BE69FC28-6D2C-490E-9B17-BE3071076C72}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C31372D2-2061-475D-A40C-FFB92A514E35}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C8A2AD2A-5B42-4438-9E0E-49F8491A59C6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C8CB3A1C-2186-4D1C-867F-76E675D3DD84}" = protocol=6 | dir=in | app=c:\program files (x86)\usenet.nl\usenet.nl.exe |
"{C9C68AA7-C2BD-48F5-81F9-F80AB4D22417}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CC7818C0-D81F-478A-AC6B-30E0D5A8D957}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CE979443-744A-42EE-971C-615DD432484D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DD21733E-2BF1-4C11-A446-4CADBC7AD87C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DD5C3922-B248-4ABB-AAAD-9A343B3ECB77}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E6D6DC89-F9ED-4293-B050-DA7DED2DD8F9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe |
"{E8391A88-3EC1-4818-80D3-F7D05F2903E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E85A3672-BC7D-4219-98DE-DD8AE7A1966C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED759F47-0857-4FD0-8617-57C9AB5FD26B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe |
"{EF1AD5E7-4BC2-4B9A-B13D-BC16B76F163D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F0578CE0-3828-4CCC-90D2-28AD646CCE78}" = protocol=6 | dir=in | app=c:\users\bina\appdata\roaming\lsass.exe |
"{F1C06C51-379A-4301-93B4-40EDE8E10C56}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{F2F894D9-3D77-478B-BF77-5BAB2B4FA0F2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe |
"{F6F4CDD3-ADA2-44E8-BB72-3EB836540E42}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{DB30F98F-3538-4F6A-B317-4A258DBB4D2B}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{EF901F63-46EE-4AB5-8D2C-E140BBC1AF57}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F796312-289C-40CA-856C-9FBCF5E83342}" = REALTEK Wireless LAN Software
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{98B8052E-1E55-41D4-9A03-E2F718825D38}" = HTC Sync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B31CABFC-4878-47A7-8366-3C0FF4CC98B3}_is1" = PhotoLikr 1.0.8.12
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EAC0A4A7-9599-4C74-9291-4ACF1CC682E0}" = calibre
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.0.8.2
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Free YouTube Download_is1" = Free YouTube Download version 3.1.33.822
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"High Quality Photo Resizer_is1" = High Quality Photo Resizer 5.02
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.57
"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-522234228-4192544273-3428825822-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 7/23/2013 4:56:20 AM | Computer Name = Bina-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Rezip" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
< End of report >
|
|
24.07.2013, 00:43
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind.Fixen mit OTL
Code:
ATTFilter :OTL
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:CB0AACC9
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ --> Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind. |
|
24.07.2013, 09:10
| #22 |
| | Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind. Guuuten Morgen Code:
ATTFilter All processes killed
========== OTL ==========
ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully.
ADS C:\ProgramData\Temp:CB0AACC9 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Bina\Desktop\Trojan Board\cmd.bat deleted successfully.
C:\Users\Bina\Desktop\Trojan Board\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Bina
->Temp folder emptied: 14188608 bytes
->Temporary Internet Files folder emptied: 41753065 bytes
->Java cache emptied: 46798 bytes
->FireFox cache emptied: 83019468 bytes
->Flash cache emptied: 539 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41462221 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78336222 bytes
RecycleBin emptied: 1020305272 bytes
Total Files Cleaned = 1,220.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 07242013_100557
Files\Folders moved on Reboot...
C:\Users\Bina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
24.07.2013, 14:42
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind. Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.07.2013, 10:06
| #24 |
| | Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind. Guten Morgen! Ich habe mit Malware einen Komplettscan gemacht! Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.24.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Bina :: BINA-PC [Administrator] 24.07.2013 19:57:19 mbam-log-2013-07-24 (19-57-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 431977 Laufzeit: 1 Stunde(n), 37 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Durch Eset ist herausgekommen, das 2 "infected Files" gefunden worden ist! Was mach ich denn nu? Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5144ff8a1f918b4a91210de2202472c9
# engine=14521
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-25 12:05:12
# local_time=2013-07-25 02:05:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 23402 126340562 0 0
# scanned=226477
# found=2
# cleaned=0
# scan_time=12983
sh=78A43903C7C6FCFB2EA7452F66683BCA29F969F7 ft=0 fh=0000000000000000 vn="a variant of Win32/TrojanDropper.Agent.PGY trojan" ac=I fn="C:\Users\Bina\Downloads\Microsoft Office 2010 Professional 32b Activated!!\MSOffice2010.32b.iso"
sh=A6F1AD76265D9D360052218896B023056C6D9729 ft=0 fh=0000000000000000 vn="Win32/Reveton.M trojan" ac=I fn="C:\Windows\pss\runctf.lnk.Startup"
|
|
25.07.2013, 16:47
| #25 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind.Zitat:
 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.07.2013, 16:58
| #26 |
| | Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind. Mist, hatte mein Freund für mich installiert  |
|
25.07.2013, 16:59
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind. Deinstallieren, Crack-Mist löschen. Wenn es unbedingt MS-Office sein muss dann kaufen oder kostenlose Alternativen wie zB LibreOffice verwenden
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Programme öffnen langsam. Security Manager zeigt Prozesse an, die nicht im System auffindbar sind. |
| angemeldet, angezeigt, auffindbar, bewertung, checkliste, exp/flash.straconn.gen, fehlermeldung, hijack.zones, malware.trace, programme, prozesse, rechtsklick, sehr langsam, smss.exe, sommer, stolen.data, task manager, trojan.fakealert, verschiedene, windows 7 |
Textbox. 
Linear-Darstellung
