| |
| |||||||
Log-Analyse und Auswertung: TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PCWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.07.2013, 16:54
| #1 |
 |  TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC Hallo Community Auf dem Vista-PC meiner Frau haben sich Schädlinge eingenistet, die unsere PC-Fähigkeiten leider überschreiten. Zugegebenermaßen beschränkten sich diese Fähigkeiten auch nur auf die Avira Antivir Reinigung und Spybot Search and Destroy. Avira macht ständig den Sicherheitshinweis auf, daß es TR/ATRAPS.Gen2 gefunden hat. Als Pfad wird c:\windows\installer\...\80000032.@ angegeben, wobei die letzten Ziffern variieren. Auch wenn man jetzt Entfernen anklickt, taucht die Meldung in kürzester Zeit wieder auf. Zudem kommt immer wieder die Meldung, daß der Hostprozeß für Windowsdienste von der Datenausführungsverhinderung beendet und geschlossen wurde. Der Windows Sicherheitscenterdienst ist deaktiviert und läßt sich nicht aktivieren (kann nicht gestartet werden) Öffnet man den Browser, so öffnet sich auomatisch in einem zweiten Tab neben der Startseite die Seite hxxp://www.giga.de/androidnews/ Ich war alles, was mir so auf Anhieb auffällt, jetzt noch eben die Logs: OTL Code:
ATTFilter OTL logfile created on: 22.07.2013 15:19:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gnubbi\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19443) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,69% Memory free 8,20 Gb Paging File | 6,64 Gb Available in Paging File | 80,96% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581,69 Gb Total Space | 321,72 Gb Free Space | 55,31% Space Free | Partition Type: NTFS Drive D: | 14,48 Gb Total Space | 2,00 Gb Free Space | 13,82% Space Free | Partition Type: NTFS Computer Name: GNUBBI-TEILCHEN | User Name: Gnubbi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.22 15:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gnubbi\Desktop\OTL.exe PRC - [2013.07.15 13:07:42 | 000,709,120 | ---- | M] (Windows Net) -- C:\Users\Gnubbi\AppData\Roaming\Windows Net Data\net.exe PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.08.08 20:57:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 09:42:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 09:42:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe PRC - [2008.06.11 02:51:50 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Users\Gnubbi\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Users\Gnubbi\RocketDock\RocketDock.exe MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Users\Gnubbi\RocketDock\RocketDock.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.02.15 05:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2007.03.29 04:42:42 | 000,036,360 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV - [2013.07.03 13:14:03 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.12 16:13:13 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.05.08 09:42:53 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 09:42:52 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.03.28 21:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.06.11 02:51:50 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2007.03.29 04:42:42 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.11 07:34:12 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.05.08 09:42:53 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 09:42:53 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.12 23:07:55 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt) DRV:64bit: - [2012.03.12 23:07:55 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.02.15 05:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.02.15 04:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.12.10 16:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2010.11.17 14:04:18 | 000,111,120 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService) DRV:64bit: - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010.04.27 04:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010.04.27 04:25:16 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bserd.sys -- (ss_bserd) DRV:64bit: - [2010.04.27 04:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2010.04.27 04:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009.04.11 07:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser) DRV:64bit: - [2008.11.29 08:19:28 | 000,028,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER) DRV:64bit: - [2008.06.11 04:51:32 | 000,395,800 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor) DRV:64bit: - [2008.06.09 15:36:56 | 000,459,776 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x) DRV:64bit: - [2008.02.14 16:56:14 | 000,160,768 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169) DRV:64bit: - [2007.09.17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd) DRV - [2011.02.06 16:28:05 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) DRV - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2004.12.30 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F5C44D02-1CFC-4026-BBCC-E3514C88692E} IE:64bit: - HKLM\..\SearchScopes\{4CB690B1-11EC-457C-B66A-3003BC43F5E3}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE:64bit: - HKLM\..\SearchScopes\{F5C44D02-1CFC-4026-BBCC-E3514C88692E}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchrocket.info/?pid=658&r=2013/05/22&hid=2597692014&lg=EN&cc=DE&unqvl=16 IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{4CB690B1-11EC-457C-B66A-3003BC43F5E3}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.searchrocket.info/?l=1&q={searchTerms}&pid=658&r=2013/05/22&hid=2597692014&lg=EN&cc=DE&unqvl=16 IE - HKLM\..\SearchScopes\{F5C44D02-1CFC-4026-BBCC-E3514C88692E}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/my_homepage/0022/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=42D400225F09AD59&affID=122450&tsp=4943iga.de/my_homepage/0022/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{01_TL-YODL-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_yodl&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{03_TL-TELEFONBUCH-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_telefonbuch&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{04_TL-AMAZON-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_amazon&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{05_TL-EBAY-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_ebay&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{07_TL-CONRAD-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_conrad&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{08_TL-OTTO-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_otto&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{09_TL-CLIPFISH-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_clipfish&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{10_TL-MYVIDEO-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_myvideo&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{11_TL-MUSICLOAD-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_musicload&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6 IE - HKCU\..\SearchScopes\{4CB690B1-11EC-457C-B66A-3003BC43F5E3}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933 IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus IE - HKCU\..\SearchScopes\{F5C44D02-1CFC-4026-BBCC-E3514C88692E}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 14.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2012.11.13 22:22:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 14.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.03 13:13:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.03 13:13:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Aurora 14.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2012.11.13 22:22:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Aurora 14.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\extensions\mail@gutscheinrausch.de FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\extensions\firejump@firejump.net FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.03 13:13:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.03 13:13:59 | 000,000,000 | ---D | M] [2012.11.13 21:58:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Extensions [2013.07.15 13:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\4vhv66wx.default\extensions [2013.07.15 13:07:33 | 000,000,000 | ---D | M] (Amazon-Icon) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\4vhv66wx.default\extensions\amazon-icon@winload.de [2013.07.15 13:07:35 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\4vhv66wx.default\extensions\sparpilot@sparpilot.com [2013.07.15 13:07:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\4vhv66wx.default\extensions\staged [2013.07.21 19:46:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\wljaky0a.default\extensions [2013.07.15 13:07:33 | 000,000,000 | ---D | M] (Amazon-Icon) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\wljaky0a.default\extensions\amazon-icon@winload.de [2013.06.29 19:25:35 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\wljaky0a.default\extensions\ich@maltegoetz.de [2013.07.15 13:07:35 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Firefox\Profiles\wljaky0a.default\extensions\sparpilot@sparpilot.com [2009.11.16 20:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\Sunbird\Profiles\ys4klgqm.default\extensions [2013.07.19 20:54:58 | 000,059,274 | ---- | M] () (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\firefox\profiles\wljaky0a.default\extensions\om@offermosquito.com.xpi [2013.07.19 00:00:42 | 000,621,019 | ---- | M] () (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\firefox\profiles\wljaky0a.default\extensions\toolbar@web.de.xpi [2013.07.15 22:39:30 | 000,535,736 | ---- | M] () (No name found) -- C:\Users\Gnubbi\AppData\Roaming\mozilla\firefox\profiles\wljaky0a.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.07.14 14:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.07.03 13:13:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2013.07.14 14:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013.07.03 13:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013.07.03 13:14:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll [2009.05.02 16:35:37 | 000,001,779 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\clipfish.xml [2009.05.02 16:35:37 | 000,001,013 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\conrad.xml [2009.05.02 16:35:37 | 000,002,487 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\discount24.xml [2009.05.02 16:35:37 | 000,001,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\musicload.xml [2009.05.02 16:35:37 | 000,002,120 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\myvideo.xml [2009.05.02 16:35:37 | 000,002,023 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\otto.xml [2009.05.02 16:35:37 | 000,000,758 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\quelle.xml [2009.05.02 16:35:37 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\telefonbuch-de.xml [2009.05.02 16:35:37 | 000,005,375 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yodl.xml [2009.10.14 16:26:52 | 000,002,380 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\zwunzi113.xml [2009.10.15 10:40:47 | 000,002,380 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\zwunzi115.xml O1 HOSTS File: ([2010.10.12 10:28:18 | 000,421,744 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14545 more lines... O2 - BHO: (PiccShare BHO) - {553318DA-D010-469E-84B1-496563CAE1C0} - C:\Users\Gnubbi\AppData\Local\ext_piccshare\ext_piccshare.dll (HTTO Group, Ltd) O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [DataMgr] C:\Users\Gnubbi\AppData\Roaming\DataMgr\DataMgr.exe (HTTO Group, Ltd.) O4 - HKCU..\Run: [Intermediate] C:\Users\Gnubbi\AppData\Roaming\Intermediate\Intermediate.exe () O4 - HKCU..\Run: [RocketDock] C:\Users\Gnubbi\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [SCheck] C:\Users\Gnubbi\AppData\Roaming\SCheck\SCheck.exe () O4 - HKCU..\Run: [Snoozer] C:\Users\Gnubbi\AppData\Roaming\Snz\Snz.exe () O4 - HKCU..\Run: [SSync] C:\Users\Gnubbi\AppData\Roaming\SSync\SSync.exe () O4 - HKLM..\RunOnce: [3dlagunabeachscreensaver] C:\Users\Gnubbi\AppData\Local\Temp\BI_RunOnce.exe (Somoto Ltd.) O4 - Startup: C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk = C:\Users\Gnubbi\AppData\Roaming\Windows Net Data\net.exe (Windows Net) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Gnubbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gnubbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Gnubbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gnubbi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F2D6182-2146-43C7-B4CC-6F38528768F5}: DhcpNameServer = 192.168.11.1 O18:64bit: - Protocol\Handler\gcf - No CLSID value found O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - File not found O20 - AppInit_DLLs: (c:\progra~2\websea~1\sprote~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll) - File not found O24 - Desktop WallPaper: C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{65e9b171-37c0-11de-9b9e-00221558ad48}\Shell\AutoRun\command - "" = J:\rnwlvb.exe O33 - MountPoints2\{65e9b171-37c0-11de-9b9e-00221558ad48}\Shell\explore\Command - "" = J:\rnwlvb.exe O33 - MountPoints2\{65e9b171-37c0-11de-9b9e-00221558ad48}\Shell\open\Command - "" = J:\rnwlvb.exe O33 - MountPoints2\{fa3cd6dd-7f5d-11df-b2fc-00221558ad48}\Shell - "" = AutoRun O33 - MountPoints2\{fa3cd6dd-7f5d-11df-b2fc-00221558ad48}\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.22 15:15:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gnubbi\Desktop\OTL.exe [2013.07.22 12:00:16 | 002,644,504 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Sandy_Beach_3D_Screensaver.scr [2013.07.22 12:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sandy Beach 3D Screensaver [2013.07.22 11:54:50 | 002,536,992 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Caribbean_Islands_3D_Screensaver.scr [2013.07.22 11:54:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Caribbean Islands 3D Screensaver [2013.07.21 19:46:36 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\Snz [2013.07.15 14:16:13 | 002,511,384 | ---- | C] (3Planesoft) -- C:\Windows\SysWow64\Tropical_Fish_3D_Screensaver.scr [2013.07.15 14:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tropical Fish 3D Screensaver [2013.07.15 14:05:42 | 000,197,120 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\3-D Jellyfish DemoESD.scr [2013.07.15 14:05:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\3-D Jellyfish DemoESD dir [2013.07.15 13:17:32 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Local\ext_piccshare [2013.07.15 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\SSync [2013.07.15 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\SCheck [2013.07.15 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\Intermediate [2013.07.15 13:17:30 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\DataMgr [2013.07.15 13:16:18 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\PiccShare [2013.07.15 13:16:18 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\Common [2013.07.15 13:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Space Tour screensavers [2013.07.15 13:16:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3D Space Tour [2013.07.15 13:08:20 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\Astro Gemini Software [2013.07.15 13:07:43 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\Windows Net Data [2013.07.15 13:07:34 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Local\Temp75647aea5aa07b4ca02750042d58fa47 [2013.07.15 13:07:33 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Local\Tempd859abcc6d9b14452ff9125efb5084c2 [2013.07.15 13:07:33 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Local\Tempcbef2bd2ff1ab5bdb78c8808e08fc05e [2013.07.15 13:07:33 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\ChromeExtensions [2013.07.14 14:11:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScreenSaverGift [2013.07.10 22:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astro Gemini Software [2013.07.03 13:13:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.30 20:53:57 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\PuzzleLab [2013.06.30 20:45:20 | 000,000,000 | ---D | C] -- C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phenomenon - Meteorit Sammleredition [2013.06.30 20:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phenomenon - Meteorit Sammleredition [2013.06.30 20:45:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phenomenon - Meteorit Sammleredition [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.22 15:15:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gnubbi\Desktop\OTL.exe [2013.07.22 15:15:08 | 000,000,000 | ---- | M] () -- C:\Users\Gnubbi\defogger_reenable [2013.07.22 15:14:48 | 000,050,477 | ---- | M] () -- C:\Users\Gnubbi\Desktop\Defogger.exe [2013.07.22 15:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.22 14:32:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.22 13:49:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.22 13:49:27 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.22 09:49:32 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.22 09:49:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.19 17:16:31 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2013.07.16 13:54:20 | 000,002,098 | ---- | M] () -- C:\Windows\wininit.ini [2013.07.15 14:09:47 | 000,000,368 | ---- | M] () -- C:\Users\Gnubbi\AppData\Roaming\burnaware.ini [2013.07.15 14:05:42 | 000,197,120 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\3-D Jellyfish DemoESD.scr [2013.07.15 13:07:50 | 000,001,779 | ---- | M] () -- C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk [2013.07.11 11:17:54 | 000,327,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.07.11 00:43:29 | 001,497,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.11 00:43:29 | 000,639,210 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.11 00:43:29 | 000,604,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.11 00:43:29 | 000,131,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.11 00:43:29 | 000,108,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.07 15:55:46 | 000,000,032 | ---- | M] () -- C:\Windows\setup.INI [2013.06.26 08:53:28 | 000,044,216 | ---- | M] () -- C:\Users\Gnubbi\AppData\Local\ext_piccshare_uninst.exe [2013.06.23 18:07:22 | 000,032,256 | ---- | M] () -- C:\Users\Gnubbi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.22 15:15:08 | 000,000,000 | ---- | C] () -- C:\Users\Gnubbi\defogger_reenable [2013.07.22 15:14:48 | 000,050,477 | ---- | C] () -- C:\Users\Gnubbi\Desktop\Defogger.exe [2013.07.15 13:17:05 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.15 13:17:04 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.15 13:08:25 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\Astro Gemini Screensaver Manager.scr [2013.07.15 13:08:21 | 000,001,079 | ---- | C] () -- C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\View My Screensavers.lnk [2013.07.15 13:07:50 | 000,001,779 | ---- | C] () -- C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk [2013.07.10 22:40:32 | 000,002,303 | ---- | C] () -- C:\Windows\SysWow64\NaechtlicheStadt3DBildschirmschoner.html [2013.07.10 22:40:31 | 012,460,032 | ---- | C] () -- C:\Windows\SysWow64\Nächtliche Stadt 3D Bildschirmschoner.scr [2013.07.07 15:55:46 | 000,000,032 | ---- | C] () -- C:\Windows\setup.INI [2013.06.26 08:53:28 | 000,044,216 | ---- | C] () -- C:\Users\Gnubbi\AppData\Local\ext_piccshare_uninst.exe [2012.04.06 17:22:57 | 000,000,108 | ---- | C] () -- C:\Users\Gnubbi\AppData\Local\Config_946EE51E.dat [2012.04.06 17:22:57 | 000,000,038 | ---- | C] () -- C:\Users\Gnubbi\AppData\Local\Index_946EE51E.dat [2012.03.21 08:59:01 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2011.11.30 22:02:54 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2011.11.02 15:53:49 | 000,000,094 | ---- | C] () -- C:\Users\Gnubbi\AppData\Local\fusioncache.dat [2011.11.02 15:53:31 | 001,502,086 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.02.06 15:22:02 | 000,004,990 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2010.07.21 22:29:50 | 000,000,552 | ---- | C] () -- C:\Users\Gnubbi\AppData\Local\d3d8caps.dat [2009.10.03 18:47:28 | 000,026,120 | ---- | C] () -- C:\Users\Gnubbi\AppData\Roaming\UserTile.png [2009.06.17 12:58:10 | 000,000,368 | ---- | C] () -- C:\Users\Gnubbi\AppData\Roaming\burnaware.ini [2009.04.22 09:52:04 | 000,000,218 | ---- | C] () -- C:\Users\Gnubbi\.recently-used.xbel [2009.04.22 07:30:39 | 000,001,916 | ---- | C] () -- C:\Users\Gnubbi\AppData\Roaming\wklnhst.dat [2009.04.13 00:21:42 | 000,032,256 | ---- | C] () -- C:\Users\Gnubbi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.03.04 13:30:28 | 000,039,060 | ---- | C] () -- C:\Program Files (x86)\Buffering2.jpg [2007.03.04 13:30:28 | 000,039,047 | ---- | C] () -- C:\Program Files (x86)\Buffering5.jpg [2007.03.04 13:30:28 | 000,039,040 | ---- | C] () -- C:\Program Files (x86)\Buffering1.jpg [2007.03.04 13:30:28 | 000,039,038 | ---- | C] () -- C:\Program Files (x86)\Buffering6.jpg [2007.03.04 13:30:28 | 000,039,035 | ---- | C] () -- C:\Program Files (x86)\Buffering4.jpg [2007.03.04 13:30:28 | 000,039,033 | ---- | C] () -- C:\Program Files (x86)\Buffering3.jpg [2007.03.04 13:30:28 | 000,039,020 | ---- | C] () -- C:\Program Files (x86)\Buffering7.jpg ========== ZeroAccess Check ========== [2011.11.18 22:55:05 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\@ [2013.07.20 23:04:12 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L [2013.07.22 15:17:59 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U [2013.07.22 13:37:44 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L\00000004.@ [2013.07.16 23:15:31 | 000,002,048 | ---- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\00000004.@ [2013.07.15 15:09:54 | 000,001,024 | ---- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\00000008.@ [2013.07.16 23:15:31 | 000,001,632 | ---- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\000000cb.@ [2013.07.16 23:15:31 | 000,015,360 | ---- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000000.@ [2013.07.22 15:17:59 | 000,091,648 | ---- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000032.@ [2013.07.22 13:37:19 | 000,077,312 | ---- | M] () -- C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000064.@ [2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [2013.07.22 09:49:26 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini [2013.07.22 09:49:26 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2009.04.22 10:07:11 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\.purple [2010.03.11 20:26:07 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\2monkeys [2011.12.13 23:26:39 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Absolutist [2011.07.23 20:22:27 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Ace [2009.11.17 23:18:31 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Aisle 5 Games, Inc [2012.12.28 21:58:38 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Alawar [2013.03.06 21:58:22 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Alawar Entertainment [2012.12.31 16:42:33 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Alawar Stargaze [2013.02.01 15:06:59 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\AlawarEntertainment [2011.07.09 12:37:17 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Amazon [2010.02.17 21:12:56 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Anabel [2013.02.25 15:25:31 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Anarchy [2009.08.13 19:43:05 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Ancient Quest of Saqqarah__intenium [2011.05.24 12:57:10 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Anthropics [2013.01.10 20:37:15 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Artifex Mundi [2013.07.15 13:08:20 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Astro Gemini Software [2010.02.16 22:20:19 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Awem [2011.10.21 20:47:39 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\becker [2013.02.16 21:25:22 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Big Fish Games [2012.08.23 13:48:04 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Boolat Games [2013.01.13 14:11:51 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Boomzap [2011.02.06 15:22:03 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Carambis [2009.10.07 23:10:24 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\casanova [2013.01.18 15:41:25 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\cerasus.media [2013.07.15 13:16:18 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Common [2013.03.02 17:39:38 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DailyMagic [2013.07.15 13:17:30 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DataMgr [2012.11.09 14:50:05 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Deep Shadows [2010.01.22 00:26:50 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Dekovir [2011.03.11 09:18:13 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Delfyn Software [2011.11.30 22:02:54 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DesktopIconForAmazon [2013.01.31 12:08:54 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DieselPuppet [2011.05.06 11:09:57 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DivoGames [2010.05.12 19:52:28 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Dream Aquarium [2009.09.07 23:01:17 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DreamDale [2013.03.17 22:19:43 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DVDVideoSoft [2011.04.02 22:18:44 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\DVDVideoSoftIEHelpers [2009.07.29 23:07:29 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\EleFun Desktops [2010.03.19 19:11:55 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\ElementalsTheMagicKey [2013.01.13 15:17:16 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Enki Games [2013.01.01 17:43:24 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\ERS G-Studio [2013.02.04 16:32:47 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\ERS Game Studios [2009.09.22 23:52:03 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\FlyWheelGames [2011.05.06 11:04:46 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Friday's games [2011.10.08 19:38:00 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Funswitch [2010.05.12 10:58:04 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Gamers Digital [2010.02.16 21:51:04 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Games [2012.11.13 15:39:13 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\GetRightToGo [2012.11.09 15:18:42 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Gogii [2012.11.08 14:26:30 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\HipSoft [2009.04.26 19:20:01 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\ICQ [2011.11.02 15:54:50 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Imaxel [2013.02.27 16:21:41 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Inertia Game Studios [2011.04.08 15:54:01 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Intenium [2009.08.13 11:58:13 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Inteniumv1002 [2013.07.21 19:47:09 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Intermediate [2009.10.15 02:04:40 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Magic Academy 2 [2009.08.11 14:20:07 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Magic Match [2009.09.07 22:58:50 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\MagicBall4 [2009.08.18 23:19:23 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Magus [2013.02.16 18:47:25 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Mariaglorum [2012.01.13 14:20:27 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Marine Aquarium 3 [2012.03.02 12:00:09 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\McLoad [2009.09.08 09:37:16 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\md studio [2010.04.21 12:03:33 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Meridian93 [2010.03.26 13:56:09 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\MissTeriTale3 [2009.09.28 22:47:20 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\My Games [2012.07.02 22:26:53 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Mystery of Mortlake Mansion [2010.05.08 17:31:41 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Nevosoft Games [2013.02.21 16:48:23 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Orneon [2010.01.16 23:05:03 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PC Suite [2009.08.18 22:15:42 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Peace Craft [2011.06.29 21:27:58 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PeaceCraft2 [2009.10.03 18:47:28 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PeerNetworking [2013.07.15 13:16:18 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PiccShare [2013.01.16 14:13:13 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PlayFavoriteGames [2009.08.23 17:34:15 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PlayFirst [2012.10.29 13:45:11 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PlayPond [2010.05.08 14:34:58 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Playrix Entertainment [2011.12.26 14:17:01 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\ProtectDisc [2013.06.30 20:53:57 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\PuzzleLab [2012.11.17 21:20:32 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Rumbic Studio [2012.08.23 14:07:48 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Sahmon Games [2011.02.06 16:11:44 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Samsung [2013.07.15 13:17:30 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\SCheck [2009.04.24 13:10:32 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\SecondLife [2009.08.23 12:32:23 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\SecretIslandDeuBF [2011.03.05 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Settlement. Colossus [2010.06.26 16:49:38 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\ShinyTales [2010.05.22 14:06:16 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Silverback Productions [2012.07.17 22:14:24 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\SMIGames [2013.07.21 19:46:37 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Snz [2009.05.02 19:26:59 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\soul.im [2009.04.11 23:33:01 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\SoundSpectrum [2009.08.05 22:55:15 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\SpinTop Games [2013.07.15 13:17:30 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\SSync [2009.07.10 18:03:51 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Super-Cow [2009.04.22 07:30:41 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Template [2010.01.29 23:52:47 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\TitanicMystery [2013.01.14 14:50:41 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Top Evidence [2009.09.07 23:08:46 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Total Eclipse [2009.04.11 18:45:13 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\TuneUp Software [2010.02.16 21:53:34 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\V-Games [2010.04.10 12:40:31 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\VampireSaga [2013.02.27 21:52:10 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Vogat Interactive [2012.08.05 20:53:58 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\WendigoStudios [2013.07.15 13:07:50 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Windows Net Data [2011.05.07 21:55:24 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\YoudaGames [2009.07.10 17:59:16 | 000,000,000 | ---D | M] -- C:\Users\Gnubbi\AppData\Roaming\Zylom ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:08993BCD @Alternate Data Stream - 187 bytes -> C:\ProgramData\TEMP:2AD33723 @Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:4EFA2FC7 @Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:1416AAA6 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:0BCD47A5 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6E2D80C8 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:526B3022 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:8A459C3C @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:DDF112BD @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:104A1C3E @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:1957F8A9 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:12258D63 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A9562832 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0BC72B1F @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E2458802 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:8D5A0C4E @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2AF322BF @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5E8C18F1 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:587F3582 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:F264BECE @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:062AF572 @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:12A8EFF7 < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.07.2013 15:19:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gnubbi\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19443)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 66,69% Memory free
8,20 Gb Paging File | 6,64 Gb Available in Paging File | 80,96% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,69 Gb Total Space | 321,72 Gb Free Space | 55,31% Space Free | Partition Type: NTFS
Drive D: | 14,48 Gb Total Space | 2,00 Gb Free Space | 13,82% Space Free | Partition Type: NTFS
Computer Name: GNUBBI-TEILCHEN | User Name: Gnubbi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 65 CD 36 17 5A 53 CA 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B56EB3-C5B8-421C-3AC5-D47F07CBEFCB}" = ccc-utility64
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82D52DEB-4262-2846-07E5-2D5A6C3C9A01}" = ATI AVIVO64 Codecs
"{866FADAA-D878-8B7A-738D-E6659493108D}" = ATI Problem Report Wizard
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{057457E5-2C85-18F9-047E-E7967617E29B}" = CCC Help Japanese
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A60AEBF-9713-2B83-D68E-5587B5A88C07}" = CCC Help Czech
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{149F9A5E-889D-474B-BA15-AFA0E614E5EA}_is1" = 100 Prozent Wimmelbild
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15F52B39-04CB-4EDB-9A8C-496C4A5588E2}" = Rayman 3
"{1AD5C939-FF2D-8F94-2262-4234F61427CD}" = CCC Help Finnish
"{1C0935E3-8FC6-55E8-6795-A3CDD60BE8A9}" = CCC Help Swedish
"{1CB31513-EBD1-2459-0856-C05E4408EE7F}" = CCC Help Danish
"{1E99F8BD-85B0-4660-B756-1559E1BED376}" = Create™
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21A15356-D9F7-43AC-9545-0B520F001B73}" = DigiFish Dolphin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}" = ebgcSDK
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3BC2CEA9-41F0-E6B0-EC71-CE2D59ED674C}" = CCC Help Norwegian
"{3CCE46D9-16CC-CBFC-9B19-A39D91BFA061}" = CCC Help Greek
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{437B2D30-C07F-E54B-9233-E53DA623FC44}" = CCC Help Spanish
"{46390857-C554-4F37-A888-9BEEC4241CC6}_is1" = Amazonia
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{564E996B-604A-07D4-4046-9E853A198820}" = CCC Help Polish
"{59FE3F4B-EBD0-40A9-9723-41BA09997F98}" = Necronomicon
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61B8FF9A-E7A4-0500-34C9-2A218825F09C}" = Catalyst Control Center InstallProxy
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67445258-659C-4375-BAB5-AEACEDCE532C}" = Aqua Real 2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6BEEC8A0-D37D-11DB-6784-02BAAF0918BE}" = Dolphin Dreams 5
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{72B42C29-3838-1533-679F-313FF4858DFA}" = CCC Help Chinese Traditional
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76A00845-519C-69DF-B66D-15FE27207503}" = CCC Help Italian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{80A2925F-47CA-4569-719A-DCA01048A766}" = CCC Help Hungarian
"{8133A2C6-7D5A-2C48-8C74-279B0E98FEF4}" = Catalyst Control Center Localization All
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BBFFFA-806E-0316-D23C-8D6F8BEE652C}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F356627-3D0A-F5DF-B60E-04194A4CCF29}" = CCC Help French
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink Wireless LAN
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91AC4ECB-8C44-47CA-833D-0769B8CD0E7E}_is1" = Mystery Stories - Expedition des Grauens
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96DA5DBF-C3A5-BEBB-93F4-EB1601B71B32}" = Catalyst Control Center Graphics Previews Common
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC4EC21-549B-4F8D-A9DD-0403411CB618}" = DigiFish Seahorse
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C362EEE-BEDE-4E97-9930-8F463B95BFF0}_is1" = Mystery Stories - Das Geisterschiff
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAFD160A-2333-40D8-AA25-42D1989CA0F2}" = Toy Story 3
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61C7CA4-4604-B116-8C44-9F0539839542}" = CCC Help Chinese Standard
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B94C6815-7BCC-4124-AC39-9208A06FFFA7}" = Disney-Pixar Ratatouille
"{BB2D1EC1-A6FE-F428-86C8-D01DBE122E03}" = CCC Help Portuguese
"{C1DE66B8-BFBB-0678-7D68-ACBC6A9EFD0C}" = CCC Help German
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9BBA7E5-D502-1831-5BFA-2FFB3DFBBE83}" = Catalyst Control Center Profiles Desktop
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB1473AA-C77B-295B-BE3E-F8EDD8227E21}" = CCC Help Dutch
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB33664C-5683-40AB-B968-01276F6F3446}" = ebgcRes
"{CD4ABC29-0547-388C-B8BC-EF88333E5C2E}" = Google Chrome Frame
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3FF1277-6444-4466-ABE0-FD884920507C}" = CCC Help Russian
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump 1.0.1.4
"{D8A8894A-B875-8206-E820-B27BCD72C5A0}" = HydraVision
"{DA9DAC64-C947-47BA-B411-8A1959B177CF}" = LightScribe System Software 1.14.25.1
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DDDDEDE3-1C38-4B1E-91D0-01954310A7CE}" = PC Sync Manager
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DE7A7E11-DC47-41FC-9E0A-D388FEDC9EC0}_is1" = Tibor
"{E0263586-7C3E-8912-4E3B-88C6EEC0DDB1}" = ccc-core-static
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E915496B-A802-E211-B241-A7BBFC7F04F5}" = CCC Help Thai
"{E935DF41-EB7A-4519-93E8-C5822EB5B6D6}" = Alice im Wunderland
"{EAFDF0CA-5DDA-4666-A3C2-4FD6CBFB97BC}" = CCC Help Korean
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1103ACB-5652-43E3-B210-8DC9667BEEED}" = Aqua Real 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F405DC00-37F3-4A5F-97F4-C1310CCEE53A}" = HP Easy Setup - Frontend
"{FB542613-B395-41D2-B24A-4DAD6CC1327B}_is1" = Black Mirror 2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1001 Nacht: Die Abenteuer von Sindbad" = 1001 Nacht: Die Abenteuer von Sindbad
"3-D Jellyfish DemoESD" = 3-D Jellyfish DemoESD Screen Saver
"3D Starry Night Screensaver" = 3D Starry Night Screensaver
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.4
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ancient Castle 3D Screensaver_is1" = Ancient Castle 3D Screensaver 1.1
"Aranjas 2" = Aranjas 2
"Astro Gemini Screensaver Manager_is1" = Astro Gemini Screensaver Manager 2.0
"AstroPop Deluxe_is1" = AstroPop Deluxe
"Atomica Deluxe_is1" = Atomica Deluxe
"Aurora 14.0a2 (x86 de)" = Aurora 14.0a2 (x86 de)
"Autumn Forest 3D Screensaver and Animated Wallpaper_is1" = Autumn Forest 3D Screensaver and Animated Wallpaper 1.0
"Autumn Wonderland 3D Screensaver and Animated Wallpaper_is1" = Autumn Wonderland 3D Screensaver and Animated Wallpaper 1.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bejeweled 2 Deluxe_is1" = Bejeweled 2 Deluxe
"BFG-9 - The Dark Side" = 9: The Dark Side
"BFGC" = Big Fish Games: Game Manager
"BFG-Dark Arcana - Die Spiegelwelt" = Dark Arcana: Die Spiegelwelt
"BFG-Dark Dimensions - Stadt im Nebel Sammleredition" = Dark Dimensions: Stadt im Nebel Sammleredition
"BFG-Dark Ritual" = Dark Ritual
"BFG-Dark Tales - Das vorzeitige Begraebnis von Edgar Allan Poe" = Dark Tales: Das vorzeitige Begrabnis von Edgar Allan Poe
"BFG-Dark Tales - Der Mord in der Rue Morgue von Edgar Allan Poe Sammleredition" = Dark Tales:™ Der Mord in der Rue Morgue von Edgar Allan Poe Sammleredition
"BFG-Der Exorzist" = Der Exorzist
"BFG-FACES" = F.A.C.E.S.
"BFG-Gravely Silent - Haus des Schreckens Sammleredition" = Gravely Silent: Haus des Schreckens Sammleredition
"BFG-Haunted Halls - Die Rache des Dr Blackmore Sammleredition" = Haunted Halls: Die Rache des Dr. Blackmore Sammleredition
"BFG-Haunted Manor - Der Herr der Spiegel Sammleredition" = Haunted Manor: Der Herr der Spiegel Sammleredition
"BFG-Haus der 1000 Tueren - Familiengeheimnisse Sammleredition" = Haus der 1000 Türen - Familiengeheimnisse Sammleredition
"BFG-Mystery Legends - Beauty and the Beast" = Mystery Legends: Beauty and the Beast
"BFG-Mystery of the Ancients - Der Fluch des Schwarzen Wassers Sammleredition" = Mystery of the Ancients: Der Fluch des Schwarzen Wassers Sammleredition
"BFG-Phenomenon - Meteorit Sammleredition" = Phenomenon: Meteorit Sammleredition
"BFG-Sacra Terra - Nacht der Engel Sammleredition" = Sacra Terra: Nacht der Engel Sammleredition
"BFG-Secrets of the Dark - Der finstere Berg" = Secrets of the Dark: Der finstere Berg
"BFG-Weird Park - Schraege Toene Sammleredition" = Weird Park: Schräge Töne Sammleredition
"BFG-Weird Park - Unheimliche Maerchen" = Weird Park - Unheimliche Märchen
"Black Mirror III_is1" = Black Mirror III
"Bud Redhead" = Bud Redhead
"Build-a-lot Fairy Tales" = Build-a-lot Fairy Tales
"BurnAware Free_is1" = BurnAware Free 2.3.7
"Caribbean Islands 3D Screensaver and Animated Wallpaper_is1" = Caribbean Islands 3D Screensaver and Animated Wallpaper 1.1
"Christmas Cards Screensaver_is1" = Christmas Cards Screensaver 1.0
"Coral Reef 3D Screensaver and Animated Wallpaper_is1" = Coral Reef 3D Screensaver and Animated Wallpaper 1.1
"Das gelobte Land" = Das gelobte Land
"Das Reich des Drachen" = Das Reich des Drachen
"Das Smaragd-Riff" = Das Smaragd-Riff
"Das Vermächtnis der Insel (Vorschau)" = Das Vermächtnis der Insel (Vorschau)
"Der Exorzist III: Geburt der Finsternis" = Der Exorzist III: Geburt der Finsternis
"Der Fall Dillinger" = Der Fall Dillinger
"DEUTSCHLAND SPIELT Spiele Post" = DEUTSCHLAND SPIELT Spiele Post
"Die Fisch-Oase 2" = Die Fisch-Oase 2
"Die Fisch-Oase H2O" = Die Fisch-Oase H2O
"Die Romantik Roms" = Die Romantik Roms
"Die Sage von Kolossus" = Die Sage von Kolossus
"Die Vergessenen Kinder" = Die Vergessenen Kinder
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm Digi Foto" = dm Digi Foto
"DNAGame" = DNAGame
"Drawn - Der Turm 1.00" = Drawn - Der Turm 1.00
"Draxonflys Guild Wars Screensaver 1_is1" = Draxonflys Guild Wars Screensaver 1
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Earth 3D Space Tour screensaver_is1" = Earth 3D Space Tour screensaver v1.1
"Elementals: Der Magische Schlüssel" = Elementals: Der Magische Schlüssel
"Empress of the Deep" = Empress of the Deep
"Escape from Lost Island" = Escape from Lost Island
"Escape Rosecliff Island" = Escape Rosecliff Island
"Ewige Reise: Das neue Atlantis" = Ewige Reise: Das neue Atlantis
"Faraway Planet 3D Screensaver_is1" = Faraway Planet 3D Screensaver 1.0
"Flucht aus dem Paradies" = Flucht aus dem Paradies
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.2
"Free Studio_is1" = Free Studio version 5.1.5
"Free YouTube Download_is1" = Free YouTube Download version 2.10.28
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Garten-Glück" = Garten-Glück
"Garten-Glück: Jetzt wird renoviert! Sammleredition" = Garten-Glück: Jetzt wird renoviert! Sammleredition
"Guild Wars" = GUILD WARS
"Guild Wars 2" = Guild Wars 2
"GuildWars Visions_is1" = GuildWars Visions v1.08
"Hidden Magic" = Hidden Magic
"Hide And Secret 3" = Hide And Secret 3
"Hinter dem Spiegel 2 - Die Rache der Hexe" = Hinter dem Spiegel 2 - Die Rache der Hexe
"Infected: Der Zwillings-Impfstoff" = Infected: Der Zwillings-Impfstoff
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Jack of all Tribes" = Jack of all Tribes
"Jumpin’ Jack" = Jumpin’ Jack
"Kinder des Mondes" = Kinder des Mondes
"Koi Fish 3D Screensaver and Animated Wallpaper_is1" = Koi Fish 3D Screensaver and Animated Wallpaper 2.0
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"Land der Magie" = Land der Magie
"Living Waterfalls Screensaver" = Living Waterfalls Screensaver
"Lost Souls - Die verzauberten Gemälde" = Lost Souls - Die verzauberten Gemälde
"Luxor Adventures" = Luxor Adventures
"Magic Encyclopedia – Mondschein" = Magic Encyclopedia – Mondschein
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Moonlight Match: Eine zauberhafte Nacht" = Moonlight Match: Eine zauberhafte Nacht
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mystery of Mortlake Mansion_is1" = Mystery of Mortlake Mansion
"Nächtliche Stadt 3D Bildschirmschoner_is1" = Nächtliche Stadt 3D Bildschirmschoner 1.0
"Nature 3D Screensaver_is1" = Nature 3D Screensaver 1.1
"Odyssee ins Ungewisse" = Odyssee ins Ungewisse
"PC-Doctor for Windows" = Hardware Diagnose Tools
"PhotoFiltre" = PhotoFiltre
"Picasa 3" = Picasa 3
"Portrait Professional 6_is1" = Portrait Professional 6.3
"Portrait Professional Studio 9_is1" = Portrait Professional Studio 9.0
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Ritter Arthur II" = Ritter Arthur II
"RocketDock_is1" = RocketDock 1.3.5
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Sandra Fleming Chronicles – Crystal Skulls" = Sandra Fleming Chronicles – Crystal Skulls
"Sandy Beach 3D Screensaver and Animated Wallpaper_is1" = Sandy Beach 3D Screensaver and Animated Wallpaper 1.0
"Scarlett Frost und das Theater des Schreckens" = Scarlett Frost und das Theater des Schreckens
"SereneScreen Marine Aquarium 3_is1" = SereneScreen Marine Aquarium 3
"Shaman Odyssey" = Shaman Odyssey
"Snow Village 3D Screensaver_is1" = Snow Village 3D Screensaver 1.1
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Stadt der Angst" = Stadt der Angst
"Stray Souls: Das Haus Der Puppen Sammleredition" = Stray Souls: Das Haus Der Puppen Sammleredition
"Sunny Patio 3D Screensaver and Animated Wallpaper_is1" = Sunny Patio 3D Screensaver and Animated Wallpaper 1.1
"T2002 V1.0" = T2002 V1.0
"Tatort Museum 2" = Tatort Museum 2
"The Island: Castaway" = The Island: Castaway
"The Island: Castaway 2" = The Island: Castaway 2
"The Void_is1" = The Void
"TipTop Deluxe_is1" = TipTop Deluxe
"Tropical Fish 3D Screensaver and Animated Wallpaper_is1" = Tropical Fish 3D Screensaver and Animated Wallpaper 1.2
"Trügerische Zuflucht: White Haven Mysteries" = Trügerische Zuflucht: White Haven Mysteries
"Tulula: Die Legende des Vulkans" = Tulula: Die Legende des Vulkans
"TwinkleGLSetup" = TwinkleGL Screen Saver
"Twisted Lands - Insomniac" = Twisted Lands - Insomniac
"Twisted Lands: Der Anfang" = Twisted Lands: Der Anfang
"Uninstall_is1" = Uninstall 1.0.0.1
"Vampireville" = Vampireville
"Vampirsaga: Büchse der Pandora" = Vampirsaga: Büchse der Pandora
"Voodoo Chroniken: Erstes Zeichen" = Voodoo Chroniken: Erstes Zeichen
"Voodoo Whisperer: Fluch einer Legende" = Voodoo Whisperer: Fluch einer Legende
"Watermill 3D Screensaver_is1" = Watermill 3D Screensaver 2.0
"White Christmas 3D Screensaver and Animated Wallpaper_is1" = White Christmas 3D Screensaver and Animated Wallpaper 1.0
"WhiteCap" = WhiteCap
"Wildflowers 3D Screensaver and Animated Wallpaper_is1" = Wildflowers 3D Screensaver and Animated Wallpaper 1.1
"Windows Utils" = Windows Utils
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Youda Survivor" = Youda Survivor
"Zeit der Abenteuer: Der Held in dir" = Zeit der Abenteuer: Der Held in dir
"Zuma Deluxe_is1" = Zuma Deluxe
"Zuma’s Revenge! Abenteuer" = Zuma’s Revenge! Abenteuer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PiccShare" = PiccShare
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 22.07.2013 09:16:01 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xc70, Anwendungsstartzeit
01ce86dd9c9f7c5e.
Error - 22.07.2013 09:18:09 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xe48, Anwendungsstartzeit
01ce86dde8c496be.
Error - 22.07.2013 09:19:16 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xcdc, Anwendungsstartzeit
01ce86de10c7535e.
Error - 22.07.2013 09:20:23 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xf38, Anwendungsstartzeit
01ce86de38cc1b6e.
Error - 22.07.2013 09:21:29 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0x5d4, Anwendungsstartzeit
01ce86de6057d34e.
Error - 22.07.2013 09:22:41 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0x93c, Anwendungsstartzeit
01ce86de87bb13ce.
Error - 22.07.2013 09:23:47 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xd44, Anwendungsstartzeit
01ce86deb2a47d6e.
Error - 22.07.2013 09:24:54 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0x528, Anwendungsstartzeit
01ce86deda136e1e.
Error - 22.07.2013 09:26:00 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xdcc, Anwendungsstartzeit
01ce86df018c1afe.
Error - 22.07.2013 09:27:06 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xca4, Anwendungsstartzeit
01ce86df28d9ef1e.
Error - 22.07.2013 09:28:12 | Computer Name = Gnubbi-Teilchen | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel
0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xfa0, Anwendungsstartzeit
01ce86df507b135e.
[ System Events ]
Error - 21.07.2013 13:47:01 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7023
Description =
Error - 21.07.2013 13:47:01 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7003
Description =
Error - 21.07.2013 13:47:01 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7003
Description =
Error - 21.07.2013 13:47:01 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7026
Description =
Error - 22.07.2013 03:49:20 | Computer Name = Gnubbi-Teilchen | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 22.07.2013 03:49:28 | Computer Name = Gnubbi-Teilchen | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
Error - 22.07.2013 03:51:10 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7023
Description =
Error - 22.07.2013 03:51:10 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7003
Description =
Error - 22.07.2013 03:51:10 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7003
Description =
Error - 22.07.2013 03:51:10 | Computer Name = Gnubbi-Teilchen | Source = Service Control Manager | ID = 7026
Description =
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-22 17:22:48
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Gnubbi\AppData\Local\Temp\awroqpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600013f700 3 bytes [40, 83, 02]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 4 fffff9600013f704 3 bytes [C1, BB, FA]
---- User code sections - GMER 2.1 ----
.reloc C:\Windows\system32\services.exe [664] section is executable [0x4A8, 0xA0000020] 000000010005f000
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\syswow64\USER32.dll!GetCursorPos 0000000075ad8100 5 bytes JMP 0000000100bf000a
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamAorW 0000000075af2444 5 bytes JMP 0000000100c0000a
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000756d9f3e 5 bytes JMP 0000000100bd000a
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 00000000737b4be0 5 bytes JMP 0000000100bb000a
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 00000000737d0451 5 bytes JMP 0000000100bc000a
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 00000000004411a8 2 bytes [44, 00]
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 249 000000000044127e 2 bytes CALL 7558186e C:\Windows\syswow64\kernel32.dll
.text ... * 6
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 00000000004413a8 2 bytes [44, 00]
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000000441422 2 bytes [44, 00]
.text C:\Windows\SysWOW64\svchost.exe[3508] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000000441498 2 bytes [44, 00]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\services.exe [664:704] 0000000000a71e58
Thread C:\Windows\system32\services.exe [664:824] 0000000000b01808
Thread C:\Windows\system32\services.exe [664:3496] 0000000000fd4c70
Thread C:\Windows\system32\services.exe [664:2896] 0000000000fd4550
Thread C:\Windows\system32\services.exe [664:1700] 0000000000fd8e90
Thread C:\Windows\SysWOW64\svchost.exe [3508:3792] 0000000074d48920
Thread C:\Windows\SysWOW64\svchost.exe [3508:4056] 0000000074d482a0
Thread C:\Windows\SysWOW64\svchost.exe [3508:3620] 0000000074d48260
Thread C:\Windows\SysWOW64\svchost.exe [3508:1844] 0000000074d480e0
---- Processes - GMER 2.1 ----
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [608] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\lsass.exe [676] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [944] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [368] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [320] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [524] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1040] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1180] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1668] (Microsoft Windows Sockets 2.0 Service Provider/Microsoft Corporation)(2009-10-20 21:36:39) 000007fefcb70000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{7522cba3-6a98-41e9-a9be-139b668109e5}@Dhcpv6State 0
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Files - GMER 2.1 ----
File C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui 41984 bytes executable
File C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui 20480 bytes executable
File C:\Program Files\Windows Defender\de-DE\MsMpRes.dll.mui 59392 bytes executable
---- EOF - GMER 2.1 ----
Geändert von Phaitan (22.07.2013 um 16:58 Uhr) Grund: Tippfehler |
|
22.07.2013, 17:02
| #2 |
| /// the machine /// TB-Ausbilder    | TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
22.07.2013, 18:20
| #3 |
| | TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC Danke für die schnelle Antwort.
__________________Einmal FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by Gnubbi (administrator) on 22-07-2013 19:17:15
Running from C:\Users\Gnubbi\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Users\Gnubbi\RocketDock\RocketDock.exe
(Windows Net) C:\Users\Gnubbi\AppData\Roaming\Windows Net Data\net.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\system32\wermgr.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\RunOnce: [3dlagunabeachscreensaver] - "C:\Users\Gnubbi\AppData\Local\Temp\BI_RunOnce.exe" /affid "3dlagunabeachscreensaver" /id "3dlagunabeachscreensaver" /name "3D LagunaBeach Screensaver" [228432 2013-04-30] (Somoto Ltd.)
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKCU\...\Run: [RocketDock] - C:\Users\Gnubbi\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [SSync] - C:\Users\Gnubbi\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [DataMgr] - C:\Users\Gnubbi\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-06-26] (HTTO Group, Ltd.)
HKCU\...\Run: [SCheck] - C:\Users\Gnubbi\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [Snoozer] - C:\Users\Gnubbi\AppData\Roaming\Snz\Snz.exe [1137673 2013-07-21] ()
HKCU\...\Run: [Intermediate] - C:\Users\Gnubbi\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
MountPoints2: {65e9b171-37c0-11de-9b9e-00221558ad48} - J:\rnwlvb.exe
MountPoints2: {fa3cd6dd-7f5d-11df-b2fc-00221558ad48} - J:\AutoRun.exe
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKU\Administrator\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll c:\progra~2\websea~1\sprote~1.dll [972080 2008-07-03] ()
Startup: C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Gnubbi\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=42D400225F09AD59&affID=122450&tsp=4943
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/my_homepage/0022/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchrocket.info/?pid=658&r=2013/05/22&hid=2597692014&lg=EN&cc=DE&unqvl=16
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {F5C44D02-1CFC-4026-BBCC-E3514C88692E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM - {4CB690B1-11EC-457C-B66A-3003BC43F5E3} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {F5C44D02-1CFC-4026-BBCC-E3514C88692E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {4CB690B1-11EC-457C-B66A-3003BC43F5E3} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchrocket.info/?l=1&q={searchTerms}&pid=658&r=2013/05/22&hid=2597692014&lg=EN&cc=DE&unqvl=16
SearchScopes: HKLM-x32 - {F5C44D02-1CFC-4026-BBCC-E3514C88692E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
SearchScopes: HKCU - {01_TL-YODL-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_yodl&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {03_TL-GOOGLE-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {03_TL-TELEFONBUCH-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_telefonbuch&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {04_TL-AMAZON-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_amazon&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {05_TL-EBAY-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_ebay&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {07_TL-CONRAD-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_conrad&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {08_TL-OTTO-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_otto&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {09_TL-CLIPFISH-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_clipfish&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {10_TL-MYVIDEO-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_myvideo&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {11_TL-MUSICLOAD-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_musicload&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {4CB690B1-11EC-457C-B66A-3003BC43F5E3} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {F5C44D02-1CFC-4026-BBCC-E3514C88692E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PiccShare BHO - {553318DA-D010-469E-84B1-496563CAE1C0} - C:\Users\Gnubbi\AppData\Local\ext_piccshare\ext_piccshare.dll (HTTO Group, Ltd)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.)
Handler-x32: ipp - No CLSID Value -
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found ()
Winsock: Catalog9-x64 02 mswsock.dll File Not found ()
Winsock: Catalog9-x64 03 mswsock.dll File Not found ()
Winsock: Catalog9-x64 04 mswsock.dll File Not found ()
Winsock: Catalog9-x64 05 mswsock.dll File Not found ()
Winsock: Catalog9-x64 06 mswsock.dll File Not found ()
Winsock: Catalog9-x64 07 mswsock.dll File Not found ()
Winsock: Catalog9-x64 08 mswsock.dll File Not found ()
Winsock: Catalog9-x64 09 mswsock.dll File Not found ()
Winsock: Catalog9-x64 10 mswsock.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
FireFox:
========
FF ProfilePath: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.google.de/ig|hxxp://www.giga.de/my_homepage/0022/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\clipfish.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\conrad.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\discount24.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\musicload.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\myvideo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\otto.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\quelle.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\telefonbuch-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yodl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\zwunzi113.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\zwunzi115.xml
FF Extension: Amazon-Icon - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\amazon-icon@winload.de
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\ich@maltegoetz.de
FF Extension: Spartipps von SparPilot.com - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\sparpilot@sparpilot.com
FF Extension: om - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\om@offermosquito.com.xpi
FF Extension: toolbar - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [mail@gutscheinrausch.de] C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\extensions\mail@gutscheinrausch.de
FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\extensions\firejump@firejump.net
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: () - C:\Users\Gnubbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (Amazon-Icon) - C:\Users\Gnubbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Gnubbi\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [652360 2012-01-13] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.)
S4 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] ()
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-03-12] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-11] (Avira GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-03-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2004-12-30] (INCA Internet Co., Ltd.)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-04-27] (MCCI Corporation)
S3 dump_wmimmc; \??\C:\Program Files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S1 StarOpen; No ImagePath
U3 awroqpob; \??\C:\Users\Gnubbi\AppData\Local\Temp\awroqpob.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-22 19:16 - 2013-07-22 19:16 - 00000000 ____D C:\FRST
2013-07-22 19:15 - 2013-07-22 19:15 - 01779363 _____ (Farbar) C:\Users\Gnubbi\Desktop\FRST64.exe
2013-07-22 17:23 - 2013-07-22 17:23 - 00009619 _____ C:\Users\Gnubbi\Desktop\gmer.txt
2013-07-22 15:38 - 2013-07-22 15:38 - 00377856 _____ C:\Users\Gnubbi\Desktop\gmer_2.1.19163.exe
2013-07-22 15:29 - 2013-07-22 15:29 - 00065906 _____ C:\Users\Gnubbi\Desktop\Extras.Txt
2013-07-22 15:27 - 2013-07-22 15:27 - 00121358 _____ C:\Users\Gnubbi\Desktop\OTL.Txt
2013-07-22 15:15 - 2013-07-22 15:15 - 00602112 _____ (OldTimer Tools) C:\Users\Gnubbi\Desktop\OTL.exe
2013-07-22 15:15 - 2013-07-22 15:15 - 00000474 _____ C:\Users\Gnubbi\Desktop\defogger_disable.log
2013-07-22 15:15 - 2013-07-22 15:15 - 00000000 _____ C:\Users\Gnubbi\defogger_reenable
2013-07-22 15:14 - 2013-07-22 15:14 - 00050477 _____ C:\Users\Gnubbi\Desktop\Defogger.exe
2013-07-22 12:00 - 2013-07-22 15:08 - 00010235 _____ C:\Windows\SysWOW64\Sandy Beach.log
2013-07-22 12:00 - 2013-07-22 12:00 - 00000000 ____D C:\Program Files (x86)\Sandy Beach 3D Screensaver
2013-07-22 12:00 - 2013-02-06 10:47 - 02644504 _____ (3Planesoft) C:\Windows\SysWOW64\Sandy_Beach_3D_Screensaver.scr
2013-07-22 11:54 - 2013-07-22 15:23 - 00010325 _____ C:\Windows\SysWOW64\Caribbean Islands.log
2013-07-22 11:54 - 2013-07-22 11:54 - 00000000 ____D C:\Program Files (x86)\Caribbean Islands 3D Screensaver
2013-07-22 11:54 - 2013-04-04 17:19 - 02536992 _____ (3Planesoft) C:\Windows\SysWOW64\Caribbean_Islands_3D_Screensaver.scr
2013-07-21 19:46 - 2013-07-21 19:46 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Snz
2013-07-16 16:18 - 2010-10-12 10:28 - 00421744 _____ C:\Windows\system32\Drivers\etc\hosts.20130716-161851.backup
2013-07-16 16:18 - 2010-10-12 10:28 - 00421744 _____ C:\Windows\system32\Drivers\etc\hosts.20130716-161827.backup
2013-07-15 14:16 - 2013-07-22 19:12 - 00009043 _____ C:\Windows\SysWOW64\Tropical Fish.log
2013-07-15 14:16 - 2013-07-15 14:16 - 00000000 ____D C:\Program Files (x86)\Tropical Fish 3D Screensaver
2013-07-15 14:16 - 2013-02-06 11:01 - 02511384 _____ (3Planesoft) C:\Windows\SysWOW64\Tropical_Fish_3D_Screensaver.scr
2013-07-15 14:05 - 2013-07-15 14:05 - 00197120 _____ (ScreenTime Media) C:\Windows\SysWOW64\3-D Jellyfish DemoESD.scr
2013-07-15 14:05 - 2013-07-15 14:05 - 00000000 ____D C:\Windows\SysWOW64\3-D Jellyfish DemoESD dir
2013-07-15 13:17 - 2013-07-22 18:32 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-15 13:17 - 2013-07-22 09:49 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 13:17 - 2013-07-21 19:47 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Intermediate
2013-07-15 13:17 - 2013-07-16 09:27 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 13:17 - 2013-07-16 09:27 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\SSync
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\SCheck
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\DataMgr
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\ext_piccshare
2013-07-15 13:16 - 2013-07-15 13:16 - 00000871 _____ C:\Users\Administrator\Desktop\Earth 3D Space Tour.lnk
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\PiccShare
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Common
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Program Files (x86)\3D Space Tour
2013-07-15 13:08 - 2013-07-15 13:08 - 00001079 _____ C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\View My Screensavers.lnk
2013-07-15 13:08 - 2013-07-15 13:08 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Astro Gemini Software
2013-07-15 13:08 - 2007-11-06 18:46 - 00106496 _____ C:\Windows\SysWOW64\Astro Gemini Screensaver Manager.scr
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\ChromeExtensions
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Windows Net Data
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Tempd859abcc6d9b14452ff9125efb5084c2
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Tempcbef2bd2ff1ab5bdb78c8808e08fc05e
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Temp75647aea5aa07b4ca02750042d58fa47
2013-07-14 14:11 - 2013-07-14 14:11 - 00003320 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-14 14:11 - 2013-07-14 14:11 - 00000000 ____D C:\Program Files (x86)\ScreenSaverGift
2013-07-10 22:40 - 2013-07-10 22:40 - 00002030 _____ C:\Users\Administrator\Desktop\Mehr Bildschirmschonern.lnk
2013-07-10 22:40 - 2013-07-10 22:40 - 00000827 _____ C:\Users\Administrator\Desktop\Nächtliche Stadt 3D Bildschirmschoner.lnk
2013-07-10 22:40 - 2007-04-03 13:52 - 00002303 _____ C:\Windows\SysWOW64\NaechtlicheStadt3DBildschirmschoner.html
2013-07-10 22:40 - 2007-04-03 13:51 - 12460032 _____ C:\Windows\SysWOW64\Nächtliche Stadt 3D Bildschirmschoner.scr
2013-07-10 12:41 - 2013-06-04 04:03 - 02775040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 12:41 - 2013-06-01 06:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 12:41 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 12:41 - 2013-05-29 13:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 12:41 - 2013-05-29 13:30 - 00916480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 12:41 - 2013-05-29 13:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 12:41 - 2013-05-29 13:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-10 12:41 - 2013-05-29 13:26 - 06016000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 12:41 - 2013-05-29 13:26 - 00611840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-07-10 12:41 - 2013-05-29 13:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 12:41 - 2013-05-29 13:25 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 12:41 - 2013-05-29 13:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-10 12:41 - 2013-05-29 13:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-10 12:41 - 2013-05-29 13:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 11111424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 02004992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-10 12:41 - 2013-05-29 13:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 12:41 - 2013-05-29 11:47 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-10 12:41 - 2013-05-29 10:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-10 12:41 - 2013-05-29 10:06 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-10 12:41 - 2013-05-29 10:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-10 12:41 - 2013-05-29 10:04 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 12:41 - 2013-05-29 09:12 - 01489408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 12:41 - 2013-05-29 09:12 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 12:41 - 2013-05-29 09:12 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 12:41 - 2013-05-29 09:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-10 12:41 - 2013-05-29 09:09 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 09339904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 12509184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 02356736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 12:41 - 2013-05-29 09:07 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 12:41 - 2013-05-29 07:59 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-10 12:41 - 2013-05-29 06:27 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 12:41 - 2013-05-29 06:26 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 12:41 - 2013-05-29 06:24 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-10 12:41 - 2013-05-29 06:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 12:41 - 2013-05-08 06:18 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 12:41 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 12:41 - 2013-04-17 14:32 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-10 12:41 - 2013-04-17 14:32 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-10 12:41 - 2013-04-17 14:32 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-10 12:41 - 2013-04-17 14:32 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-10 12:41 - 2013-04-17 13:29 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-10 12:41 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-10 12:41 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-10 12:41 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-10 12:41 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-10 12:41 - 2013-04-17 13:27 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-10 12:41 - 2013-04-17 13:02 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-10 12:41 - 2013-04-17 12:58 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 12:41 - 2013-04-17 12:58 - 01149440 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-10 12:41 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-10 12:41 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-10 12:41 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-10 12:41 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-07 15:55 - 2013-07-07 15:55 - 00000032 _____ C:\Windows\setup.INI
2013-07-03 13:13 - 2013-07-03 13:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 20:53 - 2013-06-30 20:53 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\PuzzleLab
2013-06-30 20:45 - 2013-06-30 20:52 - 00000000 ____D C:\Program Files (x86)\Phenomenon - Meteorit Sammleredition
2013-06-30 20:45 - 2013-06-30 20:45 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phenomenon - Meteorit Sammleredition
2013-06-26 08:53 - 2013-06-26 08:53 - 00044216 _____ C:\Users\Gnubbi\AppData\Local\ext_piccshare_uninst.exe
2013-06-23 18:03 - 2013-06-23 18:03 - 03455486 ____N () C:\Users\Gnubbi\Downloads\jellyfish-demo.exe
2013-06-23 18:03 - 2013-06-23 18:03 - 00427920 _____ C:\Users\Gnubbi\AppData\Local\dd_vcredistMSI4353.txt
2013-06-23 18:03 - 2013-06-23 18:03 - 00011402 _____ C:\Users\Gnubbi\AppData\Local\dd_vcredistUI4353.txt
==================== One Month Modified Files and Folders =======
2013-07-22 19:16 - 2013-07-22 19:16 - 00000000 ____D C:\FRST
2013-07-22 19:15 - 2013-07-22 19:15 - 01779363 _____ (Farbar) C:\Users\Gnubbi\Desktop\FRST64.exe
2013-07-22 19:14 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-22 19:14 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-22 19:12 - 2013-07-15 14:16 - 00009043 _____ C:\Windows\SysWOW64\Tropical Fish.log
2013-07-22 19:12 - 2012-03-30 08:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-22 18:32 - 2013-07-15 13:17 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-22 17:23 - 2013-07-22 17:23 - 00009619 _____ C:\Users\Gnubbi\Desktop\gmer.txt
2013-07-22 15:59 - 2012-12-14 21:28 - 00007274 _____ C:\Windows\SysWOW64\Snow Village.log
2013-07-22 15:38 - 2013-07-22 15:38 - 00377856 _____ C:\Users\Gnubbi\Desktop\gmer_2.1.19163.exe
2013-07-22 15:29 - 2013-07-22 15:29 - 00065906 _____ C:\Users\Gnubbi\Desktop\Extras.Txt
2013-07-22 15:27 - 2013-07-22 15:27 - 00121358 _____ C:\Users\Gnubbi\Desktop\OTL.Txt
2013-07-22 15:23 - 2013-07-22 11:54 - 00010325 _____ C:\Windows\SysWOW64\Caribbean Islands.log
2013-07-22 15:15 - 2013-07-22 15:15 - 00602112 _____ (OldTimer Tools) C:\Users\Gnubbi\Desktop\OTL.exe
2013-07-22 15:15 - 2013-07-22 15:15 - 00000474 _____ C:\Users\Gnubbi\Desktop\defogger_disable.log
2013-07-22 15:15 - 2013-07-22 15:15 - 00000000 _____ C:\Users\Gnubbi\defogger_reenable
2013-07-22 15:15 - 2009-04-11 17:30 - 00000000 ____D C:\Users\Gnubbi
2013-07-22 15:14 - 2013-07-22 15:14 - 00050477 _____ C:\Users\Gnubbi\Desktop\Defogger.exe
2013-07-22 15:08 - 2013-07-22 12:00 - 00010235 _____ C:\Windows\SysWOW64\Sandy Beach.log
2013-07-22 12:00 - 2013-07-22 12:00 - 00000000 ____D C:\Program Files (x86)\Sandy Beach 3D Screensaver
2013-07-22 11:54 - 2013-07-22 11:54 - 00000000 ____D C:\Program Files (x86)\Caribbean Islands 3D Screensaver
2013-07-22 11:54 - 2012-11-27 17:37 - 00000000 ____D C:\ProgramData\3Planesoft
2013-07-22 11:54 - 2012-11-27 17:37 - 00000000 ____D C:\Program Files (x86)\3Planesoft Screensaver Manager
2013-07-22 11:29 - 2013-01-01 16:30 - 00008167 _____ C:\Windows\SysWOW64\Nature.log
2013-07-22 09:49 - 2013-07-15 13:17 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-22 09:49 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-21 22:10 - 2006-11-02 17:42 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-21 19:47 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Intermediate
2013-07-21 19:46 - 2013-07-21 19:46 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Snz
2013-07-20 21:36 - 2009-04-11 17:33 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Adobe
2013-07-20 20:22 - 2013-05-30 15:00 - 00001626 _____ C:\Windows\setupact.log
2013-07-19 17:16 - 2009-04-11 18:45 - 00000418 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2013-07-17 20:58 - 2013-01-01 16:37 - 00008402 _____ C:\Windows\SysWOW64\Coral Reef.log
2013-07-17 15:56 - 2012-11-28 09:54 - 00010261 _____ C:\Windows\SysWOW64\Faraway Planet.log
2013-07-17 15:55 - 2012-11-27 21:55 - 00011055 _____ C:\Windows\SysWOW64\Koi Fish.log
2013-07-17 15:53 - 2009-04-15 15:53 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-17 12:45 - 2012-11-28 14:01 - 00010495 _____ C:\Windows\SysWOW64\Sunny Patio.log
2013-07-17 12:45 - 2012-11-28 13:56 - 00009316 _____ C:\Windows\SysWOW64\Wildflowers.log
2013-07-17 12:44 - 2012-11-28 14:47 - 00011666 _____ C:\Windows\SysWOW64\Autumn Wonderland.log
2013-07-17 12:43 - 2012-11-28 14:41 - 00000958 _____ C:\Windows\SysWOW64\Autumn Forest.log
2013-07-17 12:19 - 2012-12-28 14:36 - 00008916 _____ C:\Windows\SysWOW64\Ancient Castle.log
2013-07-16 19:24 - 2013-05-28 12:50 - 00005624 _____ C:\Windows\PFRO.log
2013-07-16 13:54 - 2009-08-18 11:40 - 00002098 _____ C:\Windows\wininit.ini
2013-07-16 13:54 - 2009-04-11 17:36 - 00000000 ___RD C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-16 13:18 - 2009-04-11 23:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-16 09:27 - 2013-07-15 13:17 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 09:27 - 2013-07-15 13:17 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-16 09:05 - 2012-11-27 17:03 - 00010110 _____ C:\Windows\SysWOW64\Watermill.log
2013-07-15 23:00 - 2008-10-21 19:56 - 01980922 _____ C:\Windows\WindowsUpdate.log
2013-07-15 16:01 - 2009-04-11 18:24 - 00000000 ___RD C:\INCOME
2013-07-15 14:16 - 2013-07-15 14:16 - 00000000 ____D C:\Program Files (x86)\Tropical Fish 3D Screensaver
2013-07-15 14:09 - 2009-06-17 12:58 - 00000368 _____ C:\Users\Gnubbi\AppData\Roaming\burnaware.ini
2013-07-15 14:05 - 2013-07-15 14:05 - 00197120 _____ (ScreenTime Media) C:\Windows\SysWOW64\3-D Jellyfish DemoESD.scr
2013-07-15 14:05 - 2013-07-15 14:05 - 00000000 ____D C:\Windows\SysWOW64\3-D Jellyfish DemoESD dir
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\SSync
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\SCheck
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\DataMgr
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\ext_piccshare
2013-07-15 13:17 - 2009-04-11 22:23 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Google
2013-07-15 13:17 - 2009-04-11 22:23 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-15 13:16 - 2013-07-15 13:16 - 00000871 _____ C:\Users\Administrator\Desktop\Earth 3D Space Tour.lnk
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\PiccShare
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Common
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Program Files (x86)\3D Space Tour
2013-07-15 13:08 - 2013-07-15 13:08 - 00001079 _____ C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\View My Screensavers.lnk
2013-07-15 13:08 - 2013-07-15 13:08 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Astro Gemini Software
2013-07-15 13:08 - 2011-11-30 22:00 - 00000000 ____D C:\Program Files (x86)\Astro Gemini Software
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\ChromeExtensions
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Windows Net Data
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Tempd859abcc6d9b14452ff9125efb5084c2
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Tempcbef2bd2ff1ab5bdb78c8808e08fc05e
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Temp75647aea5aa07b4ca02750042d58fa47
2013-07-14 14:11 - 2013-07-14 14:11 - 00003320 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-14 14:11 - 2013-07-14 14:11 - 00000000 ____D C:\Program Files (x86)\ScreenSaverGift
2013-07-11 11:17 - 2006-11-02 17:21 - 00327552 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 11:16 - 2006-11-02 17:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-11 11:16 - 2006-11-02 17:07 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 11:15 - 2010-03-25 00:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 00:43 - 2008-10-03 04:44 - 00639210 _____ C:\Windows\system32\perfh007.dat
2013-07-11 00:43 - 2008-10-03 04:44 - 00131250 _____ C:\Windows\system32\perfc007.dat
2013-07-11 00:43 - 2006-11-02 14:46 - 01497522 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-11 00:36 - 2006-11-02 14:35 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-07-10 22:40 - 2013-07-10 22:40 - 00002030 _____ C:\Users\Administrator\Desktop\Mehr Bildschirmschonern.lnk
2013-07-10 22:40 - 2013-07-10 22:40 - 00000827 _____ C:\Users\Administrator\Desktop\Nächtliche Stadt 3D Bildschirmschoner.lnk
2013-07-07 20:24 - 2013-01-18 15:30 - 00000000 ____D C:\Program Files (x86)\Mystery Stories - Das Geisterschiff
2013-07-07 20:23 - 2013-01-18 13:44 - 00000000 ____D C:\Program Files (x86)\Mystery Stories - Expedition des Grauens
2013-07-07 15:55 - 2013-07-07 15:55 - 00000032 _____ C:\Windows\setup.INI
2013-07-05 13:51 - 2009-04-11 18:24 - 00000000 ____D C:\POST
2013-07-04 12:23 - 2012-04-27 20:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 20:54 - 2009-04-11 18:24 - 00000000 ____D C:\FOTO
2013-07-03 13:14 - 2013-07-03 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 20:53 - 2013-06-30 20:53 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\PuzzleLab
2013-06-30 20:52 - 2013-06-30 20:45 - 00000000 ____D C:\Program Files (x86)\Phenomenon - Meteorit Sammleredition
2013-06-30 20:51 - 2011-07-19 17:23 - 00000000 ____D C:\BigFishGamesCache
2013-06-30 20:45 - 2013-06-30 20:45 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phenomenon - Meteorit Sammleredition
2013-06-26 08:53 - 2013-06-26 08:53 - 00044216 _____ C:\Users\Gnubbi\AppData\Local\ext_piccshare_uninst.exe
2013-06-24 09:52 - 2012-11-27 21:49 - 00008760 _____ C:\Windows\SysWOW64\White Christmas.log
2013-06-23 18:07 - 2009-04-13 00:21 - 00032256 _____ C:\Users\Gnubbi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-23 18:03 - 2013-06-23 18:03 - 03455486 ____N () C:\Users\Gnubbi\Downloads\jellyfish-demo.exe
2013-06-23 18:03 - 2013-06-23 18:03 - 00427920 _____ C:\Users\Gnubbi\AppData\Local\dd_vcredistMSI4353.txt
2013-06-23 18:03 - 2013-06-23 18:03 - 00011402 _____ C:\Users\Gnubbi\AppData\Local\dd_vcredistUI4353.txt
2013-06-23 17:53 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\Resources
ZeroAccess:
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\@
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L\00000004.@
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L\201d3dde
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L\6715e287
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L\76603ac3
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\00000004.@
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\00000008.@
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\000000cb.@
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000000.@
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000032.@
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000064.@
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe B8844F93D2C5F1DCDB179AAA9AF134B7 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
LastRegBack: 2013-07-22 09:55
==================== End Of Log ============================
Und Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2013 Ran by Gnubbi at 2013-07-22 19:17:47 Running from C:\Users\Gnubbi\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 100 Prozent Wimmelbild (x32) 1001 Nacht: Die Abenteuer von Sindbad (x32 Version: 1.0.0.0) 3-D Jellyfish DemoESD Screen Saver (x32) 3D Starry Night Screensaver (x32) 3Planesoft Screensaver Manager 1.4 (x32 Version: 1.4) 9: The Dark Side (x32) AC3Filter (remove only) (x32) ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.2) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader X (10.1.6) - Deutsch (x32 Version: 10.1.6) Adobe Shockwave Player 11.5 (x32 Version: 11.5.7.609) Alice im Wunderland (x32 Version: 1.00.0000) Amazon MP3-Downloader 1.0.9 (x32) Amazonia (x32) AMD Catalyst Install Manager (Version: 3.0.868.0) Ancient Castle 3D Screensaver 1.1 (x32 Version: 1.1) Apple Application Support (x32 Version: 1.1.0) Apple Software Update (x32 Version: 2.1.1.116) Aqua Real 2 (x32) Aranjas 2 (x32 Version: 0.0.0.0) Astro Gemini Screensaver Manager 2.0 (x32) AstroPop Deluxe (x32) ATI AVIVO64 Codecs (Version: 11.6.0.51125) ATI Problem Report Wizard (Version: 3.0.804.0) Atomica Deluxe (x32) Aurora 14.0a2 (x86 de) (x32 Version: 14.0a2) Autumn Forest 3D Screensaver and Animated Wallpaper 1.0 (x32 Version: 1.0) Autumn Wonderland 3D Screensaver and Animated Wallpaper 1.0 (x32 Version: 1.0) Avira Free Antivirus (x32 Version: 12.1.9.2400) Bejeweled 2 Deluxe (x32) Big Fish Games: Game Manager (x32 Version: 3.0.1.60) Black Mirror 2 (x32) Black Mirror III (x32) Bud Redhead (x32 Version: 1.4b) Build-a-lot Fairy Tales (x32 Version: 1.0.0.0) BurnAware Free 2.3.7 (x32) Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 2.03.0000) Caribbean Islands 3D Screensaver and Animated Wallpaper 1.1 (x32 Version: 1.1) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1125.2148.39102) Catalyst Control Center InstallProxy (x32 Version: 2008.0514.2139.36863) Catalyst Control Center InstallProxy (x32 Version: 2012.0214.2218.39913) Catalyst Control Center Localization All (x32 Version: 2010.1125.2148.39102) Catalyst Control Center Profiles Desktop (x32 Version: 2010.1125.2148.39102) CCC Help Chinese Standard (x32 Version: 2010.1125.2147.39102) CCC Help Chinese Traditional (x32 Version: 2010.1125.2147.39102) CCC Help Czech (x32 Version: 2010.1125.2147.39102) CCC Help Danish (x32 Version: 2010.1125.2147.39102) CCC Help Dutch (x32 Version: 2010.1125.2147.39102) CCC Help English (x32 Version: 2010.1125.2147.39102) CCC Help Finnish (x32 Version: 2010.1125.2147.39102) CCC Help French (x32 Version: 2010.1125.2147.39102) CCC Help German (x32 Version: 2010.1125.2147.39102) CCC Help Greek (x32 Version: 2010.1125.2147.39102) CCC Help Hungarian (x32 Version: 2010.1125.2147.39102) CCC Help Italian (x32 Version: 2010.1125.2147.39102) CCC Help Japanese (x32 Version: 2010.1125.2147.39102) CCC Help Korean (x32 Version: 2010.1125.2147.39102) CCC Help Norwegian (x32 Version: 2010.1125.2147.39102) CCC Help Polish (x32 Version: 2010.1125.2147.39102) CCC Help Portuguese (x32 Version: 2010.1125.2147.39102) CCC Help Russian (x32 Version: 2010.1125.2147.39102) CCC Help Spanish (x32 Version: 2010.1125.2147.39102) CCC Help Swedish (x32 Version: 2010.1125.2147.39102) CCC Help Thai (x32 Version: 2010.1125.2147.39102) ccc-core-static (x32 Version: 2010.1125.2148.39102) ccc-utility64 (Version: 2010.1125.2148.39102) CCleaner (Version: 4.01) Christmas Cards Screensaver 1.0 (x32) Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000) Coral Reef 3D Screensaver and Animated Wallpaper 1.1 (x32 Version: 1.1) Create™ (x32 Version: 1.0.0.0) CyberLink DVD Suite Deluxe (x32 Version: .1707) Dark Arcana: Die Spiegelwelt (x32) Dark Dimensions: Stadt im Nebel Sammleredition (x32) Dark Ritual (x32) Dark Tales: Das vorzeitige Begrabnis von Edgar Allan Poe (x32) Dark Tales:™ Der Mord in der Rue Morgue von Edgar Allan Poe Sammleredition (x32) Das gelobte Land (x32 Version: 1.0.0.0) Das Reich des Drachen (x32 Version: 1.0.0.0) Das Smaragd-Riff (x32) Das Vermächtnis der Insel (Vorschau) (x32 Version: 1.0.0.0) Der Exorzist (x32) Der Exorzist III: Geburt der Finsternis (x32 Version: 1.0.0.0) Der Fall Dillinger (x32 Version: 1.0.0.0) Desktop Icon für Amazon (Version: 1.0.1 (de)) DEUTSCHLAND SPIELT GAME CENTER (x32 Version: 1.0.0.46) DEUTSCHLAND SPIELT Spiele Post (x32 Version: 1.0.3.0) Die Fisch-Oase 2 (x32 Version: 1.0.0.0) Die Fisch-Oase H2O (x32 Version: 1.0.0.0) Die Romantik Roms (x32 Version: 1.0.0.0) Die Sage von Kolossus (x32 Version: 1.0.0.0) Die Vergessenen Kinder (x32 Version: 1.0.0.0) DigiFish Dolphin (x32) DigiFish Seahorse (x32) Disney-Pixar Ratatouille (x32 Version: 1.00.0000) DivX Codec (x32 Version: 6.8.5) DivX Converter (x32 Version: 7.1.0) DivX Player (x32 Version: 7.2.0) DivX Plus DirectShow Filters (x32) DivX Web Player (x32 Version: 1.5.0) dm Digi Foto (x32 Version: 2.3.0.93) DNAGame (x32) Dolphin Dreams 5 (x32 Version: 5.05.000) dows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0) Drawn - Der Turm 1.00 (x32) Draxonflys Guild Wars Screensaver 1 (x32) Earth 3D Space Tour screensaver v1.1 (x32) ebgcInfra (x32 Version: 1.1.0) ebgcRes (x32 Version: 1.0.0) ebgcSDK (x32 Version: 1.0.0) Elementals: Der Magische Schlüssel (x32 Version: 1.0.0.0) Empress of the Deep (x32 Version: 1.0.0.0) Escape from Lost Island (x32 Version: 1.0.0.0) Escape Rosecliff Island (x32) Ewige Reise: Das neue Atlantis (x32 Version: 1.0.0.0) F.A.C.E.S. (x32) Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0) Faraway Planet 3D Screensaver 1.0 (x32 Version: 1.0) FireJump 1.0.1.4 (x32 Version: 1.0.1.4) Flucht aus dem Paradies (x32 Version: 0.0.0.0) Free Audio CD Burner version 1.4.7 (x32) Free M4a to MP3 Converter 7.2 (x32) Free Studio version 5.1.5 (x32) Free YouTube Download version 2.10.28 (x32) Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128) Garten-Glück (x32 Version: 1.0.0.0) Garten-Glück: Jetzt wird renoviert! Sammleredition (x32 Version: 1.0.0.0) Google Chrome Frame (x32 Version: 65.119.72) Google Update Helper (x32 Version: 1.3.21.153) Gravely Silent: Haus des Schreckens Sammleredition (x32) GUILD WARS (x32) Guild Wars 2 (x32) GuildWars Visions v1.08 (x32) Hardware Diagnose Tools (x32 Version: 5.1.4861.15) Haunted Halls: Die Rache des Dr. Blackmore Sammleredition (x32) Haunted Manor: Der Herr der Spiegel Sammleredition (x32) Haus der 1000 Türen - Familiengeheimnisse Sammleredition (x32) Hidden Magic (x32 Version: 1.0.0.0) Hide And Secret 3 (x32 Version: 1.0.0.0) Hinter dem Spiegel 2 - Die Rache der Hexe (x32) HP Active Support Library (x32 Version: 3.1.6.1) HP Customer Experience Enhancements (x32 Version: 5.6.0.2510) HP Customer Feedback (x32 Version: 1.0.0) HP Easy Setup - Frontend (x32 Version: 5.7.0.2693) HP Photosmart Essential 2.5 (x32 Version: 1.03.0000) HP Photosmart Essential 3.0 (Version: 3.0) HP Picasso Media Center Add-In (x32 Version: 1.0.0) HP Recovery Manager RSS (x32 Version: 84.0.0.7) HP Total Care Advisor (x32 Version: 2.3.4292.2709) HP Update (x32 Version: 4.000.010.008) HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2) HPPhotoSmartPhotobookWebPack1 (x32 Version: 2.03.0000) HydraVision (x32 Version: 4.2.184.0) ICQ6.5 (x32 Version: 6.5) Infected: Der Zwillings-Impfstoff (x32 Version: 1.0.0.0) Intel® Matrix Storage Manager Jack of all Tribes (x32 Version: 1.0.0.0) Java Auto Updater (x32 Version: 2.0.2.4) Java(TM) 6 Update 21 (x32 Version: 6.0.210) Java(TM) SE Runtime Environment 6 Update 1 (x32 Version: 1.6.0.10) Jumpin’ Jack (x32 Version: 0.0.0.0) Kinder des Mondes (x32 Version: 1.0.0.0) Koi Fish 3D Screensaver and Animated Wallpaper 2.0 (x32 Version: 2.0) Kyodai Mahjongg 2006 v1.42 (x32) Land der Magie (x32 Version: 1.0.0.0) LightScribe System Software 1.14.25.1 (x32 Version: 1.14.25.1) Living Waterfalls Screensaver (x32) Lost Souls - Die verzauberten Gemälde (x32) Luxor Adventures (x32 Version: 1.0.0.0) Magic Encyclopedia – Mondschein (x32 Version: 1.0.0.0) Malwarebytes Anti-Malware Version 1.60.1.1000 (x32 Version: 1.60.1.1000) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322) Microsoft .NET Framework 1.1 (x32) Microsoft .NET Framework 1.1 Security Update (KB2698023) (x32) Microsoft .NET Framework 1.1 Security Update (KB2833941) (x32) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Choice Guard (x32 Version: 2.0.48.0) Microsoft Office 2000 Premium (x32 Version: 9.00.2816) Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.6612.1000) Microsoft Silverlight (x32 Version: 5.1.20513.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Works (x32 Version: 9.7.0621) Moonlight Match: Eine zauberhafte Nacht (x32 Version: 1.0.0.0) Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 14.0.1468.721) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) Mystery Legends: Beauty and the Beast (x32) Mystery of Mortlake Mansion (x32) Mystery of the Ancients: Der Fluch des Schwarzen Wassers Sammleredition (x32) Mystery Stories - Das Geisterschiff (x32) Mystery Stories - Expedition des Grauens (x32) Nächtliche Stadt 3D Bildschirmschoner 1.0 (x32) Nature 3D Screensaver 1.1 (x32 Version: 1.1) NCsoft Launcher (x32 Version: 1.5.19002) Necronomicon (x32 Version: 1.00.0000) NVIDIA PhysX v8.10.13 (x32 Version: 8.10.13) Odyssee ins Ungewisse (x32 Version: 1.0.0.0) Optimierte Multimedia-Tastatur-Lösung (x32) Pando Media Booster (x32 Version: 2.6.0.2) PC Connectivity Solution (x32 Version: 8.15.0.0) PC Sync Manager (x32 Version: 2.4.9) Phenomenon: Meteorit Sammleredition (x32) PhotoFiltre (x32) Picasa 3 (x32 Version: 3.9) PiccShare (HKCU Version: 2.0) Portrait Professional 6.3 (x32 Version: 6.3) Portrait Professional Studio 9.0 (x32 Version: 9.0) Power2Go (x32 Version: 5.6.4109) PowerDirector (x32 Version: 6.5.2926) ProtectDisc Driver, Version 11 (x32 Version: 11.0.0.14) PSSWCORE (x32 Version: 2.03.0000) Python 2.5.2 (x32 Version: 2.5.2150) QuickTime (x32 Version: 7.65.17.80) Ralink Wireless LAN (x32 Version: 1.0.2.5) Rayman 3 (x32 Version: 1.00.000) Rayman Origins (x32 Version: 1.00) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5657) Ritter Arthur II (x32 Version: 1.0.0.0) RocketDock 1.3.5 (x32) Sacra Terra: Nacht der Engel Sammleredition (x32) Samsung New PC Studio (x32 Version: 1.00.0000) Samsung New PC Studio USB Driver Installer (x32 Version: 1.00.0000) SAMSUNG USB Driver for Mobile Phones (Version: 1.3.650.0) SamsungConnectivityCableDriver (x32 Version: 6.83.6.2.1) Sandlot Games Client Services 1.2.2 (x32) Sandra Fleming Chronicles – Crystal Skulls (x32 Version: 1.0.0.0) Sandy Beach 3D Screensaver and Animated Wallpaper 1.0 (x32 Version: 1.0) Scarlett Frost und das Theater des Schreckens (x32 Version: 1.0.0.0) Secrets of the Dark: Der finstere Berg (x32) SereneScreen Marine Aquarium 3 (x32 Version: 3.0) Shaman Odyssey (x32 Version: 1.0.0.0) Snow Village 3D Screensaver 1.1 (x32 Version: 1.1) Spybot - Search & Destroy (x32 Version: 1.6.2) Spybot - Search & Destroy 1.4 (x32 Version: 1.4) Stadt der Angst (x32 Version: 1.0.0.0) Stray Souls: Das Haus Der Puppen Sammleredition (x32 Version: 1.0.0.0) Sunny Patio 3D Screensaver and Animated Wallpaper 1.1 (x32 Version: 1.1) T2002 V1.0 (x32) Tatort Museum 2 (x32 Version: 1.0.0.0) The Island: Castaway (x32 Version: 1.0.0.0) The Island: Castaway 2 (x32 Version: 1.0.0.0) The Void (x32) The Whispered World (x32 Version: 1.01) Tibor (x32) TipTop Deluxe (x32) Toy Story 3 (x32 Version: 1.00.0000) Tropical Fish 3D Screensaver and Animated Wallpaper 1.2 (x32 Version: 1.2) Trügerische Zuflucht: White Haven Mysteries (x32 Version: 1.0.0.0) Tulula: Die Legende des Vulkans (x32 Version: 1.0.0.0) TuneUp Utilities 2007 (x32 Version: 6.0.1255) TwinkleGL Screen Saver (x32) Twisted Lands - Insomniac (x32) Twisted Lands: Der Anfang (x32 Version: 1.0.0.0) Uninstall 1.0.0.1 (x32) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Vampireville (x32 Version: 1.0.0.0) Vampirsaga: Büchse der Pandora (x32 Version: 1.0.0.0) VC80CRTRedist - 8.0.50727.762 (x32 Version: 1.0.0) VideoToolkit01 (x32 Version: 110.0.171.000) Voodoo Chroniken: Erstes Zeichen (x32 Version: 1.0.0.0) Voodoo Whisperer: Fluch einer Legende (x32 Version: 1.0.0.0) Watermill 3D Screensaver 2.0 (x32 Version: 2.0) Weird Park - Unheimliche Märchen (x32) Weird Park: Schräge Töne Sammleredition (x32) White Christmas 3D Screensaver and Animated Wallpaper 1.0 (x32 Version: 1.0) WhiteCap (x32 Version: 5.2.1) Wildflowers 3D Screensaver and Animated Wallpaper 1.1 (x32 Version: 1.1) Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5) Windows Live Call (x32 Version: 14.0.8117.0416) Windows Live Communications Platform (x32 Version: 14.0.8117.416) Windows Live Essentials (x32 Version: 14.0.8117.0416) Windows Live Essentials (x32 Version: 14.0.8117.416) Windows Live Messenger (x32 Version: 14.0.8117.0416) Windows Live-Uploadtool (x32 Version: 14.0.8014.1029) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) Windows Utils (x32) WinRAR archiver (x32) WordPerfect Office X3 (x32 Version: 13.3) WordPerfect Office X3 (x32) Youda Survivor (x32 Version: 1.0.0.0) Zeit der Abenteuer: Der Held in dir (x32 Version: 1.0.0.0) Zuma Deluxe (x32) Zuma’s Revenge! Abenteuer (x32 Version: 1.0.0.0) ==================== Restore Points ========================= 18-06-2013 06:40:45 Windows Update 19-06-2013 08:59:52 Geplanter Prüfpunkt 21-06-2013 11:46:21 Windows Update 22-06-2013 10:03:05 Geplanter Prüfpunkt 23-06-2013 12:55:16 Geplanter Prüfpunkt 24-06-2013 09:09:30 Installed SpyHunter 24-06-2013 22:00:00 Geplanter Prüfpunkt 25-06-2013 08:00:15 Windows Update 30-06-2013 12:57:01 Geplanter Prüfpunkt 02-07-2013 07:23:46 Windows Update 03-07-2013 07:30:03 Geplanter Prüfpunkt 04-07-2013 11:04:23 Geplanter Prüfpunkt 05-07-2013 10:54:42 Windows Update 09-07-2013 18:00:18 Windows Update 10-07-2013 22:23:17 Windows Update 11-07-2013 10:38:31 Geplanter Prüfpunkt 12-07-2013 07:00:15 Geplanter Prüfpunkt 13-07-2013 10:44:22 Geplanter Prüfpunkt 14-07-2013 07:48:24 Geplanter Prüfpunkt 15-07-2013 19:17:36 Geplanter Prüfpunkt 21-07-2013 18:25:35 Geplanter Prüfpunkt 22-07-2013 11:17:36 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2006-11-02 14:34 - 2010-10-12 10:28 - 00421744 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {1A0DC71A-917F-49DD-B6A4-096148C2EA98} - System32\Tasks\HP Health Check => c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02] (Hewlett-Packard) Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {4373E7E0-6029-41C9-8777-AABB77A95182} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program Files (x86)\PC-Doctor for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.) Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation) Task: {5275E040-9817-4DAA-BCCC-7EB01294FE52} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] () Task: {5673FABF-3560-481A-8246-A239D222CD77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.) Task: {771656B4-BFA2-4286-B5BE-AF4F52B571A5} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Gnubbi => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-21] (Microsoft Corporation) Task: {7A9A63D1-30A6-4CBB-B3A0-D7AEA3E99C3B} - System32\Tasks\EPUpdater => C:\Users\Gnubbi\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {7EB70A78-6FEA-4DDD-9C63-90106932866D} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation) Task: {8BDF3CB3-C82B-4137-8141-966D66BA959D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: {8EB69F37-8413-40DF-8902-B931EB7E37B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd) Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation) Task: {BA07EEE6-1917-40B0-B72F-595FD77F5518} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-15] (Google Inc.) Task: {C24D6B01-E7D6-4340-BDD9-9141EAD9B601} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files (x86)\PC-Doctor for Windows\RunProfiler.exe [2008-04-09] (PC-Doctor, Inc.) Task: {D990FC97-5997-4303-AA93-BF9E33C0132D} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.) Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {FA7A1601-23BB-4A41-9D56-4C41530502CF} - System32\Tasks\1-Klick-Wartung => C:\Program Files (x86)\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27] (TuneUp Software GmbH) Task: C:\Windows\Tasks\1-Klick-Wartung.job => C:\Program Files (x86)\TuneUp Utilities 2007\SystemOptimizer.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: MS/MS-Pro Description: MS/MS-Pro Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: SD/MMC Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: SM/xD-Picture Description: SM/xD-Picture Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (07/22/2013 07:17:47 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xe08, Anwendungsstartzeit svchost.exe0. Error: (07/22/2013 07:16:39 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0x6b0, Anwendungsstartzeit svchost.exe0. Error: (07/22/2013 07:15:33 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0x12fc, Anwendungsstartzeit svchost.exe0. Error: (07/22/2013 07:14:25 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xf9c, Anwendungsstartzeit svchost.exe0. Error: (07/22/2013 07:13:18 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0x5b0, Anwendungsstartzeit svchost.exe0. Error: (07/22/2013 07:12:11 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0x8f8, Anwendungsstartzeit svchost.exe0. Error: (07/22/2013 07:11:04 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0xf14, Anwendungsstartzeit svchost.exe0. Error: (07/22/2013 07:09:57 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0x13e4, Anwendungsstartzeit svchost.exe0. Error: (07/22/2013 07:08:51 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0x1188, Anwendungsstartzeit svchost.exe0. Error: (07/22/2013 07:07:44 PM) (Source: Application Error) (User: ) Description: Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x74dca57d, Prozess-ID 0x10e0, Anwendungsstartzeit svchost.exe0. System errors: ============= Error: (07/22/2013 09:51:10 AM) (Source: Service Control Manager) (User: ) Description: i8042prt StarOpen Error: (07/22/2013 09:51:10 AM) (Source: Service Control Manager) (User: ) Description: IPsec-Richtlinien-AgentBFE Error: (07/22/2013 09:51:10 AM) (Source: Service Control Manager) (User: ) Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE Error: (07/22/2013 09:51:10 AM) (Source: Service Control Manager) (User: ) Description: Computerbrowser%%1060 Error: (07/22/2013 09:49:28 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT-AUTORITÄT) Description: C:\Windows\system32\RAIHV.dll126 Error: (07/22/2013 09:49:20 AM) (Source: Application Popup) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (07/21/2013 07:47:01 PM) (Source: Service Control Manager) (User: ) Description: i8042prt StarOpen Error: (07/21/2013 07:47:01 PM) (Source: Service Control Manager) (User: ) Description: IPsec-Richtlinien-AgentBFE Error: (07/21/2013 07:47:01 PM) (Source: Service Control Manager) (User: ) Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE Error: (07/21/2013 07:47:01 PM) (Source: Service Control Manager) (User: ) Description: Computerbrowser%%1060 Microsoft Office Sessions: ========================= Error: (07/22/2013 07:17:47 PM) (Source: Application Error)(User: ) Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000574dca57de0801ce86ff626fa42e Error: (07/22/2013 07:16:39 PM) (Source: Application Error)(User: ) Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000574dca57d6b001ce86ff3a97993e Error: (07/22/2013 07:15:33 PM) (Source: Application Error)(User: ) Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000574dca57d12fc01ce86ff12abc7ce Error: (07/22/2013 07:14:25 PM) (Source: Application Error)(User: ) Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000574dca57df9c01ce86feeaa4486e Error: (07/22/2013 07:13:18 PM) (Source: Application Error)(User: ) Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000574dca57d5b001ce86fec2686ace Error: (07/22/2013 07:12:11 PM) (Source: Application Error)(User: ) Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000574dca57d8f801ce86fe9a92155e Error: (07/22/2013 07:11:04 PM) (Source: Application Error)(User: ) Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000574dca57df1401ce86fe72abb28e Error: (07/22/2013 07:09:57 PM) (Source: Application Error)(User: ) Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000574dca57d13e401ce86fe4ae7088e Error: (07/22/2013 07:08:51 PM) (Source: Application Error)(User: ) Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000574dca57d118801ce86fe22f1637e Error: (07/22/2013 07:07:44 PM) (Source: Application Error)(User: ) Description: svchost.exe6.0.6001.1800047918b89unknown0.0.0.000000000c000000574dca57d10e001ce86fdfb2d55be CodeIntegrity Errors: =================================== Date: 2012-03-21 23:29:55.467 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-03-21 23:29:55.264 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-03-21 23:29:55.061 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-03-21 23:29:54.858 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-03-21 23:29:54.671 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-03-21 23:29:54.484 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-03-21 23:29:54.203 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-03-21 23:29:54.016 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-03-21 23:29:53.797 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2012-03-21 23:29:53.610 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 59% Total physical RAM: 4094.33 MB Available physical RAM: 1638.43 MB Total Pagefile: 8401.91 MB Available Pagefile: 5832.16 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:581.69 GB) (Free:321.51 GB) NTFS (Disk=0 Partition=1) ==>[Drive with boot components (obtained from BCD)] Drive d: (FACTORY_IMAGE) (Fixed) (Total:14.48 GB) (Free:2 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 596 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=582 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=14 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
22.07.2013, 20:22
| #4 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.07.2013, 12:30
| #5 |
| | TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC Sorry, war gestern nicht mehr am PC. TDSS: Code:
ATTFilter 13:25:56.0192 3696 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:25:56.0371 3696 ============================================================
13:25:56.0371 3696 Current date / time: 2013/07/23 13:25:56.0371
13:25:56.0371 3696 SystemInfo:
13:25:56.0371 3696
13:25:56.0371 3696 OS Version: 6.0.6002 ServicePack: 2.0
13:25:56.0371 3696 Product type: Workstation
13:25:56.0371 3696 ComputerName: GNUBBI-TEILCHEN
13:25:56.0372 3696 UserName: Gnubbi
13:25:56.0372 3696 Windows directory: C:\Windows
13:25:56.0372 3696 System windows directory: C:\Windows
13:25:56.0372 3696 Running under WOW64
13:25:56.0372 3696 Processor architecture: Intel x64
13:25:56.0372 3696 Number of processors: 4
13:25:56.0372 3696 Page size: 0x1000
13:25:56.0372 3696 Boot type: Normal boot
13:25:56.0372 3696 ============================================================
13:25:56.0732 3696 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:25:56.0748 3696 ============================================================
13:25:56.0748 3696 \Device\Harddisk0\DR0:
13:25:56.0748 3696 MBR partitions:
13:25:56.0748 3696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48B621A0
13:25:56.0748 3696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48B621DF, BlocksNum 0x1CF4CE2
13:25:56.0748 3696 ============================================================
13:25:56.0772 3696 C: <-> \Device\Harddisk0\DR0\Partition1
13:25:56.0822 3696 D: <-> \Device\Harddisk0\DR0\Partition2
13:25:56.0823 3696 ============================================================
13:25:56.0823 3696 Initialize success
13:25:56.0823 3696 ============================================================
13:26:43.0265 3984 ============================================================
13:26:43.0265 3984 Scan started
13:26:43.0265 3984 Mode: Manual; SigCheck; TDLFS;
13:26:43.0265 3984 ============================================================
13:26:43.0462 3984 ================ Scan system memory ========================
13:26:43.0462 3984 System memory - ok
13:26:43.0462 3984 ================ Scan services =============================
13:26:43.0599 3984 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
13:26:43.0738 3984 acedrv11 - ok
13:26:43.0792 3984 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:26:43.0813 3984 ACPI - ok
13:26:43.0943 3984 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:26:43.0960 3984 AdobeARMservice - ok
13:26:44.0060 3984 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:26:44.0072 3984 AdobeFlashPlayerUpdateSvc - ok
13:26:44.0112 3984 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:26:44.0143 3984 adp94xx - ok
13:26:44.0167 3984 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:26:44.0216 3984 adpahci - ok
13:26:44.0261 3984 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:26:44.0280 3984 adpu160m - ok
13:26:44.0304 3984 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:26:44.0324 3984 adpu320 - ok
13:26:44.0348 3984 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:26:44.0453 3984 AeLookupSvc - ok
13:26:44.0506 3984 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
13:26:44.0569 3984 AFD - ok
13:26:44.0582 3984 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:26:44.0599 3984 agp440 - ok
13:26:44.0615 3984 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:26:44.0632 3984 aic78xx - ok
13:26:44.0648 3984 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
13:26:44.0758 3984 ALG - ok
13:26:44.0769 3984 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
13:26:44.0783 3984 aliide - ok
13:26:44.0830 3984 [ 962227630779043B5C1D4CD157ABB912 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:26:44.0923 3984 AMD External Events Utility - ok
13:26:44.0940 3984 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
13:26:44.0954 3984 amdide - ok
13:26:44.0963 3984 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:26:44.0998 3984 AmdK8 - ok
13:26:45.0200 3984 [ 56D6631761EC37745F0DF16BCDC4CAF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:26:45.0575 3984 amdkmdag - ok
13:26:45.0604 3984 [ 2D9005EA0BFD25C740E53C8DD3C069E0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:26:45.0638 3984 amdkmdap - ok
13:26:45.0700 3984 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:26:45.0727 3984 AntiVirSchedulerService - ok
13:26:45.0749 3984 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:26:45.0759 3984 AntiVirService - ok
13:26:45.0782 3984 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
13:26:45.0857 3984 Appinfo - ok
13:26:45.0875 3984 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
13:26:45.0893 3984 arc - ok
13:26:45.0919 3984 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:26:45.0937 3984 arcsas - ok
13:26:45.0955 3984 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:26:46.0010 3984 AsyncMac - ok
13:26:46.0030 3984 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
13:26:46.0045 3984 atapi - ok
13:26:46.0096 3984 [ 5D6566D19FCCAF8A10D46B6C479227A9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
13:26:46.0112 3984 AtiHDAudioService - ok
13:26:46.0272 3984 [ 56D6631761EC37745F0DF16BCDC4CAF4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:26:46.0483 3984 atikmdag - ok
13:26:46.0532 3984 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
13:26:46.0547 3984 atksgt - ok
13:26:46.0601 3984 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:26:46.0642 3984 AudioEndpointBuilder - ok
13:26:46.0667 3984 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:26:46.0714 3984 AudioSrv - ok
13:26:46.0752 3984 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:26:46.0762 3984 avgntflt - ok
13:26:46.0775 3984 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:26:46.0793 3984 avipbb - ok
13:26:46.0817 3984 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:26:46.0830 3984 avkmgr - ok
13:26:46.0849 3984 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:26:46.0906 3984 blbdrive - ok
13:26:46.0947 3984 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:26:47.0005 3984 bowser - ok
13:26:47.0022 3984 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:26:47.0047 3984 BrFiltLo - ok
13:26:47.0062 3984 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:26:47.0110 3984 BrFiltUp - ok
13:26:47.0141 3984 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
13:26:47.0178 3984 Browser - ok
13:26:47.0195 3984 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
13:26:47.0354 3984 Brserid - ok
13:26:47.0371 3984 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:26:47.0421 3984 BrSerWdm - ok
13:26:47.0434 3984 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:26:47.0504 3984 BrUsbMdm - ok
13:26:47.0536 3984 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:26:47.0599 3984 BrUsbSer - ok
13:26:47.0634 3984 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:26:47.0685 3984 BTHMODEM - ok
13:26:47.0703 3984 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:26:47.0741 3984 cdfs - ok
13:26:47.0783 3984 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:26:47.0811 3984 cdrom - ok
13:26:47.0846 3984 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
13:26:47.0873 3984 CertPropSvc - ok
13:26:47.0888 3984 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
13:26:47.0923 3984 circlass - ok
13:26:47.0973 3984 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
13:26:48.0010 3984 CLFS - ok
13:26:48.0097 3984 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:26:48.0115 3984 clr_optimization_v2.0.50727_32 - ok
13:26:48.0176 3984 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:26:48.0192 3984 clr_optimization_v2.0.50727_64 - ok
13:26:48.0283 3984 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:26:48.0295 3984 clr_optimization_v4.0.30319_32 - ok
13:26:48.0336 3984 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:26:48.0347 3984 clr_optimization_v4.0.30319_64 - ok
13:26:48.0363 3984 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:26:48.0377 3984 cmdide - ok
13:26:48.0393 3984 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:26:48.0409 3984 Compbatt - ok
13:26:48.0413 3984 COMSysApp - ok
13:26:48.0426 3984 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:26:48.0442 3984 crcdisk - ok
13:26:48.0467 3984 [ 1B22BC0B71F65001479DAB792C3F626C ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:26:48.0527 3984 CryptSvc - ok
13:26:48.0579 3984 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:26:48.0623 3984 DcomLaunch - ok
13:26:48.0681 3984 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:26:48.0710 3984 DfsC - ok
13:26:48.0800 3984 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
13:26:48.0921 3984 DFSR - ok
13:26:48.0974 3984 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
13:26:48.0990 3984 dg_ssudbus - ok
13:26:49.0044 3984 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:26:49.0070 3984 Dhcp - ok
13:26:49.0111 3984 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
13:26:49.0129 3984 disk - ok
13:26:49.0171 3984 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:26:49.0203 3984 Dnscache - ok
13:26:49.0254 3984 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
13:26:49.0286 3984 dot3svc - ok
13:26:49.0310 3984 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
13:26:49.0363 3984 DPS - ok
13:26:49.0405 3984 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:26:49.0430 3984 drmkaud - ok
13:26:49.0457 3984 dump_wmimmc - ok
13:26:49.0513 3984 [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:26:49.0552 3984 DXGKrnl - ok
13:26:49.0596 3984 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
13:26:49.0653 3984 E1G60 - ok
13:26:49.0685 3984 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
13:26:49.0722 3984 EapHost - ok
13:26:49.0769 3984 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
13:26:49.0792 3984 Ecache - ok
13:26:49.0843 3984 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:26:49.0921 3984 ehRecvr - ok
13:26:49.0950 3984 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
13:26:49.0993 3984 ehSched - ok
13:26:50.0013 3984 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
13:26:50.0032 3984 ehstart - ok
13:26:50.0060 3984 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:26:50.0091 3984 elxstor - ok
13:26:50.0144 3984 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:26:50.0272 3984 EMDMgmt - ok
13:26:50.0288 3984 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:26:50.0321 3984 ErrDev - ok
13:26:50.0378 3984 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
13:26:50.0407 3984 EventSystem - ok
13:26:50.0464 3984 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
13:26:50.0534 3984 exfat - ok
13:26:50.0546 3984 ezSharedSvc - ok
13:26:50.0602 3984 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:26:50.0655 3984 fastfat - ok
13:26:50.0674 3984 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:26:50.0708 3984 fdc - ok
13:26:50.0728 3984 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
13:26:50.0759 3984 fdPHost - ok
13:26:50.0771 3984 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
13:26:50.0817 3984 FDResPub - ok
13:26:50.0826 3984 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:26:50.0844 3984 FileInfo - ok
13:26:50.0858 3984 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:26:50.0892 3984 Filetrace - ok
13:26:50.0906 3984 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:26:50.0940 3984 flpydisk - ok
13:26:50.0987 3984 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:26:51.0005 3984 FltMgr - ok
13:26:51.0065 3984 [ F20A97F51C104DD0A163251325460747 ] FontCache C:\Windows\system32\FntCache.dll
13:26:51.0184 3984 FontCache - ok
13:26:51.0274 3984 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:26:51.0289 3984 FontCache3.0.0.0 - ok
13:26:51.0334 3984 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:26:51.0393 3984 Fs_Rec - ok
13:26:51.0411 3984 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:26:51.0428 3984 gagp30kx - ok
13:26:51.0480 3984 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
13:26:51.0524 3984 gpsvc - ok
13:26:51.0613 3984 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:26:51.0623 3984 gupdate - ok
13:26:51.0627 3984 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:26:51.0637 3984 gupdatem - ok
13:26:51.0665 3984 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:26:51.0685 3984 gusvc - ok
13:26:51.0736 3984 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:26:51.0776 3984 HdAudAddService - ok
13:26:51.0829 3984 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:26:51.0889 3984 HDAudBus - ok
13:26:51.0935 3984 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:26:52.0018 3984 HidBth - ok
13:26:52.0041 3984 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:26:52.0109 3984 HidIr - ok
13:26:52.0137 3984 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
13:26:52.0181 3984 hidserv - ok
13:26:52.0207 3984 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:26:52.0232 3984 HidUsb - ok
13:26:52.0254 3984 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
13:26:52.0285 3984 hkmsvc - ok
13:26:52.0326 3984 [ A3A30438C48D2D71556E120C9C7BA7A0 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
13:26:52.0351 3984 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
13:26:52.0352 3984 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
13:26:52.0380 3984 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:26:52.0397 3984 HpCISSs - ok
13:26:52.0452 3984 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:26:52.0568 3984 HTTP - ok
13:26:52.0611 3984 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:26:52.0626 3984 i2omp - ok
13:26:52.0645 3984 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:26:52.0672 3984 i8042prt - ok
13:26:52.0702 3984 [ 5B19DFC29A9563A5DA5CA559BED83AA8 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:26:52.0731 3984 IAANTMON - ok
13:26:52.0757 3984 [ A5AFC75C01044C0DDA0231C4E26C15A0 ] iaStor C:\Windows\system32\drivers\iastor.sys
13:26:52.0786 3984 iaStor - ok
13:26:52.0830 3984 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:26:52.0859 3984 iaStorV - ok
13:26:52.0921 3984 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:26:52.0979 3984 idsvc - ok
13:26:53.0024 3984 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:26:53.0042 3984 iirsp - ok
13:26:53.0102 3984 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
13:26:53.0162 3984 IKEEXT - ok
13:26:53.0220 3984 [ 46CB3ABE8150E7B181E86D4906DE17E8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:26:53.0299 3984 IntcAzAudAddService - ok
13:26:53.0321 3984 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
13:26:53.0337 3984 intelide - ok
13:26:53.0364 3984 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:26:53.0396 3984 intelppm - ok
13:26:53.0423 3984 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:26:53.0475 3984 IPBusEnum - ok
13:26:53.0504 3984 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:26:53.0532 3984 IpFilterDriver - ok
13:26:53.0535 3984 IpInIp - ok
13:26:53.0554 3984 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:26:53.0591 3984 IPMIDRV - ok
13:26:53.0602 3984 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:26:53.0661 3984 IPNAT - ok
13:26:53.0679 3984 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:26:53.0713 3984 IRENUM - ok
13:26:53.0737 3984 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:26:53.0752 3984 isapnp - ok
13:26:53.0797 3984 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:26:53.0813 3984 iScsiPrt - ok
13:26:53.0825 3984 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:26:53.0840 3984 iteatapi - ok
13:26:53.0852 3984 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:26:53.0868 3984 iteraid - ok
13:26:53.0882 3984 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:26:53.0898 3984 kbdclass - ok
13:26:53.0937 3984 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:26:53.0960 3984 kbdhid - ok
13:26:53.0985 3984 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
13:26:54.0032 3984 KeyIso - ok
13:26:54.0078 3984 [ 4E76398AEF64CB6D782CFEB99B4EAE55 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
13:26:54.0091 3984 KMWDFILTER - ok
13:26:54.0142 3984 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:26:54.0184 3984 KSecDD - ok
13:26:54.0203 3984 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:26:54.0234 3984 ksthunk - ok
13:26:54.0254 3984 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
13:26:54.0323 3984 KtmRm - ok
13:26:54.0352 3984 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:26:54.0381 3984 LanmanServer - ok
13:26:54.0416 3984 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:26:54.0432 3984 LanmanWorkstation - ok
13:26:54.0475 3984 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:26:54.0484 3984 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:26:54.0484 3984 LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:26:54.0502 3984 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
13:26:54.0516 3984 lirsgt - ok
13:26:54.0525 3984 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:26:54.0580 3984 lltdio - ok
13:26:54.0614 3984 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:26:54.0662 3984 lltdsvc - ok
13:26:54.0680 3984 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:26:54.0711 3984 lmhosts - ok
13:26:54.0734 3984 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:26:54.0751 3984 LSI_FC - ok
13:26:54.0771 3984 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:26:54.0789 3984 LSI_SAS - ok
13:26:54.0811 3984 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:26:54.0829 3984 LSI_SCSI - ok
13:26:54.0845 3984 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
13:26:54.0904 3984 luafv - ok
13:26:54.0932 3984 [ 79DA94B35371B9E7104460C7693DCB2C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:26:54.0942 3984 MBAMProtector ( UnsignedFile.Multi.Generic ) - warning
13:26:54.0942 3984 MBAMProtector - detected UnsignedFile.Multi.Generic (1)
13:26:54.0976 3984 [ 056B19651BD7B7CE5F89A3AC46DBDC08 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:26:54.0996 3984 MBAMService - ok
13:26:55.0014 3984 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:26:55.0032 3984 Mcx2Svc - ok
13:26:55.0049 3984 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
13:26:55.0065 3984 megasas - ok
13:26:55.0091 3984 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:26:55.0119 3984 MegaSR - ok
13:26:55.0131 3984 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
13:26:55.0162 3984 MMCSS - ok
13:26:55.0175 3984 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
13:26:55.0225 3984 Modem - ok
13:26:55.0264 3984 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:26:55.0317 3984 monitor - ok
13:26:55.0343 3984 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:26:55.0359 3984 mouclass - ok
13:26:55.0372 3984 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:26:55.0406 3984 mouhid - ok
13:26:55.0410 3984 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:26:55.0428 3984 MountMgr - ok
13:26:55.0494 3984 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:26:55.0514 3984 MozillaMaintenance - ok
13:26:55.0526 3984 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
13:26:55.0546 3984 mpio - ok
13:26:55.0564 3984 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:26:55.0612 3984 mpsdrv - ok
13:26:55.0658 3984 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:26:55.0674 3984 Mraid35x - ok
13:26:55.0697 3984 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:26:55.0732 3984 MRxDAV - ok
13:26:55.0774 3984 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:26:55.0801 3984 mrxsmb - ok
13:26:55.0851 3984 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:26:55.0896 3984 mrxsmb10 - ok
13:26:55.0924 3984 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:26:55.0961 3984 mrxsmb20 - ok
13:26:55.0992 3984 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
13:26:56.0007 3984 msahci - ok
13:26:56.0029 3984 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:26:56.0047 3984 msdsm - ok
13:26:56.0066 3984 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
13:26:56.0119 3984 MSDTC - ok
13:26:56.0157 3984 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:26:56.0211 3984 Msfs - ok
13:26:56.0231 3984 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:26:56.0246 3984 msisadrv - ok
13:26:56.0276 3984 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:26:56.0314 3984 MSiSCSI - ok
13:26:56.0318 3984 msiserver - ok
13:26:56.0337 3984 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:26:56.0372 3984 MSKSSRV - ok
13:26:56.0382 3984 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:26:56.0432 3984 MSPCLOCK - ok
13:26:56.0453 3984 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:26:56.0509 3984 MSPQM - ok
13:26:56.0555 3984 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:26:56.0586 3984 MsRPC - ok
13:26:56.0601 3984 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:26:56.0613 3984 mssmbios - ok
13:26:56.0625 3984 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:26:56.0673 3984 MSTEE - ok
13:26:56.0678 3984 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
13:26:56.0696 3984 Mup - ok
13:26:56.0745 3984 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
13:26:56.0775 3984 napagent - ok
13:26:56.0826 3984 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:26:56.0846 3984 NativeWifiP - ok
13:26:56.0908 3984 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:26:56.0944 3984 NDIS - ok
13:26:56.0978 3984 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:26:57.0004 3984 NdisTapi - ok
13:26:57.0013 3984 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:26:57.0046 3984 Ndisuio - ok
13:26:57.0085 3984 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:26:57.0115 3984 NdisWan - ok
13:26:57.0127 3984 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:26:57.0155 3984 NDProxy - ok
13:26:57.0160 3984 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:26:57.0211 3984 NetBIOS - ok
13:26:57.0255 3984 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:26:57.0294 3984 netbt - ok
13:26:57.0308 3984 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
13:26:57.0321 3984 Netlogon - ok
13:26:57.0351 3984 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
13:26:57.0388 3984 Netman - ok
13:26:57.0402 3984 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
13:26:57.0467 3984 netprofm - ok
13:26:57.0503 3984 [ 8E6AF418ED39B976B172F1CEA9E6F538 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
13:26:57.0573 3984 netr28x - ok
13:26:57.0612 3984 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:26:57.0632 3984 NetTcpPortSharing - ok
13:26:57.0652 3984 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:26:57.0668 3984 nfrd960 - ok
13:26:57.0684 3984 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
13:26:57.0735 3984 NlaSvc - ok
13:26:57.0764 3984 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:26:57.0809 3984 Npfs - ok
13:26:57.0813 3984 npggsvc - ok
13:26:57.0818 3984 NPPTNT2 - ok
13:26:57.0856 3984 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
13:26:57.0887 3984 nsi - ok
13:26:57.0896 3984 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:26:57.0949 3984 nsiproxy - ok
13:26:58.0021 3984 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:26:58.0102 3984 Ntfs - ok
13:26:58.0130 3984 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
13:26:58.0180 3984 Null - ok
13:26:58.0215 3984 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:26:58.0233 3984 nvraid - ok
13:26:58.0254 3984 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:26:58.0271 3984 nvstor - ok
13:26:58.0307 3984 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:26:58.0326 3984 nv_agp - ok
13:26:58.0330 3984 NwlnkFlt - ok
13:26:58.0335 3984 NwlnkFwd - ok
13:26:58.0373 3984 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:26:58.0397 3984 ohci1394 - ok
13:26:58.0461 3984 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:26:58.0540 3984 p2pimsvc - ok
13:26:58.0567 3984 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
13:26:58.0590 3984 p2psvc - ok
13:26:58.0601 3984 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
13:26:58.0669 3984 Parport - ok
13:26:58.0709 3984 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:26:58.0727 3984 partmgr - ok
13:26:58.0748 3984 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
13:26:58.0777 3984 PcaSvc - ok
13:26:58.0825 3984 [ 81B5E63131090879AD6EF9F32109B88D ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
13:26:58.0848 3984 pccsmcfd - ok
13:26:58.0858 3984 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
13:26:58.0872 3984 pci - ok
13:26:58.0889 3984 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
13:26:58.0903 3984 pciide - ok
13:26:58.0918 3984 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:26:58.0939 3984 pcmcia - ok
13:26:58.0964 3984 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:26:59.0032 3984 PEAUTH - ok
13:26:59.0101 3984 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:26:59.0132 3984 PerfHost - ok
13:26:59.0169 3984 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
13:26:59.0264 3984 pla - ok
13:26:59.0299 3984 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:26:59.0339 3984 PlugPlay - ok
13:26:59.0361 3984 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:26:59.0385 3984 PNRPAutoReg - ok
13:26:59.0411 3984 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:26:59.0434 3984 PNRPsvc - ok
13:26:59.0496 3984 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:26:59.0555 3984 PolicyAgent - ok
13:26:59.0605 3984 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:26:59.0649 3984 PptpMiniport - ok
13:26:59.0678 3984 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
13:26:59.0714 3984 Processor - ok
13:26:59.0774 3984 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
13:26:59.0799 3984 ProfSvc - ok
13:26:59.0808 3984 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
13:26:59.0821 3984 ProtectedStorage - ok
13:26:59.0867 3984 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe
13:26:59.0897 3984 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
13:26:59.0897 3984 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
13:26:59.0940 3984 [ 1D0A3F565397D08707F3D75B88586645 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
13:26:59.0962 3984 Ps2 - ok
13:27:00.0000 3984 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:27:00.0024 3984 PSched - ok
13:27:00.0069 3984 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:27:00.0137 3984 ql2300 - ok
13:27:00.0147 3984 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:27:00.0166 3984 ql40xx - ok
13:27:00.0189 3984 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
13:27:00.0219 3984 QWAVE - ok
13:27:00.0228 3984 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:27:00.0245 3984 QWAVEdrv - ok
13:27:00.0253 3984 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:27:00.0287 3984 RasAcd - ok
13:27:00.0300 3984 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
13:27:00.0333 3984 RasAuto - ok
13:27:00.0338 3984 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:27:00.0386 3984 Rasl2tp - ok
13:27:00.0420 3984 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
13:27:00.0447 3984 RasMan - ok
13:27:00.0498 3984 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:27:00.0525 3984 RasPppoe - ok
13:27:00.0560 3984 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:27:00.0577 3984 RasSstp - ok
13:27:00.0615 3984 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:27:00.0655 3984 rdbss - ok
13:27:00.0664 3984 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:27:00.0697 3984 RDPCDD - ok
13:27:00.0723 3984 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:27:00.0771 3984 rdpdr - ok
13:27:00.0774 3984 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:27:00.0808 3984 RDPENCDD - ok
13:27:00.0868 3984 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:27:00.0944 3984 RDPWD - ok
13:27:00.0969 3984 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:27:01.0006 3984 RemoteAccess - ok
13:27:01.0045 3984 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:27:01.0083 3984 RemoteRegistry - ok
13:27:01.0103 3984 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
13:27:01.0133 3984 RpcLocator - ok
13:27:01.0186 3984 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
13:27:01.0226 3984 RpcSs - ok
13:27:01.0247 3984 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:27:01.0285 3984 rspndr - ok
13:27:01.0297 3984 [ 82B66ABF055611024E5DBB9FA556C11D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
13:27:01.0338 3984 RTL8169 - ok
13:27:01.0358 3984 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
13:27:01.0372 3984 SamSs - ok
13:27:01.0392 3984 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:27:01.0409 3984 sbp2port - ok
13:27:01.0603 3984 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:27:01.0654 3984 SCardSvr - ok
13:27:01.0693 3984 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
13:27:01.0775 3984 Schedule - ok
13:27:01.0812 3984 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:27:01.0835 3984 SCPolicySvc - ok
13:27:01.0856 3984 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:27:01.0909 3984 SDRSVC - ok
13:27:01.0942 3984 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:27:01.0992 3984 secdrv - ok
13:27:02.0002 3984 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
13:27:02.0040 3984 seclogon - ok
13:27:02.0049 3984 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
13:27:02.0081 3984 SENS - ok
13:27:02.0095 3984 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
13:27:02.0146 3984 Serenum - ok
13:27:02.0158 3984 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
13:27:02.0214 3984 Serial - ok
13:27:02.0227 3984 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:27:02.0261 3984 sermouse - ok
13:27:02.0350 3984 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
13:27:02.0403 3984 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
13:27:02.0403 3984 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
13:27:02.0438 3984 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
13:27:02.0471 3984 SessionEnv - ok
13:27:02.0493 3984 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:27:02.0551 3984 sffdisk - ok
13:27:02.0585 3984 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:27:02.0619 3984 sffp_mmc - ok
13:27:02.0627 3984 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:27:02.0661 3984 sffp_sd - ok
13:27:02.0677 3984 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:27:02.0727 3984 sfloppy - ok
13:27:02.0780 3984 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:27:02.0811 3984 ShellHWDetection - ok
13:27:02.0841 3984 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:27:02.0858 3984 SiSRaid2 - ok
13:27:02.0874 3984 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:27:02.0893 3984 SiSRaid4 - ok
13:27:02.0968 3984 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
13:27:03.0076 3984 slsvc - ok
13:27:03.0098 3984 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:27:03.0128 3984 SLUINotify - ok
13:27:03.0172 3984 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:27:03.0216 3984 Smb - ok
13:27:03.0255 3984 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:27:03.0293 3984 SNMPTRAP - ok
13:27:03.0351 3984 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
13:27:03.0368 3984 spldr - ok
13:27:03.0430 3984 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
13:27:03.0459 3984 Spooler - ok
13:27:03.0521 3984 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
13:27:03.0571 3984 srv - ok
13:27:03.0615 3984 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:27:03.0646 3984 srv2 - ok
13:27:03.0670 3984 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:27:03.0689 3984 srvnet - ok
13:27:03.0714 3984 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:27:03.0748 3984 SSDPSRV - ok
13:27:03.0760 3984 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:27:03.0795 3984 SstpSvc - ok
13:27:03.0839 3984 [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
13:27:03.0856 3984 ss_bbus - ok
13:27:03.0897 3984 [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
13:27:03.0909 3984 ss_bmdfl - ok
13:27:03.0967 3984 [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
13:27:03.0978 3984 ss_bmdm - ok
13:27:04.0033 3984 [ 677CDC98F8363ACCAAE783FDE1599C2A ] ss_bserd C:\Windows\system32\DRIVERS\ss_bserd.sys
13:27:04.0045 3984 ss_bserd - ok
13:27:04.0049 3984 StarOpen - ok
13:27:04.0100 3984 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
13:27:04.0165 3984 stisvc - ok
13:27:04.0207 3984 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:27:04.0222 3984 swenum - ok
13:27:04.0268 3984 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
13:27:04.0345 3984 swprv - ok
13:27:04.0371 3984 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:27:04.0383 3984 Symc8xx - ok
13:27:04.0401 3984 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:27:04.0412 3984 Sym_hi - ok
13:27:04.0425 3984 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:27:04.0438 3984 Sym_u3 - ok
13:27:04.0492 3984 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
13:27:04.0539 3984 SysMain - ok
13:27:04.0566 3984 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:27:04.0604 3984 TabletInputService - ok
13:27:04.0650 3984 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:27:04.0679 3984 TapiSrv - ok
13:27:04.0688 3984 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
13:27:04.0741 3984 TBS - ok
13:27:04.0804 3984 [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:27:04.0843 3984 Tcpip - ok
13:27:04.0887 3984 [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:27:04.0939 3984 Tcpip6 - ok
13:27:04.0975 3984 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:27:05.0035 3984 tcpipreg - ok
13:27:05.0049 3984 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:27:05.0104 3984 TDPIPE - ok
13:27:05.0126 3984 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:27:05.0173 3984 TDTCP - ok
13:27:05.0220 3984 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:27:05.0267 3984 tdx - ok
13:27:05.0300 3984 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:27:05.0317 3984 TermDD - ok
13:27:05.0376 3984 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
13:27:05.0418 3984 TermService - ok
13:27:05.0463 3984 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
13:27:05.0472 3984 TFsExDisk - ok
13:27:05.0487 3984 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
13:27:05.0503 3984 Themes - ok
13:27:05.0513 3984 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
13:27:05.0545 3984 THREADORDER - ok
13:27:05.0558 3984 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
13:27:05.0591 3984 TrkWks - ok
13:27:05.0666 3984 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:27:05.0693 3984 TrustedInstaller - ok
13:27:05.0708 3984 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:27:05.0739 3984 tssecsrv - ok
13:27:05.0750 3984 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:27:05.0774 3984 tunmp - ok
13:27:05.0825 3984 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:27:05.0838 3984 tunnel - ok
13:27:05.0860 3984 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:27:05.0873 3984 uagp35 - ok
13:27:05.0918 3984 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:27:05.0943 3984 udfs - ok
13:27:05.0951 3984 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:27:05.0989 3984 UI0Detect - ok
13:27:06.0001 3984 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:27:06.0013 3984 uliagpkx - ok
13:27:06.0032 3984 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:27:06.0047 3984 uliahci - ok
13:27:06.0060 3984 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:27:06.0072 3984 UlSata - ok
13:27:06.0091 3984 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:27:06.0105 3984 ulsata2 - ok
13:27:06.0126 3984 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:27:06.0157 3984 umbus - ok
13:27:06.0169 3984 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
13:27:06.0238 3984 upnphost - ok
13:27:06.0283 3984 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:27:06.0307 3984 usbccgp - ok
13:27:06.0320 3984 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:27:06.0396 3984 usbcir - ok
13:27:06.0429 3984 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:27:06.0451 3984 usbehci - ok
13:27:06.0505 3984 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:27:06.0547 3984 usbhub - ok
13:27:06.0579 3984 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:27:06.0625 3984 usbohci - ok
13:27:06.0631 3984 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:27:06.0677 3984 usbprint - ok
13:27:06.0700 3984 [ F7386007FB19E7685FC7B298560AA81F ] usbser C:\Windows\system32\DRIVERS\usbser.sys
13:27:06.0722 3984 usbser - ok
13:27:06.0765 3984 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:27:06.0788 3984 USBSTOR - ok
13:27:06.0794 3984 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:27:06.0816 3984 usbuhci - ok
13:27:06.0851 3984 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
13:27:06.0875 3984 UxSms - ok
13:27:06.0898 3984 [ 5581BB749DDE273F92A1E4A4D6CDF15A ] UxTuneUp C:\Windows\System32\uxtuneup.dll
13:27:06.0909 3984 UxTuneUp - ok
13:27:06.0968 3984 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
13:27:07.0018 3984 vds - ok
13:27:07.0032 3984 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:27:07.0062 3984 vga - ok
13:27:07.0078 3984 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:27:07.0131 3984 VgaSave - ok
13:27:07.0157 3984 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
13:27:07.0168 3984 viaide - ok
13:27:07.0207 3984 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:27:07.0220 3984 volmgr - ok
13:27:07.0273 3984 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:27:07.0293 3984 volmgrx - ok
13:27:07.0360 3984 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:27:07.0375 3984 volsnap - ok
13:27:07.0396 3984 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:27:07.0409 3984 vsmraid - ok
13:27:07.0478 3984 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
13:27:07.0571 3984 VSS - ok
13:27:07.0629 3984 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
13:27:07.0675 3984 W32Time - ok
13:27:07.0714 3984 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:27:07.0780 3984 WacomPen - ok
13:27:07.0825 3984 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:27:07.0849 3984 Wanarp - ok
13:27:07.0852 3984 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:27:07.0875 3984 Wanarpv6 - ok
13:27:07.0898 3984 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:27:07.0941 3984 wcncsvc - ok
13:27:07.0974 3984 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:27:08.0002 3984 WcsPlugInService - ok
13:27:08.0018 3984 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
13:27:08.0031 3984 Wd - ok
13:27:08.0068 3984 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:27:08.0094 3984 Wdf01000 - ok
13:27:08.0111 3984 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:27:08.0144 3984 WdiServiceHost - ok
13:27:08.0147 3984 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:27:08.0182 3984 WdiSystemHost - ok
13:27:08.0195 3984 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
13:27:08.0213 3984 WebClient - ok
13:27:08.0290 3984 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:27:08.0351 3984 Wecsvc - ok
13:27:08.0390 3984 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:27:08.0416 3984 wercplsupport - ok
13:27:08.0446 3984 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
13:27:08.0502 3984 WerSvc - ok
13:27:08.0507 3984 WinHttpAutoProxySvc - ok
13:27:08.0573 3984 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:27:08.0598 3984 Winmgmt - ok
13:27:08.0662 3984 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
13:27:08.0774 3984 WinRM - ok
13:27:08.0829 3984 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:27:08.0889 3984 Wlansvc - ok
13:27:08.0920 3984 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:27:08.0943 3984 WmiAcpi - ok
13:27:08.0989 3984 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:27:09.0020 3984 wmiApSrv - ok
13:27:09.0040 3984 WMPNetworkSvc - ok
13:27:09.0061 3984 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:27:09.0104 3984 WPCSvc - ok
13:27:09.0136 3984 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:27:09.0160 3984 WPDBusEnum - ok
13:27:09.0202 3984 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:27:09.0218 3984 WpdUsb - ok
13:27:09.0339 3984 [ 8E344C1B4FE7EDE0E9055405B9987862 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:27:09.0410 3984 WPFFontCache_v0400 - ok
13:27:09.0448 3984 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:27:09.0504 3984 ws2ifsl - ok
13:27:09.0510 3984 WSearch - ok
13:27:09.0548 3984 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:27:09.0561 3984 WudfPf - ok
13:27:09.0580 3984 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:27:09.0594 3984 WUDFRd - ok
13:27:09.0628 3984 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:27:09.0642 3984 wudfsvc - ok
13:27:09.0649 3984 ================ Scan global ===============================
13:27:09.0682 3984 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
13:27:09.0744 3984 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
13:27:09.0761 3984 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
13:27:09.0789 3984 [ B8844F93D2C5F1DCDB179AAA9AF134B7 ] C:\Windows\system32\services.exe
13:27:09.0793 3984 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
13:27:09.0793 3984 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
13:27:09.0793 3984 ================ Scan MBR ==================================
13:27:09.0802 3984 [ 125A9EFB00805296E689C06CF6020C43 ] \Device\Harddisk0\DR0
13:27:10.0071 3984 \Device\Harddisk0\DR0 - ok
13:27:10.0071 3984 ================ Scan VBR ==================================
13:27:10.0074 3984 [ 711AB08345BE695E88998963FA4834DF ] \Device\Harddisk0\DR0\Partition1
13:27:10.0075 3984 \Device\Harddisk0\DR0\Partition1 - ok
13:27:10.0079 3984 [ B2EAC4B1DCB39CC668431E809B17E1E1 ] \Device\Harddisk0\DR0\Partition2
13:27:10.0080 3984 \Device\Harddisk0\DR0\Partition2 - ok
13:27:10.0081 3984 ============================================================
13:27:10.0081 3984 Scan finished
13:27:10.0081 3984 ============================================================
13:27:10.0091 3096 Detected object count: 6
13:27:10.0091 3096 Actual detected object count: 6
13:28:03.0402 3096 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:28:03.0402 3096 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:28:03.0403 3096 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:28:03.0404 3096 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:28:03.0405 3096 MBAMProtector ( UnsignedFile.Multi.Generic ) - skipped by user
13:28:03.0405 3096 MBAMProtector ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:28:03.0407 3096 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
13:28:03.0407 3096 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:28:03.0409 3096 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
13:28:03.0409 3096 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:28:03.0411 3096 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
13:28:03.0411 3096 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
13:28:11.0095 3848 Deinitialize success
|
|
23.07.2013, 13:57
| #6 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC Bei den Einträgen mit services.exe Cure wählen und weiter, Logfile posten. Neues TDSSKiller Scanlog erstellen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ZeroAccess:
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\@
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L\00000004.@
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L\201d3dde
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L\6715e287
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L\76603ac3
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\00000004.@
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\00000008.@
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\000000cb.@
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000000.@
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000032.@
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000064.@
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
und ein frisches FRST log bitte.
__________________ --> TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC |
|
23.07.2013, 14:37
| #7 |
| | TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC Done. TDSS Code:
ATTFilter 13:25:56.0192 3696 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:25:56.0371 3696 ============================================================
13:25:56.0371 3696 Current date / time: 2013/07/23 13:25:56.0371
13:25:56.0371 3696 SystemInfo:
13:25:56.0371 3696
13:25:56.0371 3696 OS Version: 6.0.6002 ServicePack: 2.0
13:25:56.0371 3696 Product type: Workstation
13:25:56.0371 3696 ComputerName: GNUBBI-TEILCHEN
13:25:56.0372 3696 UserName: Gnubbi
13:25:56.0372 3696 Windows directory: C:\Windows
13:25:56.0372 3696 System windows directory: C:\Windows
13:25:56.0372 3696 Running under WOW64
13:25:56.0372 3696 Processor architecture: Intel x64
13:25:56.0372 3696 Number of processors: 4
13:25:56.0372 3696 Page size: 0x1000
13:25:56.0372 3696 Boot type: Normal boot
13:25:56.0372 3696 ============================================================
13:25:56.0732 3696 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:25:56.0748 3696 ============================================================
13:25:56.0748 3696 \Device\Harddisk0\DR0:
13:25:56.0748 3696 MBR partitions:
13:25:56.0748 3696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48B621A0
13:25:56.0748 3696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48B621DF, BlocksNum 0x1CF4CE2
13:25:56.0748 3696 ============================================================
13:25:56.0772 3696 C: <-> \Device\Harddisk0\DR0\Partition1
13:25:56.0822 3696 D: <-> \Device\Harddisk0\DR0\Partition2
13:25:56.0823 3696 ============================================================
13:25:56.0823 3696 Initialize success
13:25:56.0823 3696 ============================================================
13:26:43.0265 3984 ============================================================
13:26:43.0265 3984 Scan started
13:26:43.0265 3984 Mode: Manual; SigCheck; TDLFS;
13:26:43.0265 3984 ============================================================
13:26:43.0462 3984 ================ Scan system memory ========================
13:26:43.0462 3984 System memory - ok
13:26:43.0462 3984 ================ Scan services =============================
13:26:43.0599 3984 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
13:26:43.0738 3984 acedrv11 - ok
13:26:43.0792 3984 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:26:43.0813 3984 ACPI - ok
13:26:43.0943 3984 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:26:43.0960 3984 AdobeARMservice - ok
13:26:44.0060 3984 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:26:44.0072 3984 AdobeFlashPlayerUpdateSvc - ok
13:26:44.0112 3984 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:26:44.0143 3984 adp94xx - ok
13:26:44.0167 3984 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:26:44.0216 3984 adpahci - ok
13:26:44.0261 3984 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:26:44.0280 3984 adpu160m - ok
13:26:44.0304 3984 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:26:44.0324 3984 adpu320 - ok
13:26:44.0348 3984 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:26:44.0453 3984 AeLookupSvc - ok
13:26:44.0506 3984 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
13:26:44.0569 3984 AFD - ok
13:26:44.0582 3984 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:26:44.0599 3984 agp440 - ok
13:26:44.0615 3984 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:26:44.0632 3984 aic78xx - ok
13:26:44.0648 3984 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
13:26:44.0758 3984 ALG - ok
13:26:44.0769 3984 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
13:26:44.0783 3984 aliide - ok
13:26:44.0830 3984 [ 962227630779043B5C1D4CD157ABB912 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:26:44.0923 3984 AMD External Events Utility - ok
13:26:44.0940 3984 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
13:26:44.0954 3984 amdide - ok
13:26:44.0963 3984 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:26:44.0998 3984 AmdK8 - ok
13:26:45.0200 3984 [ 56D6631761EC37745F0DF16BCDC4CAF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:26:45.0575 3984 amdkmdag - ok
13:26:45.0604 3984 [ 2D9005EA0BFD25C740E53C8DD3C069E0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:26:45.0638 3984 amdkmdap - ok
13:26:45.0700 3984 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:26:45.0727 3984 AntiVirSchedulerService - ok
13:26:45.0749 3984 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:26:45.0759 3984 AntiVirService - ok
13:26:45.0782 3984 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
13:26:45.0857 3984 Appinfo - ok
13:26:45.0875 3984 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
13:26:45.0893 3984 arc - ok
13:26:45.0919 3984 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:26:45.0937 3984 arcsas - ok
13:26:45.0955 3984 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:26:46.0010 3984 AsyncMac - ok
13:26:46.0030 3984 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
13:26:46.0045 3984 atapi - ok
13:26:46.0096 3984 [ 5D6566D19FCCAF8A10D46B6C479227A9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
13:26:46.0112 3984 AtiHDAudioService - ok
13:26:46.0272 3984 [ 56D6631761EC37745F0DF16BCDC4CAF4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:26:46.0483 3984 atikmdag - ok
13:26:46.0532 3984 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
13:26:46.0547 3984 atksgt - ok
13:26:46.0601 3984 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:26:46.0642 3984 AudioEndpointBuilder - ok
13:26:46.0667 3984 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:26:46.0714 3984 AudioSrv - ok
13:26:46.0752 3984 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
13:26:46.0762 3984 avgntflt - ok
13:26:46.0775 3984 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
13:26:46.0793 3984 avipbb - ok
13:26:46.0817 3984 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
13:26:46.0830 3984 avkmgr - ok
13:26:46.0849 3984 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:26:46.0906 3984 blbdrive - ok
13:26:46.0947 3984 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:26:47.0005 3984 bowser - ok
13:26:47.0022 3984 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:26:47.0047 3984 BrFiltLo - ok
13:26:47.0062 3984 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:26:47.0110 3984 BrFiltUp - ok
13:26:47.0141 3984 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
13:26:47.0178 3984 Browser - ok
13:26:47.0195 3984 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
13:26:47.0354 3984 Brserid - ok
13:26:47.0371 3984 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:26:47.0421 3984 BrSerWdm - ok
13:26:47.0434 3984 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:26:47.0504 3984 BrUsbMdm - ok
13:26:47.0536 3984 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:26:47.0599 3984 BrUsbSer - ok
13:26:47.0634 3984 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:26:47.0685 3984 BTHMODEM - ok
13:26:47.0703 3984 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:26:47.0741 3984 cdfs - ok
13:26:47.0783 3984 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:26:47.0811 3984 cdrom - ok
13:26:47.0846 3984 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
13:26:47.0873 3984 CertPropSvc - ok
13:26:47.0888 3984 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
13:26:47.0923 3984 circlass - ok
13:26:47.0973 3984 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
13:26:48.0010 3984 CLFS - ok
13:26:48.0097 3984 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:26:48.0115 3984 clr_optimization_v2.0.50727_32 - ok
13:26:48.0176 3984 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:26:48.0192 3984 clr_optimization_v2.0.50727_64 - ok
13:26:48.0283 3984 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:26:48.0295 3984 clr_optimization_v4.0.30319_32 - ok
13:26:48.0336 3984 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:26:48.0347 3984 clr_optimization_v4.0.30319_64 - ok
13:26:48.0363 3984 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:26:48.0377 3984 cmdide - ok
13:26:48.0393 3984 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:26:48.0409 3984 Compbatt - ok
13:26:48.0413 3984 COMSysApp - ok
13:26:48.0426 3984 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:26:48.0442 3984 crcdisk - ok
13:26:48.0467 3984 [ 1B22BC0B71F65001479DAB792C3F626C ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:26:48.0527 3984 CryptSvc - ok
13:26:48.0579 3984 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
13:26:48.0623 3984 DcomLaunch - ok
13:26:48.0681 3984 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:26:48.0710 3984 DfsC - ok
13:26:48.0800 3984 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
13:26:48.0921 3984 DFSR - ok
13:26:48.0974 3984 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
13:26:48.0990 3984 dg_ssudbus - ok
13:26:49.0044 3984 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:26:49.0070 3984 Dhcp - ok
13:26:49.0111 3984 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
13:26:49.0129 3984 disk - ok
13:26:49.0171 3984 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:26:49.0203 3984 Dnscache - ok
13:26:49.0254 3984 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
13:26:49.0286 3984 dot3svc - ok
13:26:49.0310 3984 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
13:26:49.0363 3984 DPS - ok
13:26:49.0405 3984 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:26:49.0430 3984 drmkaud - ok
13:26:49.0457 3984 dump_wmimmc - ok
13:26:49.0513 3984 [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:26:49.0552 3984 DXGKrnl - ok
13:26:49.0596 3984 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
13:26:49.0653 3984 E1G60 - ok
13:26:49.0685 3984 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
13:26:49.0722 3984 EapHost - ok
13:26:49.0769 3984 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
13:26:49.0792 3984 Ecache - ok
13:26:49.0843 3984 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:26:49.0921 3984 ehRecvr - ok
13:26:49.0950 3984 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
13:26:49.0993 3984 ehSched - ok
13:26:50.0013 3984 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
13:26:50.0032 3984 ehstart - ok
13:26:50.0060 3984 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:26:50.0091 3984 elxstor - ok
13:26:50.0144 3984 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:26:50.0272 3984 EMDMgmt - ok
13:26:50.0288 3984 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:26:50.0321 3984 ErrDev - ok
13:26:50.0378 3984 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
13:26:50.0407 3984 EventSystem - ok
13:26:50.0464 3984 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
13:26:50.0534 3984 exfat - ok
13:26:50.0546 3984 ezSharedSvc - ok
13:26:50.0602 3984 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:26:50.0655 3984 fastfat - ok
13:26:50.0674 3984 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:26:50.0708 3984 fdc - ok
13:26:50.0728 3984 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
13:26:50.0759 3984 fdPHost - ok
13:26:50.0771 3984 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
13:26:50.0817 3984 FDResPub - ok
13:26:50.0826 3984 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:26:50.0844 3984 FileInfo - ok
13:26:50.0858 3984 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:26:50.0892 3984 Filetrace - ok
13:26:50.0906 3984 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:26:50.0940 3984 flpydisk - ok
13:26:50.0987 3984 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:26:51.0005 3984 FltMgr - ok
13:26:51.0065 3984 [ F20A97F51C104DD0A163251325460747 ] FontCache C:\Windows\system32\FntCache.dll
13:26:51.0184 3984 FontCache - ok
13:26:51.0274 3984 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:26:51.0289 3984 FontCache3.0.0.0 - ok
13:26:51.0334 3984 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:26:51.0393 3984 Fs_Rec - ok
13:26:51.0411 3984 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:26:51.0428 3984 gagp30kx - ok
13:26:51.0480 3984 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
13:26:51.0524 3984 gpsvc - ok
13:26:51.0613 3984 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:26:51.0623 3984 gupdate - ok
13:26:51.0627 3984 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:26:51.0637 3984 gupdatem - ok
13:26:51.0665 3984 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:26:51.0685 3984 gusvc - ok
13:26:51.0736 3984 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:26:51.0776 3984 HdAudAddService - ok
13:26:51.0829 3984 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:26:51.0889 3984 HDAudBus - ok
13:26:51.0935 3984 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:26:52.0018 3984 HidBth - ok
13:26:52.0041 3984 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:26:52.0109 3984 HidIr - ok
13:26:52.0137 3984 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
13:26:52.0181 3984 hidserv - ok
13:26:52.0207 3984 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:26:52.0232 3984 HidUsb - ok
13:26:52.0254 3984 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
13:26:52.0285 3984 hkmsvc - ok
13:26:52.0326 3984 [ A3A30438C48D2D71556E120C9C7BA7A0 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
13:26:52.0351 3984 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
13:26:52.0352 3984 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
13:26:52.0380 3984 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:26:52.0397 3984 HpCISSs - ok
13:26:52.0452 3984 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:26:52.0568 3984 HTTP - ok
13:26:52.0611 3984 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:26:52.0626 3984 i2omp - ok
13:26:52.0645 3984 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:26:52.0672 3984 i8042prt - ok
13:26:52.0702 3984 [ 5B19DFC29A9563A5DA5CA559BED83AA8 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
13:26:52.0731 3984 IAANTMON - ok
13:26:52.0757 3984 [ A5AFC75C01044C0DDA0231C4E26C15A0 ] iaStor C:\Windows\system32\drivers\iastor.sys
13:26:52.0786 3984 iaStor - ok
13:26:52.0830 3984 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:26:52.0859 3984 iaStorV - ok
13:26:52.0921 3984 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:26:52.0979 3984 idsvc - ok
13:26:53.0024 3984 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:26:53.0042 3984 iirsp - ok
13:26:53.0102 3984 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
13:26:53.0162 3984 IKEEXT - ok
13:26:53.0220 3984 [ 46CB3ABE8150E7B181E86D4906DE17E8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:26:53.0299 3984 IntcAzAudAddService - ok
13:26:53.0321 3984 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
13:26:53.0337 3984 intelide - ok
13:26:53.0364 3984 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:26:53.0396 3984 intelppm - ok
13:26:53.0423 3984 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:26:53.0475 3984 IPBusEnum - ok
13:26:53.0504 3984 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:26:53.0532 3984 IpFilterDriver - ok
13:26:53.0535 3984 IpInIp - ok
13:26:53.0554 3984 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:26:53.0591 3984 IPMIDRV - ok
13:26:53.0602 3984 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:26:53.0661 3984 IPNAT - ok
13:26:53.0679 3984 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:26:53.0713 3984 IRENUM - ok
13:26:53.0737 3984 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:26:53.0752 3984 isapnp - ok
13:26:53.0797 3984 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:26:53.0813 3984 iScsiPrt - ok
13:26:53.0825 3984 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:26:53.0840 3984 iteatapi - ok
13:26:53.0852 3984 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:26:53.0868 3984 iteraid - ok
13:26:53.0882 3984 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:26:53.0898 3984 kbdclass - ok
13:26:53.0937 3984 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
13:26:53.0960 3984 kbdhid - ok
13:26:53.0985 3984 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
13:26:54.0032 3984 KeyIso - ok
13:26:54.0078 3984 [ 4E76398AEF64CB6D782CFEB99B4EAE55 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
13:26:54.0091 3984 KMWDFILTER - ok
13:26:54.0142 3984 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:26:54.0184 3984 KSecDD - ok
13:26:54.0203 3984 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:26:54.0234 3984 ksthunk - ok
13:26:54.0254 3984 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
13:26:54.0323 3984 KtmRm - ok
13:26:54.0352 3984 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:26:54.0381 3984 LanmanServer - ok
13:26:54.0416 3984 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:26:54.0432 3984 LanmanWorkstation - ok
13:26:54.0475 3984 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:26:54.0484 3984 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
13:26:54.0484 3984 LightScribeService - detected UnsignedFile.Multi.Generic (1)
13:26:54.0502 3984 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
13:26:54.0516 3984 lirsgt - ok
13:26:54.0525 3984 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:26:54.0580 3984 lltdio - ok
13:26:54.0614 3984 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:26:54.0662 3984 lltdsvc - ok
13:26:54.0680 3984 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:26:54.0711 3984 lmhosts - ok
13:26:54.0734 3984 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:26:54.0751 3984 LSI_FC - ok
13:26:54.0771 3984 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:26:54.0789 3984 LSI_SAS - ok
13:26:54.0811 3984 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:26:54.0829 3984 LSI_SCSI - ok
13:26:54.0845 3984 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
13:26:54.0904 3984 luafv - ok
13:26:54.0932 3984 [ 79DA94B35371B9E7104460C7693DCB2C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
13:26:54.0942 3984 MBAMProtector ( UnsignedFile.Multi.Generic ) - warning
13:26:54.0942 3984 MBAMProtector - detected UnsignedFile.Multi.Generic (1)
13:26:54.0976 3984 [ 056B19651BD7B7CE5F89A3AC46DBDC08 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:26:54.0996 3984 MBAMService - ok
13:26:55.0014 3984 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:26:55.0032 3984 Mcx2Svc - ok
13:26:55.0049 3984 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
13:26:55.0065 3984 megasas - ok
13:26:55.0091 3984 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:26:55.0119 3984 MegaSR - ok
13:26:55.0131 3984 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
13:26:55.0162 3984 MMCSS - ok
13:26:55.0175 3984 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
13:26:55.0225 3984 Modem - ok
13:26:55.0264 3984 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:26:55.0317 3984 monitor - ok
13:26:55.0343 3984 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:26:55.0359 3984 mouclass - ok
13:26:55.0372 3984 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:26:55.0406 3984 mouhid - ok
13:26:55.0410 3984 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:26:55.0428 3984 MountMgr - ok
13:26:55.0494 3984 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:26:55.0514 3984 MozillaMaintenance - ok
13:26:55.0526 3984 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
13:26:55.0546 3984 mpio - ok
13:26:55.0564 3984 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:26:55.0612 3984 mpsdrv - ok
13:26:55.0658 3984 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:26:55.0674 3984 Mraid35x - ok
13:26:55.0697 3984 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:26:55.0732 3984 MRxDAV - ok
13:26:55.0774 3984 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:26:55.0801 3984 mrxsmb - ok
13:26:55.0851 3984 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:26:55.0896 3984 mrxsmb10 - ok
13:26:55.0924 3984 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:26:55.0961 3984 mrxsmb20 - ok
13:26:55.0992 3984 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
13:26:56.0007 3984 msahci - ok
13:26:56.0029 3984 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:26:56.0047 3984 msdsm - ok
13:26:56.0066 3984 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
13:26:56.0119 3984 MSDTC - ok
13:26:56.0157 3984 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:26:56.0211 3984 Msfs - ok
13:26:56.0231 3984 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:26:56.0246 3984 msisadrv - ok
13:26:56.0276 3984 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:26:56.0314 3984 MSiSCSI - ok
13:26:56.0318 3984 msiserver - ok
13:26:56.0337 3984 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:26:56.0372 3984 MSKSSRV - ok
13:26:56.0382 3984 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:26:56.0432 3984 MSPCLOCK - ok
13:26:56.0453 3984 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:26:56.0509 3984 MSPQM - ok
13:26:56.0555 3984 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:26:56.0586 3984 MsRPC - ok
13:26:56.0601 3984 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:26:56.0613 3984 mssmbios - ok
13:26:56.0625 3984 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:26:56.0673 3984 MSTEE - ok
13:26:56.0678 3984 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
13:26:56.0696 3984 Mup - ok
13:26:56.0745 3984 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
13:26:56.0775 3984 napagent - ok
13:26:56.0826 3984 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:26:56.0846 3984 NativeWifiP - ok
13:26:56.0908 3984 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:26:56.0944 3984 NDIS - ok
13:26:56.0978 3984 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:26:57.0004 3984 NdisTapi - ok
13:26:57.0013 3984 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:26:57.0046 3984 Ndisuio - ok
13:26:57.0085 3984 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:26:57.0115 3984 NdisWan - ok
13:26:57.0127 3984 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:26:57.0155 3984 NDProxy - ok
13:26:57.0160 3984 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:26:57.0211 3984 NetBIOS - ok
13:26:57.0255 3984 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:26:57.0294 3984 netbt - ok
13:26:57.0308 3984 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
13:26:57.0321 3984 Netlogon - ok
13:26:57.0351 3984 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
13:26:57.0388 3984 Netman - ok
13:26:57.0402 3984 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
13:26:57.0467 3984 netprofm - ok
13:26:57.0503 3984 [ 8E6AF418ED39B976B172F1CEA9E6F538 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
13:26:57.0573 3984 netr28x - ok
13:26:57.0612 3984 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:26:57.0632 3984 NetTcpPortSharing - ok
13:26:57.0652 3984 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:26:57.0668 3984 nfrd960 - ok
13:26:57.0684 3984 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
13:26:57.0735 3984 NlaSvc - ok
13:26:57.0764 3984 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:26:57.0809 3984 Npfs - ok
13:26:57.0813 3984 npggsvc - ok
13:26:57.0818 3984 NPPTNT2 - ok
13:26:57.0856 3984 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
13:26:57.0887 3984 nsi - ok
13:26:57.0896 3984 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:26:57.0949 3984 nsiproxy - ok
13:26:58.0021 3984 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:26:58.0102 3984 Ntfs - ok
13:26:58.0130 3984 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
13:26:58.0180 3984 Null - ok
13:26:58.0215 3984 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:26:58.0233 3984 nvraid - ok
13:26:58.0254 3984 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:26:58.0271 3984 nvstor - ok
13:26:58.0307 3984 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:26:58.0326 3984 nv_agp - ok
13:26:58.0330 3984 NwlnkFlt - ok
13:26:58.0335 3984 NwlnkFwd - ok
13:26:58.0373 3984 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:26:58.0397 3984 ohci1394 - ok
13:26:58.0461 3984 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:26:58.0540 3984 p2pimsvc - ok
13:26:58.0567 3984 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
13:26:58.0590 3984 p2psvc - ok
13:26:58.0601 3984 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
13:26:58.0669 3984 Parport - ok
13:26:58.0709 3984 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:26:58.0727 3984 partmgr - ok
13:26:58.0748 3984 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
13:26:58.0777 3984 PcaSvc - ok
13:26:58.0825 3984 [ 81B5E63131090879AD6EF9F32109B88D ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
13:26:58.0848 3984 pccsmcfd - ok
13:26:58.0858 3984 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
13:26:58.0872 3984 pci - ok
13:26:58.0889 3984 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
13:26:58.0903 3984 pciide - ok
13:26:58.0918 3984 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:26:58.0939 3984 pcmcia - ok
13:26:58.0964 3984 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:26:59.0032 3984 PEAUTH - ok
13:26:59.0101 3984 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:26:59.0132 3984 PerfHost - ok
13:26:59.0169 3984 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
13:26:59.0264 3984 pla - ok
13:26:59.0299 3984 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:26:59.0339 3984 PlugPlay - ok
13:26:59.0361 3984 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:26:59.0385 3984 PNRPAutoReg - ok
13:26:59.0411 3984 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:26:59.0434 3984 PNRPsvc - ok
13:26:59.0496 3984 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:26:59.0555 3984 PolicyAgent - ok
13:26:59.0605 3984 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:26:59.0649 3984 PptpMiniport - ok
13:26:59.0678 3984 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
13:26:59.0714 3984 Processor - ok
13:26:59.0774 3984 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
13:26:59.0799 3984 ProfSvc - ok
13:26:59.0808 3984 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
13:26:59.0821 3984 ProtectedStorage - ok
13:26:59.0867 3984 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe
13:26:59.0897 3984 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
13:26:59.0897 3984 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
13:26:59.0940 3984 [ 1D0A3F565397D08707F3D75B88586645 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
13:26:59.0962 3984 Ps2 - ok
13:27:00.0000 3984 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:27:00.0024 3984 PSched - ok
13:27:00.0069 3984 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:27:00.0137 3984 ql2300 - ok
13:27:00.0147 3984 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:27:00.0166 3984 ql40xx - ok
13:27:00.0189 3984 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
13:27:00.0219 3984 QWAVE - ok
13:27:00.0228 3984 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:27:00.0245 3984 QWAVEdrv - ok
13:27:00.0253 3984 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:27:00.0287 3984 RasAcd - ok
13:27:00.0300 3984 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
13:27:00.0333 3984 RasAuto - ok
13:27:00.0338 3984 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:27:00.0386 3984 Rasl2tp - ok
13:27:00.0420 3984 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
13:27:00.0447 3984 RasMan - ok
13:27:00.0498 3984 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:27:00.0525 3984 RasPppoe - ok
13:27:00.0560 3984 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:27:00.0577 3984 RasSstp - ok
13:27:00.0615 3984 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:27:00.0655 3984 rdbss - ok
13:27:00.0664 3984 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:27:00.0697 3984 RDPCDD - ok
13:27:00.0723 3984 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:27:00.0771 3984 rdpdr - ok
13:27:00.0774 3984 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:27:00.0808 3984 RDPENCDD - ok
13:27:00.0868 3984 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:27:00.0944 3984 RDPWD - ok
13:27:00.0969 3984 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:27:01.0006 3984 RemoteAccess - ok
13:27:01.0045 3984 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:27:01.0083 3984 RemoteRegistry - ok
13:27:01.0103 3984 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
13:27:01.0133 3984 RpcLocator - ok
13:27:01.0186 3984 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
13:27:01.0226 3984 RpcSs - ok
13:27:01.0247 3984 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:27:01.0285 3984 rspndr - ok
13:27:01.0297 3984 [ 82B66ABF055611024E5DBB9FA556C11D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
13:27:01.0338 3984 RTL8169 - ok
13:27:01.0358 3984 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
13:27:01.0372 3984 SamSs - ok
13:27:01.0392 3984 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:27:01.0409 3984 sbp2port - ok
13:27:01.0603 3984 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:27:01.0654 3984 SCardSvr - ok
13:27:01.0693 3984 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
13:27:01.0775 3984 Schedule - ok
13:27:01.0812 3984 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:27:01.0835 3984 SCPolicySvc - ok
13:27:01.0856 3984 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:27:01.0909 3984 SDRSVC - ok
13:27:01.0942 3984 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:27:01.0992 3984 secdrv - ok
13:27:02.0002 3984 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
13:27:02.0040 3984 seclogon - ok
13:27:02.0049 3984 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
13:27:02.0081 3984 SENS - ok
13:27:02.0095 3984 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
13:27:02.0146 3984 Serenum - ok
13:27:02.0158 3984 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
13:27:02.0214 3984 Serial - ok
13:27:02.0227 3984 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:27:02.0261 3984 sermouse - ok
13:27:02.0350 3984 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
13:27:02.0403 3984 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
13:27:02.0403 3984 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
13:27:02.0438 3984 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
13:27:02.0471 3984 SessionEnv - ok
13:27:02.0493 3984 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:27:02.0551 3984 sffdisk - ok
13:27:02.0585 3984 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:27:02.0619 3984 sffp_mmc - ok
13:27:02.0627 3984 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:27:02.0661 3984 sffp_sd - ok
13:27:02.0677 3984 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:27:02.0727 3984 sfloppy - ok
13:27:02.0780 3984 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:27:02.0811 3984 ShellHWDetection - ok
13:27:02.0841 3984 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:27:02.0858 3984 SiSRaid2 - ok
13:27:02.0874 3984 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:27:02.0893 3984 SiSRaid4 - ok
13:27:02.0968 3984 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
13:27:03.0076 3984 slsvc - ok
13:27:03.0098 3984 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:27:03.0128 3984 SLUINotify - ok
13:27:03.0172 3984 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:27:03.0216 3984 Smb - ok
13:27:03.0255 3984 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:27:03.0293 3984 SNMPTRAP - ok
13:27:03.0351 3984 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
13:27:03.0368 3984 spldr - ok
13:27:03.0430 3984 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
13:27:03.0459 3984 Spooler - ok
13:27:03.0521 3984 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
13:27:03.0571 3984 srv - ok
13:27:03.0615 3984 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:27:03.0646 3984 srv2 - ok
13:27:03.0670 3984 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:27:03.0689 3984 srvnet - ok
13:27:03.0714 3984 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:27:03.0748 3984 SSDPSRV - ok
13:27:03.0760 3984 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:27:03.0795 3984 SstpSvc - ok
13:27:03.0839 3984 [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
13:27:03.0856 3984 ss_bbus - ok
13:27:03.0897 3984 [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
13:27:03.0909 3984 ss_bmdfl - ok
13:27:03.0967 3984 [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
13:27:03.0978 3984 ss_bmdm - ok
13:27:04.0033 3984 [ 677CDC98F8363ACCAAE783FDE1599C2A ] ss_bserd C:\Windows\system32\DRIVERS\ss_bserd.sys
13:27:04.0045 3984 ss_bserd - ok
13:27:04.0049 3984 StarOpen - ok
13:27:04.0100 3984 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
13:27:04.0165 3984 stisvc - ok
13:27:04.0207 3984 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:27:04.0222 3984 swenum - ok
13:27:04.0268 3984 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
13:27:04.0345 3984 swprv - ok
13:27:04.0371 3984 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:27:04.0383 3984 Symc8xx - ok
13:27:04.0401 3984 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:27:04.0412 3984 Sym_hi - ok
13:27:04.0425 3984 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:27:04.0438 3984 Sym_u3 - ok
13:27:04.0492 3984 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
13:27:04.0539 3984 SysMain - ok
13:27:04.0566 3984 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:27:04.0604 3984 TabletInputService - ok
13:27:04.0650 3984 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:27:04.0679 3984 TapiSrv - ok
13:27:04.0688 3984 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
13:27:04.0741 3984 TBS - ok
13:27:04.0804 3984 [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:27:04.0843 3984 Tcpip - ok
13:27:04.0887 3984 [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:27:04.0939 3984 Tcpip6 - ok
13:27:04.0975 3984 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:27:05.0035 3984 tcpipreg - ok
13:27:05.0049 3984 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:27:05.0104 3984 TDPIPE - ok
13:27:05.0126 3984 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:27:05.0173 3984 TDTCP - ok
13:27:05.0220 3984 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:27:05.0267 3984 tdx - ok
13:27:05.0300 3984 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:27:05.0317 3984 TermDD - ok
13:27:05.0376 3984 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
13:27:05.0418 3984 TermService - ok
13:27:05.0463 3984 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
13:27:05.0472 3984 TFsExDisk - ok
13:27:05.0487 3984 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
13:27:05.0503 3984 Themes - ok
13:27:05.0513 3984 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
13:27:05.0545 3984 THREADORDER - ok
13:27:05.0558 3984 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
13:27:05.0591 3984 TrkWks - ok
13:27:05.0666 3984 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:27:05.0693 3984 TrustedInstaller - ok
13:27:05.0708 3984 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:27:05.0739 3984 tssecsrv - ok
13:27:05.0750 3984 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:27:05.0774 3984 tunmp - ok
13:27:05.0825 3984 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:27:05.0838 3984 tunnel - ok
13:27:05.0860 3984 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:27:05.0873 3984 uagp35 - ok
13:27:05.0918 3984 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:27:05.0943 3984 udfs - ok
13:27:05.0951 3984 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:27:05.0989 3984 UI0Detect - ok
13:27:06.0001 3984 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:27:06.0013 3984 uliagpkx - ok
13:27:06.0032 3984 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:27:06.0047 3984 uliahci - ok
13:27:06.0060 3984 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:27:06.0072 3984 UlSata - ok
13:27:06.0091 3984 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:27:06.0105 3984 ulsata2 - ok
13:27:06.0126 3984 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:27:06.0157 3984 umbus - ok
13:27:06.0169 3984 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
13:27:06.0238 3984 upnphost - ok
13:27:06.0283 3984 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:27:06.0307 3984 usbccgp - ok
13:27:06.0320 3984 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:27:06.0396 3984 usbcir - ok
13:27:06.0429 3984 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:27:06.0451 3984 usbehci - ok
13:27:06.0505 3984 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:27:06.0547 3984 usbhub - ok
13:27:06.0579 3984 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:27:06.0625 3984 usbohci - ok
13:27:06.0631 3984 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
13:27:06.0677 3984 usbprint - ok
13:27:06.0700 3984 [ F7386007FB19E7685FC7B298560AA81F ] usbser C:\Windows\system32\DRIVERS\usbser.sys
13:27:06.0722 3984 usbser - ok
13:27:06.0765 3984 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:27:06.0788 3984 USBSTOR - ok
13:27:06.0794 3984 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:27:06.0816 3984 usbuhci - ok
13:27:06.0851 3984 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
13:27:06.0875 3984 UxSms - ok
13:27:06.0898 3984 [ 5581BB749DDE273F92A1E4A4D6CDF15A ] UxTuneUp C:\Windows\System32\uxtuneup.dll
13:27:06.0909 3984 UxTuneUp - ok
13:27:06.0968 3984 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
13:27:07.0018 3984 vds - ok
13:27:07.0032 3984 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:27:07.0062 3984 vga - ok
13:27:07.0078 3984 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
13:27:07.0131 3984 VgaSave - ok
13:27:07.0157 3984 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
13:27:07.0168 3984 viaide - ok
13:27:07.0207 3984 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:27:07.0220 3984 volmgr - ok
13:27:07.0273 3984 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:27:07.0293 3984 volmgrx - ok
13:27:07.0360 3984 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:27:07.0375 3984 volsnap - ok
13:27:07.0396 3984 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:27:07.0409 3984 vsmraid - ok
13:27:07.0478 3984 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
13:27:07.0571 3984 VSS - ok
13:27:07.0629 3984 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
13:27:07.0675 3984 W32Time - ok
13:27:07.0714 3984 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:27:07.0780 3984 WacomPen - ok
13:27:07.0825 3984 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:27:07.0849 3984 Wanarp - ok
13:27:07.0852 3984 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:27:07.0875 3984 Wanarpv6 - ok
13:27:07.0898 3984 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:27:07.0941 3984 wcncsvc - ok
13:27:07.0974 3984 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:27:08.0002 3984 WcsPlugInService - ok
13:27:08.0018 3984 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
13:27:08.0031 3984 Wd - ok
13:27:08.0068 3984 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:27:08.0094 3984 Wdf01000 - ok
13:27:08.0111 3984 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:27:08.0144 3984 WdiServiceHost - ok
13:27:08.0147 3984 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:27:08.0182 3984 WdiSystemHost - ok
13:27:08.0195 3984 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
13:27:08.0213 3984 WebClient - ok
13:27:08.0290 3984 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:27:08.0351 3984 Wecsvc - ok
13:27:08.0390 3984 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:27:08.0416 3984 wercplsupport - ok
13:27:08.0446 3984 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
13:27:08.0502 3984 WerSvc - ok
13:27:08.0507 3984 WinHttpAutoProxySvc - ok
13:27:08.0573 3984 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:27:08.0598 3984 Winmgmt - ok
13:27:08.0662 3984 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
13:27:08.0774 3984 WinRM - ok
13:27:08.0829 3984 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:27:08.0889 3984 Wlansvc - ok
13:27:08.0920 3984 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:27:08.0943 3984 WmiAcpi - ok
13:27:08.0989 3984 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:27:09.0020 3984 wmiApSrv - ok
13:27:09.0040 3984 WMPNetworkSvc - ok
13:27:09.0061 3984 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:27:09.0104 3984 WPCSvc - ok
13:27:09.0136 3984 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:27:09.0160 3984 WPDBusEnum - ok
13:27:09.0202 3984 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:27:09.0218 3984 WpdUsb - ok
13:27:09.0339 3984 [ 8E344C1B4FE7EDE0E9055405B9987862 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:27:09.0410 3984 WPFFontCache_v0400 - ok
13:27:09.0448 3984 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:27:09.0504 3984 ws2ifsl - ok
13:27:09.0510 3984 WSearch - ok
13:27:09.0548 3984 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:27:09.0561 3984 WudfPf - ok
13:27:09.0580 3984 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:27:09.0594 3984 WUDFRd - ok
13:27:09.0628 3984 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:27:09.0642 3984 wudfsvc - ok
13:27:09.0649 3984 ================ Scan global ===============================
13:27:09.0682 3984 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
13:27:09.0744 3984 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
13:27:09.0761 3984 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
13:27:09.0789 3984 [ B8844F93D2C5F1DCDB179AAA9AF134B7 ] C:\Windows\system32\services.exe
13:27:09.0793 3984 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - infected
13:27:09.0793 3984 C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.a (0)
13:27:09.0793 3984 ================ Scan MBR ==================================
13:27:09.0802 3984 [ 125A9EFB00805296E689C06CF6020C43 ] \Device\Harddisk0\DR0
13:27:10.0071 3984 \Device\Harddisk0\DR0 - ok
13:27:10.0071 3984 ================ Scan VBR ==================================
13:27:10.0074 3984 [ 711AB08345BE695E88998963FA4834DF ] \Device\Harddisk0\DR0\Partition1
13:27:10.0075 3984 \Device\Harddisk0\DR0\Partition1 - ok
13:27:10.0079 3984 [ B2EAC4B1DCB39CC668431E809B17E1E1 ] \Device\Harddisk0\DR0\Partition2
13:27:10.0080 3984 \Device\Harddisk0\DR0\Partition2 - ok
13:27:10.0081 3984 ============================================================
13:27:10.0081 3984 Scan finished
13:27:10.0081 3984 ============================================================
13:27:10.0091 3096 Detected object count: 6
13:27:10.0091 3096 Actual detected object count: 6
13:28:03.0402 3096 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:28:03.0402 3096 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:28:03.0403 3096 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
13:28:03.0404 3096 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:28:03.0405 3096 MBAMProtector ( UnsignedFile.Multi.Generic ) - skipped by user
13:28:03.0405 3096 MBAMProtector ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:28:03.0407 3096 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
13:28:03.0407 3096 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:28:03.0409 3096 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
13:28:03.0409 3096 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:28:03.0411 3096 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - skipped by user
13:28:03.0411 3096 C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.a ) - User select action: Skip
13:28:11.0095 3848 Deinitialize success
Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-07-2013
Ran by Gnubbi at 2013-07-23 15:33:14 Run:1
Running from C:\Users\Gnubbi\Desktop
Boot Mode: Normal
==============================================
C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d} => Moved successfully.
"C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\@" => File/Directory not found.
"C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L" => File/Directory not found.
"C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U" => File/Directory not found.
"C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L\00000004.@" => File/Directory not found.
"C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L\201d3dde" => File/Directory not found.
"C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L\6715e287" => File/Directory not found.
"C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\L\76603ac3" => File/Directory not found.
"C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\00000004.@" => File/Directory not found.
"C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\00000008.@" => File/Directory not found.
"C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\000000cb.@" => File/Directory not found.
"C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000000.@" => File/Directory not found.
"C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000032.@" => File/Directory not found.
"C:\Windows\Installer\{279548af-2de9-4848-0057-c7da940e533d}\U\80000064.@" => File/Directory not found.
"C:\Windows\assembly\GAC_32\Desktop.ini" => File/Directory not found.
"C:\Windows\assembly\GAC_64\Desktop.ini" => File/Directory not found.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\de-DE" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by Gnubbi (administrator) on 23-07-2013 15:33:28
Running from C:\Users\Gnubbi\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
() C:\Users\Gnubbi\RocketDock\RocketDock.exe
(Windows Net) C:\Users\Gnubbi\AppData\Roaming\Windows Net Data\net.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
==================== Registry (Whitelisted) ==================
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKCU\...\Run: [RocketDock] - C:\Users\Gnubbi\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [SSync] - C:\Users\Gnubbi\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [DataMgr] - C:\Users\Gnubbi\AppData\Roaming\DataMgr\DataMgr.exe [168848 2013-06-26] (HTTO Group, Ltd.)
HKCU\...\Run: [SCheck] - C:\Users\Gnubbi\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [Snoozer] - C:\Users\Gnubbi\AppData\Roaming\Snz\Snz.exe [1137673 2013-07-21] ()
HKCU\...\Run: [Intermediate] - C:\Users\Gnubbi\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
MountPoints2: {65e9b171-37c0-11de-9b9e-00221558ad48} - J:\rnwlvb.exe
MountPoints2: {fa3cd6dd-7f5d-11df-b2fc-00221558ad48} - J:\AutoRun.exe
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKU\Administrator\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
AppInit_DLLs-x32: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll c:\progra~2\websea~1\sprote~1.dll [972080 2008-07-03] ()
Startup: C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Gnubbi\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=42D400225F09AD59&affID=122450&tsp=4943
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/my_homepage/0022/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchrocket.info/?pid=658&r=2013/05/22&hid=2597692014&lg=EN&cc=DE&unqvl=16
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {F5C44D02-1CFC-4026-BBCC-E3514C88692E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM - {4CB690B1-11EC-457C-B66A-3003BC43F5E3} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {F5C44D02-1CFC-4026-BBCC-E3514C88692E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {4CB690B1-11EC-457C-B66A-3003BC43F5E3} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchrocket.info/?l=1&q={searchTerms}&pid=658&r=2013/05/22&hid=2597692014&lg=EN&cc=DE&unqvl=16
SearchScopes: HKLM-x32 - {F5C44D02-1CFC-4026-BBCC-E3514C88692E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
SearchScopes: HKCU - {01_TL-YODL-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_yodl&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {03_TL-GOOGLE-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {03_TL-TELEFONBUCH-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_telefonbuch&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {04_TL-AMAZON-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_amazon&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {05_TL-EBAY-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_ebay&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {07_TL-CONRAD-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_conrad&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {08_TL-OTTO-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_otto&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {09_TL-CLIPFISH-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_clipfish&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {10_TL-MYVIDEO-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_myvideo&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {11_TL-MUSICLOAD-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_musicload&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {4CB690B1-11EC-457C-B66A-3003BC43F5E3} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {F5C44D02-1CFC-4026-BBCC-E3514C88692E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PiccShare BHO - {553318DA-D010-469E-84B1-496563CAE1C0} - C:\Users\Gnubbi\AppData\Local\ext_piccshare\ext_piccshare.dll (HTTO Group, Ltd)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.)
Handler-x32: ipp - No CLSID Value -
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
FireFox:
========
FF ProfilePath: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.google.de/ig|hxxp://www.giga.de/my_homepage/0022/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\clipfish.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\conrad.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\discount24.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\musicload.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\myvideo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\otto.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\quelle.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\telefonbuch-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yodl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\zwunzi113.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\zwunzi115.xml
FF Extension: Amazon-Icon - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\amazon-icon@winload.de
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\ich@maltegoetz.de
FF Extension: Spartipps von SparPilot.com - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\sparpilot@sparpilot.com
FF Extension: om - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\om@offermosquito.com.xpi
FF Extension: toolbar - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [mail@gutscheinrausch.de] C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\extensions\mail@gutscheinrausch.de
FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\extensions\firejump@firejump.net
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: () - C:\Users\Gnubbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (Amazon-Icon) - C:\Users\Gnubbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0
CHR HKLM-x32\...\Chrome\Extension: [blaofbhgbmeikidhlkmjhbkbfohpgekf] - C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Gnubbi\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [652360 2012-01-13] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.)
S4 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] ()
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-03-12] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-11] (Avira GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-03-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2004-12-30] (INCA Internet Co., Ltd.)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-04-27] (MCCI Corporation)
S3 dump_wmimmc; \??\C:\Program Files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S1 StarOpen; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-23 15:27 - 2013-07-23 15:27 - 00208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\62705974.sys
2013-07-23 15:23 - 2013-07-23 15:23 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-23 13:24 - 2013-07-23 13:25 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Gnubbi\Desktop\tdsskiller.exe
2013-07-22 21:19 - 2013-07-22 21:19 - 1165953648 _____ C:\Windows\MEMORY.DMP
2013-07-22 21:19 - 2013-07-22 21:19 - 00276984 _____ C:\Windows\Minidump\Mini072213-01.dmp
2013-07-22 21:19 - 2013-07-22 21:19 - 00000000 ____D C:\Windows\Minidump
2013-07-22 19:17 - 2013-07-22 19:17 - 00034708 _____ C:\Users\Gnubbi\Desktop\Addition.txt
2013-07-22 19:16 - 2013-07-23 15:33 - 00000000 ____D C:\FRST
2013-07-22 19:15 - 2013-07-22 19:15 - 01779363 _____ (Farbar) C:\Users\Gnubbi\Desktop\FRST64.exe
2013-07-22 17:23 - 2013-07-22 17:23 - 00009619 _____ C:\Users\Gnubbi\Desktop\gmer.txt
2013-07-22 15:38 - 2013-07-22 15:38 - 00377856 _____ C:\Users\Gnubbi\Desktop\gmer_2.1.19163.exe
2013-07-22 15:29 - 2013-07-22 15:29 - 00065906 _____ C:\Users\Gnubbi\Desktop\Extras.Txt
2013-07-22 15:27 - 2013-07-22 15:27 - 00121358 _____ C:\Users\Gnubbi\Desktop\OTL.Txt
2013-07-22 15:15 - 2013-07-22 15:15 - 00602112 _____ (OldTimer Tools) C:\Users\Gnubbi\Desktop\OTL.exe
2013-07-22 15:15 - 2013-07-22 15:15 - 00000474 _____ C:\Users\Gnubbi\Desktop\defogger_disable.log
2013-07-22 15:15 - 2013-07-22 15:15 - 00000000 _____ C:\Users\Gnubbi\defogger_reenable
2013-07-22 15:14 - 2013-07-22 15:14 - 00050477 _____ C:\Users\Gnubbi\Desktop\Defogger.exe
2013-07-22 12:00 - 2013-07-22 15:08 - 00010235 _____ C:\Windows\SysWOW64\Sandy Beach.log
2013-07-22 12:00 - 2013-07-22 12:00 - 00000000 ____D C:\Program Files (x86)\Sandy Beach 3D Screensaver
2013-07-22 12:00 - 2013-02-06 10:47 - 02644504 _____ (3Planesoft) C:\Windows\SysWOW64\Sandy_Beach_3D_Screensaver.scr
2013-07-22 11:54 - 2013-07-22 15:23 - 00010325 _____ C:\Windows\SysWOW64\Caribbean Islands.log
2013-07-22 11:54 - 2013-07-22 11:54 - 00000000 ____D C:\Program Files (x86)\Caribbean Islands 3D Screensaver
2013-07-22 11:54 - 2013-04-04 17:19 - 02536992 _____ (3Planesoft) C:\Windows\SysWOW64\Caribbean_Islands_3D_Screensaver.scr
2013-07-21 19:46 - 2013-07-21 19:46 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Snz
2013-07-16 16:18 - 2010-10-12 10:28 - 00421744 _____ C:\Windows\system32\Drivers\etc\hosts.20130716-161851.backup
2013-07-16 16:18 - 2010-10-12 10:28 - 00421744 _____ C:\Windows\system32\Drivers\etc\hosts.20130716-161827.backup
2013-07-15 14:16 - 2013-07-22 19:12 - 00009043 _____ C:\Windows\SysWOW64\Tropical Fish.log
2013-07-15 14:16 - 2013-07-15 14:16 - 00000000 ____D C:\Program Files (x86)\Tropical Fish 3D Screensaver
2013-07-15 14:16 - 2013-02-06 11:01 - 02511384 _____ (3Planesoft) C:\Windows\SysWOW64\Tropical_Fish_3D_Screensaver.scr
2013-07-15 14:05 - 2013-07-15 14:05 - 00197120 _____ (ScreenTime Media) C:\Windows\SysWOW64\3-D Jellyfish DemoESD.scr
2013-07-15 14:05 - 2013-07-15 14:05 - 00000000 ____D C:\Windows\SysWOW64\3-D Jellyfish DemoESD dir
2013-07-15 13:17 - 2013-07-23 15:32 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-15 13:17 - 2013-07-23 15:25 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 13:17 - 2013-07-21 19:47 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Intermediate
2013-07-15 13:17 - 2013-07-16 09:27 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 13:17 - 2013-07-16 09:27 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\SSync
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\SCheck
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\DataMgr
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\ext_piccshare
2013-07-15 13:16 - 2013-07-15 13:16 - 00000871 _____ C:\Users\Administrator\Desktop\Earth 3D Space Tour.lnk
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\PiccShare
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Common
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Program Files (x86)\3D Space Tour
2013-07-15 13:08 - 2013-07-15 13:08 - 00001079 _____ C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\View My Screensavers.lnk
2013-07-15 13:08 - 2013-07-15 13:08 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Astro Gemini Software
2013-07-15 13:08 - 2007-11-06 18:46 - 00106496 _____ C:\Windows\SysWOW64\Astro Gemini Screensaver Manager.scr
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\ChromeExtensions
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Windows Net Data
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Tempd859abcc6d9b14452ff9125efb5084c2
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Tempcbef2bd2ff1ab5bdb78c8808e08fc05e
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Temp75647aea5aa07b4ca02750042d58fa47
2013-07-14 14:11 - 2013-07-14 14:11 - 00003320 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-14 14:11 - 2013-07-14 14:11 - 00000000 ____D C:\Program Files (x86)\ScreenSaverGift
2013-07-10 22:40 - 2013-07-10 22:40 - 00002030 _____ C:\Users\Administrator\Desktop\Mehr Bildschirmschonern.lnk
2013-07-10 22:40 - 2013-07-10 22:40 - 00000827 _____ C:\Users\Administrator\Desktop\Nächtliche Stadt 3D Bildschirmschoner.lnk
2013-07-10 22:40 - 2007-04-03 13:52 - 00002303 _____ C:\Windows\SysWOW64\NaechtlicheStadt3DBildschirmschoner.html
2013-07-10 22:40 - 2007-04-03 13:51 - 12460032 _____ C:\Windows\SysWOW64\Nächtliche Stadt 3D Bildschirmschoner.scr
2013-07-10 12:41 - 2013-06-04 04:03 - 02775040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 12:41 - 2013-06-01 06:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 12:41 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 12:41 - 2013-05-29 13:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 12:41 - 2013-05-29 13:30 - 00916480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 12:41 - 2013-05-29 13:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 12:41 - 2013-05-29 13:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-10 12:41 - 2013-05-29 13:26 - 06016000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 12:41 - 2013-05-29 13:26 - 00611840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-07-10 12:41 - 2013-05-29 13:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 12:41 - 2013-05-29 13:25 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 12:41 - 2013-05-29 13:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-10 12:41 - 2013-05-29 13:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-10 12:41 - 2013-05-29 13:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 11111424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 02004992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-10 12:41 - 2013-05-29 13:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 12:41 - 2013-05-29 11:47 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-10 12:41 - 2013-05-29 10:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-10 12:41 - 2013-05-29 10:06 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-10 12:41 - 2013-05-29 10:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-10 12:41 - 2013-05-29 10:04 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 12:41 - 2013-05-29 09:12 - 01489408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 12:41 - 2013-05-29 09:12 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 12:41 - 2013-05-29 09:12 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 12:41 - 2013-05-29 09:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-10 12:41 - 2013-05-29 09:09 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 09339904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 12509184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 02356736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 12:41 - 2013-05-29 09:07 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 12:41 - 2013-05-29 07:59 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-10 12:41 - 2013-05-29 06:27 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 12:41 - 2013-05-29 06:26 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 12:41 - 2013-05-29 06:24 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-10 12:41 - 2013-05-29 06:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 12:41 - 2013-05-08 06:18 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 12:41 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 12:41 - 2013-04-17 14:32 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-10 12:41 - 2013-04-17 14:32 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-10 12:41 - 2013-04-17 14:32 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-10 12:41 - 2013-04-17 14:32 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-10 12:41 - 2013-04-17 13:29 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-10 12:41 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-10 12:41 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-10 12:41 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-10 12:41 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-10 12:41 - 2013-04-17 13:27 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-10 12:41 - 2013-04-17 13:02 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-10 12:41 - 2013-04-17 12:58 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 12:41 - 2013-04-17 12:58 - 01149440 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-10 12:41 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-10 12:41 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-10 12:41 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-10 12:41 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-07 15:55 - 2013-07-07 15:55 - 00000032 _____ C:\Windows\setup.INI
2013-07-03 13:13 - 2013-07-03 13:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 20:53 - 2013-06-30 20:53 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\PuzzleLab
2013-06-30 20:45 - 2013-06-30 20:52 - 00000000 ____D C:\Program Files (x86)\Phenomenon - Meteorit Sammleredition
2013-06-30 20:45 - 2013-06-30 20:45 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phenomenon - Meteorit Sammleredition
2013-06-26 08:53 - 2013-06-26 08:53 - 00044216 _____ C:\Users\Gnubbi\AppData\Local\ext_piccshare_uninst.exe
2013-06-23 18:03 - 2013-06-23 18:03 - 03455486 ____N () C:\Users\Gnubbi\Downloads\jellyfish-demo.exe
2013-06-23 18:03 - 2013-06-23 18:03 - 00427920 _____ C:\Users\Gnubbi\AppData\Local\dd_vcredistMSI4353.txt
2013-06-23 18:03 - 2013-06-23 18:03 - 00011402 _____ C:\Users\Gnubbi\AppData\Local\dd_vcredistUI4353.txt
==================== One Month Modified Files and Folders =======
2013-07-23 15:33 - 2013-07-22 19:16 - 00000000 ____D C:\FRST
2013-07-23 15:32 - 2013-07-15 13:17 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-23 15:27 - 2013-07-23 15:27 - 00208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\62705974.sys
2013-07-23 15:25 - 2013-07-15 13:17 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-23 15:25 - 2009-10-20 23:36 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2013-07-23 15:25 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-23 15:25 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-23 15:25 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-23 15:24 - 2006-11-02 17:42 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-23 15:23 - 2013-07-23 15:23 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-23 15:12 - 2012-03-30 08:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-23 13:25 - 2013-07-23 13:24 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Gnubbi\Desktop\tdsskiller.exe
2013-07-23 11:16 - 2012-11-27 17:03 - 00010110 _____ C:\Windows\SysWOW64\Watermill.log
2013-07-22 21:19 - 2013-07-22 21:19 - 1165953648 _____ C:\Windows\MEMORY.DMP
2013-07-22 21:19 - 2013-07-22 21:19 - 00276984 _____ C:\Windows\Minidump\Mini072213-01.dmp
2013-07-22 21:19 - 2013-07-22 21:19 - 00000000 ____D C:\Windows\Minidump
2013-07-22 19:17 - 2013-07-22 19:17 - 00034708 _____ C:\Users\Gnubbi\Desktop\Addition.txt
2013-07-22 19:15 - 2013-07-22 19:15 - 01779363 _____ (Farbar) C:\Users\Gnubbi\Desktop\FRST64.exe
2013-07-22 19:12 - 2013-07-15 14:16 - 00009043 _____ C:\Windows\SysWOW64\Tropical Fish.log
2013-07-22 17:23 - 2013-07-22 17:23 - 00009619 _____ C:\Users\Gnubbi\Desktop\gmer.txt
2013-07-22 15:59 - 2012-12-14 21:28 - 00007274 _____ C:\Windows\SysWOW64\Snow Village.log
2013-07-22 15:38 - 2013-07-22 15:38 - 00377856 _____ C:\Users\Gnubbi\Desktop\gmer_2.1.19163.exe
2013-07-22 15:29 - 2013-07-22 15:29 - 00065906 _____ C:\Users\Gnubbi\Desktop\Extras.Txt
2013-07-22 15:27 - 2013-07-22 15:27 - 00121358 _____ C:\Users\Gnubbi\Desktop\OTL.Txt
2013-07-22 15:23 - 2013-07-22 11:54 - 00010325 _____ C:\Windows\SysWOW64\Caribbean Islands.log
2013-07-22 15:15 - 2013-07-22 15:15 - 00602112 _____ (OldTimer Tools) C:\Users\Gnubbi\Desktop\OTL.exe
2013-07-22 15:15 - 2013-07-22 15:15 - 00000474 _____ C:\Users\Gnubbi\Desktop\defogger_disable.log
2013-07-22 15:15 - 2013-07-22 15:15 - 00000000 _____ C:\Users\Gnubbi\defogger_reenable
2013-07-22 15:15 - 2009-04-11 17:30 - 00000000 ____D C:\Users\Gnubbi
2013-07-22 15:14 - 2013-07-22 15:14 - 00050477 _____ C:\Users\Gnubbi\Desktop\Defogger.exe
2013-07-22 15:08 - 2013-07-22 12:00 - 00010235 _____ C:\Windows\SysWOW64\Sandy Beach.log
2013-07-22 12:00 - 2013-07-22 12:00 - 00000000 ____D C:\Program Files (x86)\Sandy Beach 3D Screensaver
2013-07-22 11:54 - 2013-07-22 11:54 - 00000000 ____D C:\Program Files (x86)\Caribbean Islands 3D Screensaver
2013-07-22 11:54 - 2012-11-27 17:37 - 00000000 ____D C:\ProgramData\3Planesoft
2013-07-22 11:54 - 2012-11-27 17:37 - 00000000 ____D C:\Program Files (x86)\3Planesoft Screensaver Manager
2013-07-22 11:29 - 2013-01-01 16:30 - 00008167 _____ C:\Windows\SysWOW64\Nature.log
2013-07-21 19:47 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Intermediate
2013-07-21 19:46 - 2013-07-21 19:46 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Snz
2013-07-20 21:36 - 2009-04-11 17:33 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Adobe
2013-07-20 20:22 - 2013-05-30 15:00 - 00001626 _____ C:\Windows\setupact.log
2013-07-19 17:16 - 2009-04-11 18:45 - 00000418 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2013-07-17 20:58 - 2013-01-01 16:37 - 00008402 _____ C:\Windows\SysWOW64\Coral Reef.log
2013-07-17 15:56 - 2012-11-28 09:54 - 00010261 _____ C:\Windows\SysWOW64\Faraway Planet.log
2013-07-17 15:55 - 2012-11-27 21:55 - 00011055 _____ C:\Windows\SysWOW64\Koi Fish.log
2013-07-17 15:53 - 2009-04-15 15:53 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-17 12:45 - 2012-11-28 14:01 - 00010495 _____ C:\Windows\SysWOW64\Sunny Patio.log
2013-07-17 12:45 - 2012-11-28 13:56 - 00009316 _____ C:\Windows\SysWOW64\Wildflowers.log
2013-07-17 12:44 - 2012-11-28 14:47 - 00011666 _____ C:\Windows\SysWOW64\Autumn Wonderland.log
2013-07-17 12:43 - 2012-11-28 14:41 - 00000958 _____ C:\Windows\SysWOW64\Autumn Forest.log
2013-07-17 12:19 - 2012-12-28 14:36 - 00008916 _____ C:\Windows\SysWOW64\Ancient Castle.log
2013-07-16 19:24 - 2013-05-28 12:50 - 00005624 _____ C:\Windows\PFRO.log
2013-07-16 13:54 - 2009-08-18 11:40 - 00002098 _____ C:\Windows\wininit.ini
2013-07-16 13:54 - 2009-04-11 17:36 - 00000000 ___RD C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-16 13:18 - 2009-04-11 23:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-16 09:27 - 2013-07-15 13:17 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 09:27 - 2013-07-15 13:17 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 23:00 - 2008-10-21 19:56 - 01980922 _____ C:\Windows\WindowsUpdate.log
2013-07-15 16:01 - 2009-04-11 18:24 - 00000000 ___RD C:\INCOME
2013-07-15 14:16 - 2013-07-15 14:16 - 00000000 ____D C:\Program Files (x86)\Tropical Fish 3D Screensaver
2013-07-15 14:09 - 2009-06-17 12:58 - 00000368 _____ C:\Users\Gnubbi\AppData\Roaming\burnaware.ini
2013-07-15 14:05 - 2013-07-15 14:05 - 00197120 _____ (ScreenTime Media) C:\Windows\SysWOW64\3-D Jellyfish DemoESD.scr
2013-07-15 14:05 - 2013-07-15 14:05 - 00000000 ____D C:\Windows\SysWOW64\3-D Jellyfish DemoESD dir
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\SSync
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\SCheck
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\DataMgr
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\ext_piccshare
2013-07-15 13:17 - 2009-04-11 22:23 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Google
2013-07-15 13:17 - 2009-04-11 22:23 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-15 13:16 - 2013-07-15 13:16 - 00000871 _____ C:\Users\Administrator\Desktop\Earth 3D Space Tour.lnk
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\PiccShare
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Common
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Program Files (x86)\3D Space Tour
2013-07-15 13:08 - 2013-07-15 13:08 - 00001079 _____ C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\View My Screensavers.lnk
2013-07-15 13:08 - 2013-07-15 13:08 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Astro Gemini Software
2013-07-15 13:08 - 2011-11-30 22:00 - 00000000 ____D C:\Program Files (x86)\Astro Gemini Software
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\ChromeExtensions
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Windows Net Data
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Tempd859abcc6d9b14452ff9125efb5084c2
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Tempcbef2bd2ff1ab5bdb78c8808e08fc05e
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Temp75647aea5aa07b4ca02750042d58fa47
2013-07-14 14:11 - 2013-07-14 14:11 - 00003320 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-14 14:11 - 2013-07-14 14:11 - 00000000 ____D C:\Program Files (x86)\ScreenSaverGift
2013-07-11 11:17 - 2006-11-02 17:21 - 00327552 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 11:16 - 2006-11-02 17:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-11 11:16 - 2006-11-02 17:07 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 11:15 - 2010-03-25 00:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 00:43 - 2008-10-03 04:44 - 00639210 _____ C:\Windows\system32\perfh007.dat
2013-07-11 00:43 - 2008-10-03 04:44 - 00131250 _____ C:\Windows\system32\perfc007.dat
2013-07-11 00:43 - 2006-11-02 14:46 - 01497522 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-11 00:36 - 2006-11-02 14:35 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-07-10 22:40 - 2013-07-10 22:40 - 00002030 _____ C:\Users\Administrator\Desktop\Mehr Bildschirmschonern.lnk
2013-07-10 22:40 - 2013-07-10 22:40 - 00000827 _____ C:\Users\Administrator\Desktop\Nächtliche Stadt 3D Bildschirmschoner.lnk
2013-07-07 20:24 - 2013-01-18 15:30 - 00000000 ____D C:\Program Files (x86)\Mystery Stories - Das Geisterschiff
2013-07-07 20:23 - 2013-01-18 13:44 - 00000000 ____D C:\Program Files (x86)\Mystery Stories - Expedition des Grauens
2013-07-07 15:55 - 2013-07-07 15:55 - 00000032 _____ C:\Windows\setup.INI
2013-07-05 13:51 - 2009-04-11 18:24 - 00000000 ____D C:\POST
2013-07-04 12:23 - 2012-04-27 20:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 20:54 - 2009-04-11 18:24 - 00000000 ____D C:\FOTO
2013-07-03 13:14 - 2013-07-03 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 20:53 - 2013-06-30 20:53 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\PuzzleLab
2013-06-30 20:52 - 2013-06-30 20:45 - 00000000 ____D C:\Program Files (x86)\Phenomenon - Meteorit Sammleredition
2013-06-30 20:51 - 2011-07-19 17:23 - 00000000 ____D C:\BigFishGamesCache
2013-06-30 20:45 - 2013-06-30 20:45 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phenomenon - Meteorit Sammleredition
2013-06-26 08:53 - 2013-06-26 08:53 - 00044216 _____ C:\Users\Gnubbi\AppData\Local\ext_piccshare_uninst.exe
2013-06-24 09:52 - 2012-11-27 21:49 - 00008760 _____ C:\Windows\SysWOW64\White Christmas.log
2013-06-23 18:07 - 2009-04-13 00:21 - 00032256 _____ C:\Users\Gnubbi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-23 18:03 - 2013-06-23 18:03 - 03455486 ____N () C:\Users\Gnubbi\Downloads\jellyfish-demo.exe
2013-06-23 18:03 - 2013-06-23 18:03 - 00427920 _____ C:\Users\Gnubbi\AppData\Local\dd_vcredistMSI4353.txt
2013-06-23 18:03 - 2013-06-23 18:03 - 00011402 _____ C:\Users\Gnubbi\AppData\Local\dd_vcredistUI4353.txt
2013-06-23 17:53 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\Resources
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-10-20 23:36] - [2013-07-23 15:25] - 0380928 ____A (Microsoft Corporation) F8DCE3BED869F69C9F7C562B943BC255
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-23 15:32
==================== End Of Log ============================
|
|
23.07.2013, 18:48
| #8 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC Du hast das alte TDSS Log gepostet, ich brauch das wo du Cure gewählt hast 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.07.2013, 19:05
| #9 |
| | TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC Verflixt, falsche .txt erwischt.... jetzt aber: Code:
ATTFilter 15:27:05.0631 2868 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:27:05.0787 2868 ============================================================
15:27:05.0787 2868 Current date / time: 2013/07/23 15:27:05.0787
15:27:05.0787 2868 SystemInfo:
15:27:05.0787 2868
15:27:05.0787 2868 OS Version: 6.0.6002 ServicePack: 2.0
15:27:05.0787 2868 Product type: Workstation
15:27:05.0787 2868 ComputerName: GNUBBI-TEILCHEN
15:27:05.0787 2868 UserName: Gnubbi
15:27:05.0787 2868 Windows directory: C:\Windows
15:27:05.0787 2868 System windows directory: C:\Windows
15:27:05.0787 2868 Running under WOW64
15:27:05.0787 2868 Processor architecture: Intel x64
15:27:05.0787 2868 Number of processors: 4
15:27:05.0787 2868 Page size: 0x1000
15:27:05.0787 2868 Boot type: Normal boot
15:27:05.0787 2868 ============================================================
15:27:07.0160 2868 BG loaded
15:27:10.0218 2868 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:27:10.0233 2868 ============================================================
15:27:10.0233 2868 \Device\Harddisk0\DR0:
15:27:10.0342 2868 MBR partitions:
15:27:10.0342 2868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48B621A0
15:27:10.0342 2868 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48B621DF, BlocksNum 0x1CF4CE2
15:27:10.0342 2868 ============================================================
15:27:10.0389 2868 C: <-> \Device\Harddisk0\DR0\Partition1
15:27:10.0779 2868 D: <-> \Device\Harddisk0\DR0\Partition2
15:27:10.0779 2868 ============================================================
15:27:10.0779 2868 Initialize success
15:27:10.0779 2868 ============================================================
15:27:17.0814 1816 ============================================================
15:27:17.0814 1816 Scan started
15:27:17.0814 1816 Mode: Manual; SigCheck; TDLFS;
15:27:17.0814 1816 ============================================================
15:27:19.0140 1816 ================ Scan system memory ========================
15:27:19.0140 1816 System memory - ok
15:27:19.0140 1816 ================ Scan services =============================
15:27:20.0216 1816 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
15:27:25.0676 1816 acedrv11 - ok
15:27:25.0832 1816 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:27:30.0403 1816 ACPI - ok
15:27:30.0855 1816 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:27:30.0871 1816 AdobeARMservice - ok
15:27:31.0183 1816 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:27:31.0542 1816 AdobeFlashPlayerUpdateSvc - ok
15:27:31.0682 1816 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:27:31.0713 1816 adp94xx - ok
15:27:31.0823 1816 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:27:36.0924 1816 adpahci - ok
15:27:37.0049 1816 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:27:37.0064 1816 adpu160m - ok
15:27:37.0173 1816 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:27:37.0205 1816 adpu320 - ok
15:27:37.0298 1816 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:28:14.0130 1816 AeLookupSvc - ok
15:28:14.0239 1816 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
15:28:14.0395 1816 AFD - ok
15:28:14.0426 1816 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:28:14.0473 1816 agp440 - ok
15:28:14.0504 1816 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:28:14.0535 1816 aic78xx - ok
15:28:14.0582 1816 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
15:28:14.0847 1816 ALG - ok
15:28:14.0879 1816 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
15:28:14.0910 1816 aliide - ok
15:28:15.0019 1816 [ 962227630779043B5C1D4CD157ABB912 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:28:15.0253 1816 AMD External Events Utility - ok
15:28:15.0284 1816 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
15:28:15.0331 1816 amdide - ok
15:28:15.0409 1816 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:28:15.0799 1816 AmdK8 - ok
15:28:16.0095 1816 [ 56D6631761EC37745F0DF16BCDC4CAF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:28:16.0891 1816 amdkmdag - ok
15:28:16.0969 1816 [ 2D9005EA0BFD25C740E53C8DD3C069E0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:28:17.0078 1816 amdkmdap - ok
15:28:17.0359 1816 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:28:17.0437 1816 AntiVirSchedulerService - ok
15:28:17.0484 1816 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:28:17.0593 1816 AntiVirService - ok
15:28:17.0749 1816 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
15:28:18.0030 1816 Appinfo - ok
15:28:18.0201 1816 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
15:28:18.0233 1816 arc - ok
15:28:18.0279 1816 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:28:18.0295 1816 arcsas - ok
15:28:18.0326 1816 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:28:18.0435 1816 AsyncMac - ok
15:28:18.0451 1816 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
15:28:18.0467 1816 atapi - ok
15:28:18.0716 1816 [ 5D6566D19FCCAF8A10D46B6C479227A9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
15:28:18.0732 1816 AtiHDAudioService - ok
15:28:18.0903 1816 [ 56D6631761EC37745F0DF16BCDC4CAF4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:28:19.0247 1816 atikmdag - ok
15:28:19.0387 1816 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
15:28:19.0449 1816 atksgt - ok
15:28:19.0527 1816 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:28:19.0824 1816 AudioEndpointBuilder - ok
15:28:19.0871 1816 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:28:19.0902 1816 AudioSrv - ok
15:28:19.0933 1816 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
15:28:19.0949 1816 avgntflt - ok
15:28:19.0964 1816 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
15:28:20.0073 1816 avipbb - ok
15:28:20.0136 1816 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
15:28:20.0167 1816 avkmgr - ok
15:28:20.0183 1816 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
15:28:20.0276 1816 blbdrive - ok
15:28:20.0432 1816 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:28:20.0510 1816 bowser - ok
15:28:20.0557 1816 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:28:21.0087 1816 BrFiltLo - ok
15:28:21.0290 1816 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:28:21.0415 1816 BrFiltUp - ok
15:28:21.0509 1816 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
15:28:21.0633 1816 Browser - ok
15:28:21.0665 1816 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
15:28:22.0382 1816 Brserid - ok
15:28:22.0398 1816 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:28:22.0507 1816 BrSerWdm - ok
15:28:22.0538 1816 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:28:22.0772 1816 BrUsbMdm - ok
15:28:22.0866 1816 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:28:23.0037 1816 BrUsbSer - ok
15:28:23.0131 1816 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:28:23.0412 1816 BTHMODEM - ok
15:28:23.0474 1816 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:28:23.0739 1816 cdfs - ok
15:28:23.0833 1816 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:28:23.0973 1816 cdrom - ok
15:28:24.0145 1816 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
15:28:24.0223 1816 CertPropSvc - ok
15:28:24.0332 1816 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
15:28:24.0535 1816 circlass - ok
15:28:24.0629 1816 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
15:28:25.0268 1816 CLFS - ok
15:28:27.0062 1816 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:28:27.0515 1816 clr_optimization_v2.0.50727_32 - ok
15:28:27.0998 1816 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:28:28.0076 1816 clr_optimization_v2.0.50727_64 - ok
15:28:28.0263 1816 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:28:28.0388 1816 clr_optimization_v4.0.30319_32 - ok
15:28:28.0575 1816 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:28:29.0059 1816 clr_optimization_v4.0.30319_64 - ok
15:28:29.0090 1816 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:28:29.0184 1816 cmdide - ok
15:28:29.0215 1816 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:28:29.0293 1816 Compbatt - ok
15:28:29.0309 1816 COMSysApp - ok
15:28:29.0324 1816 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:28:29.0340 1816 crcdisk - ok
15:28:29.0387 1816 [ 1B22BC0B71F65001479DAB792C3F626C ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:28:29.0496 1816 CryptSvc - ok
15:28:29.0667 1816 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
15:28:29.0699 1816 DcomLaunch - ok
15:28:29.0979 1816 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:28:30.0182 1816 DfsC - ok
15:28:30.0541 1816 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
15:28:31.0851 1816 DFSR - ok
15:28:31.0976 1816 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
15:28:32.0616 1816 dg_ssudbus - ok
15:28:32.0850 1816 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:28:33.0021 1816 Dhcp - ok
15:28:33.0084 1816 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
15:28:33.0099 1816 disk - ok
15:28:33.0162 1816 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:28:33.0224 1816 Dnscache - ok
15:28:33.0333 1816 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
15:28:33.0427 1816 dot3svc - ok
15:28:33.0458 1816 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
15:28:33.0521 1816 DPS - ok
15:28:33.0552 1816 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:28:33.0630 1816 drmkaud - ok
15:28:33.0677 1816 dump_wmimmc - ok
15:28:33.0723 1816 [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:28:33.0755 1816 DXGKrnl - ok
15:28:33.0833 1816 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
15:28:33.0957 1816 E1G60 - ok
15:28:33.0989 1816 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
15:28:34.0067 1816 EapHost - ok
15:28:34.0129 1816 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
15:28:34.0176 1816 Ecache - ok
15:28:34.0394 1816 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:28:34.0597 1816 ehRecvr - ok
15:28:34.0613 1816 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
15:28:34.0800 1816 ehSched - ok
15:28:34.0847 1816 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
15:28:34.0987 1816 ehstart - ok
15:28:35.0159 1816 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:28:35.0268 1816 elxstor - ok
15:28:35.0361 1816 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:28:35.0611 1816 EMDMgmt - ok
15:28:35.0627 1816 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:28:35.0705 1816 ErrDev - ok
15:28:35.0798 1816 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
15:28:35.0985 1816 EventSystem - ok
15:28:36.0032 1816 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
15:28:36.0173 1816 exfat - ok
15:28:36.0188 1816 ezSharedSvc - ok
15:28:36.0282 1816 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:28:36.0391 1816 fastfat - ok
15:28:36.0672 1816 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:28:36.0999 1816 fdc - ok
15:28:37.0187 1816 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
15:28:37.0218 1816 fdPHost - ok
15:28:37.0233 1816 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
15:28:37.0639 1816 FDResPub - ok
15:28:37.0655 1816 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:28:37.0717 1816 FileInfo - ok
15:28:37.0779 1816 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:28:37.0811 1816 Filetrace - ok
15:28:37.0842 1816 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:28:37.0904 1816 flpydisk - ok
15:28:38.0138 1816 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:28:38.0216 1816 FltMgr - ok
15:28:38.0310 1816 [ F20A97F51C104DD0A163251325460747 ] FontCache C:\Windows\system32\FntCache.dll
15:28:38.0419 1816 FontCache - ok
15:28:38.0622 1816 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:28:38.0700 1816 FontCache3.0.0.0 - ok
15:28:38.0778 1816 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:28:38.0903 1816 Fs_Rec - ok
15:28:39.0027 1816 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:28:39.0074 1816 gagp30kx - ok
15:28:39.0137 1816 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
15:28:39.0153 1816 gpsvc - ok
15:28:39.0257 1816 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:28:39.0269 1816 gupdate - ok
15:28:39.0274 1816 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:28:39.0285 1816 gupdatem - ok
15:28:39.0326 1816 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:28:39.0444 1816 gusvc - ok
15:28:39.0564 1816 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:28:39.0654 1816 HdAudAddService - ok
15:28:39.0766 1816 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:28:39.0872 1816 HDAudBus - ok
15:28:39.0896 1816 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:28:40.0005 1816 HidBth - ok
15:28:40.0052 1816 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
15:28:40.0154 1816 HidIr - ok
15:28:40.0273 1816 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
15:28:40.0351 1816 hidserv - ok
15:28:40.0393 1816 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:28:40.0490 1816 HidUsb - ok
15:28:40.0523 1816 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
15:28:40.0589 1816 hkmsvc - ok
15:28:40.0662 1816 [ A3A30438C48D2D71556E120C9C7BA7A0 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
15:28:40.0667 1816 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
15:28:40.0667 1816 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
15:28:40.0691 1816 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:28:40.0710 1816 HpCISSs - ok
15:28:40.0804 1816 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:28:40.0904 1816 HTTP - ok
15:28:40.0963 1816 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:28:40.0999 1816 i2omp - ok
15:28:41.0031 1816 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:28:41.0094 1816 i8042prt - ok
15:28:41.0162 1816 [ 5B19DFC29A9563A5DA5CA559BED83AA8 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:28:41.0209 1816 IAANTMON - ok
15:28:41.0234 1816 [ A5AFC75C01044C0DDA0231C4E26C15A0 ] iaStor C:\Windows\system32\drivers\iastor.sys
15:28:41.0251 1816 iaStor - ok
15:28:41.0291 1816 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:28:41.0321 1816 iaStorV - ok
15:28:41.0390 1816 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:28:41.0467 1816 idsvc - ok
15:28:41.0501 1816 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:28:41.0534 1816 iirsp - ok
15:28:41.0646 1816 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
15:28:41.0740 1816 IKEEXT - ok
15:28:41.0790 1816 [ 46CB3ABE8150E7B181E86D4906DE17E8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:28:41.0857 1816 IntcAzAudAddService - ok
15:28:41.0932 1816 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
15:28:41.0949 1816 intelide - ok
15:28:41.0992 1816 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:28:42.0061 1816 intelppm - ok
15:28:42.0125 1816 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:28:42.0313 1816 IPBusEnum - ok
15:28:42.0357 1816 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:28:43.0256 1816 IpFilterDriver - ok
15:28:43.0261 1816 IpInIp - ok
15:28:43.0289 1816 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:28:43.0403 1816 IPMIDRV - ok
15:28:43.0438 1816 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:28:43.0514 1816 IPNAT - ok
15:28:43.0532 1816 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:28:43.0603 1816 IRENUM - ok
15:28:43.0648 1816 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:28:43.0688 1816 isapnp - ok
15:28:43.0782 1816 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:28:43.0858 1816 iScsiPrt - ok
15:28:43.0894 1816 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:28:43.0962 1816 iteatapi - ok
15:28:43.0996 1816 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:28:44.0037 1816 iteraid - ok
15:28:44.0051 1816 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:28:44.0085 1816 kbdclass - ok
15:28:44.0140 1816 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:28:44.0219 1816 kbdhid - ok
15:28:44.0271 1816 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
15:28:44.0352 1816 KeyIso - ok
15:28:44.0456 1816 [ 4E76398AEF64CB6D782CFEB99B4EAE55 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
15:28:44.0510 1816 KMWDFILTER - ok
15:28:44.0572 1816 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:28:44.0619 1816 KSecDD - ok
15:28:44.0650 1816 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:28:44.0760 1816 ksthunk - ok
15:28:44.0791 1816 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
15:28:44.0853 1816 KtmRm - ok
15:28:44.0947 1816 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:28:45.0040 1816 LanmanServer - ok
15:28:45.0072 1816 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:28:45.0150 1816 LanmanWorkstation - ok
15:28:45.0212 1816 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:28:45.0243 1816 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
15:28:45.0243 1816 LightScribeService - detected UnsignedFile.Multi.Generic (1)
15:28:45.0274 1816 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
15:28:45.0321 1816 lirsgt - ok
15:28:45.0352 1816 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:28:45.0633 1816 lltdio - ok
15:28:45.0711 1816 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:28:45.0759 1816 lltdsvc - ok
15:28:45.0792 1816 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:28:45.0855 1816 lmhosts - ok
15:28:45.0995 1816 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:28:46.0042 1816 LSI_FC - ok
15:28:46.0073 1816 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:28:46.0135 1816 LSI_SAS - ok
15:28:46.0167 1816 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:28:46.0182 1816 LSI_SCSI - ok
15:28:46.0213 1816 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
15:28:46.0338 1816 luafv - ok
15:28:46.0416 1816 [ 79DA94B35371B9E7104460C7693DCB2C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:28:46.0525 1816 MBAMProtector ( UnsignedFile.Multi.Generic ) - warning
15:28:46.0525 1816 MBAMProtector - detected UnsignedFile.Multi.Generic (1)
15:28:46.0603 1816 [ 056B19651BD7B7CE5F89A3AC46DBDC08 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:28:46.0619 1816 MBAMService - ok
15:28:46.0666 1816 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:28:46.0697 1816 Mcx2Svc - ok
15:28:46.0822 1816 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
15:28:46.0853 1816 megasas - ok
15:28:46.0900 1816 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
15:28:46.0978 1816 MegaSR - ok
15:28:46.0993 1816 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
15:28:47.0056 1816 MMCSS - ok
15:28:47.0071 1816 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
15:28:47.0134 1816 Modem - ok
15:28:47.0149 1816 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:28:47.0227 1816 monitor - ok
15:28:47.0227 1816 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:28:47.0243 1816 mouclass - ok
15:28:47.0259 1816 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:28:47.0352 1816 mouhid - ok
15:28:47.0368 1816 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:28:47.0461 1816 MountMgr - ok
15:28:47.0805 1816 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:28:47.0836 1816 MozillaMaintenance - ok
15:28:47.0851 1816 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
15:28:47.0914 1816 mpio - ok
15:28:47.0945 1816 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:28:47.0992 1816 mpsdrv - ok
15:28:48.0054 1816 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:28:48.0070 1816 Mraid35x - ok
15:28:48.0148 1816 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:28:48.0210 1816 MRxDAV - ok
15:28:48.0304 1816 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:28:48.0319 1816 mrxsmb - ok
15:28:48.0397 1816 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:28:48.0444 1816 mrxsmb10 - ok
15:28:48.0475 1816 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:28:48.0553 1816 mrxsmb20 - ok
15:28:48.0585 1816 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
15:28:48.0600 1816 msahci - ok
15:28:48.0616 1816 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:28:48.0709 1816 msdsm - ok
15:28:48.0725 1816 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
15:28:48.0928 1816 MSDTC - ok
15:28:48.0943 1816 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:28:49.0021 1816 Msfs - ok
15:28:49.0037 1816 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:28:49.0053 1816 msisadrv - ok
15:28:49.0099 1816 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:28:49.0177 1816 MSiSCSI - ok
15:28:49.0193 1816 msiserver - ok
15:28:49.0209 1816 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:28:49.0271 1816 MSKSSRV - ok
15:28:49.0287 1816 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:28:49.0380 1816 MSPCLOCK - ok
15:28:49.0396 1816 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:28:49.0474 1816 MSPQM - ok
15:28:49.0552 1816 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:28:49.0599 1816 MsRPC - ok
15:28:49.0614 1816 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:28:49.0630 1816 mssmbios - ok
15:28:49.0645 1816 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:28:49.0739 1816 MSTEE - ok
15:28:49.0755 1816 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
15:28:49.0770 1816 Mup - ok
15:28:49.0817 1816 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
15:28:49.0864 1816 napagent - ok
15:28:49.0989 1816 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:28:50.0020 1816 NativeWifiP - ok
15:28:50.0113 1816 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:28:50.0160 1816 NDIS - ok
15:28:50.0223 1816 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:28:50.0410 1816 NdisTapi - ok
15:28:50.0441 1816 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:28:50.0503 1816 Ndisuio - ok
15:28:50.0550 1816 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:28:50.0628 1816 NdisWan - ok
15:28:50.0644 1816 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:28:50.0706 1816 NDProxy - ok
15:28:50.0722 1816 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:28:50.0784 1816 NetBIOS - ok
15:28:50.0878 1816 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:28:50.0909 1816 netbt - ok
15:28:50.0940 1816 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
15:28:50.0940 1816 Netlogon - ok
15:28:50.0971 1816 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
15:28:51.0065 1816 Netman - ok
15:28:51.0096 1816 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
15:28:51.0174 1816 netprofm - ok
15:28:51.0205 1816 [ 8E6AF418ED39B976B172F1CEA9E6F538 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
15:28:51.0315 1816 netr28x - ok
15:28:51.0346 1816 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:28:51.0439 1816 NetTcpPortSharing - ok
15:28:51.0486 1816 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:28:51.0502 1816 nfrd960 - ok
15:28:51.0533 1816 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
15:28:51.0580 1816 NlaSvc - ok
15:28:51.0736 1816 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:28:51.0783 1816 Npfs - ok
15:28:51.0783 1816 npggsvc - ok
15:28:51.0798 1816 NPPTNT2 - ok
15:28:51.0829 1816 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
15:28:51.0861 1816 nsi - ok
15:28:51.0892 1816 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:28:51.0954 1816 nsiproxy - ok
15:28:52.0032 1816 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:28:52.0157 1816 Ntfs - ok
15:28:52.0251 1816 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
15:28:52.0313 1816 Null - ok
15:28:52.0344 1816 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:28:52.0360 1816 nvraid - ok
15:28:52.0391 1816 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:28:52.0407 1816 nvstor - ok
15:28:52.0453 1816 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:28:52.0469 1816 nv_agp - ok
15:28:52.0469 1816 NwlnkFlt - ok
15:28:52.0469 1816 NwlnkFwd - ok
15:28:52.0531 1816 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:28:52.0578 1816 ohci1394 - ok
15:28:52.0656 1816 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:28:52.0734 1816 p2pimsvc - ok
15:28:52.0797 1816 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
15:28:52.0859 1816 p2psvc - ok
15:28:52.0953 1816 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
15:28:53.0031 1816 Parport - ok
15:28:53.0093 1816 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:28:53.0124 1816 partmgr - ok
15:28:53.0155 1816 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
15:28:53.0218 1816 PcaSvc - ok
15:28:53.0311 1816 [ 81B5E63131090879AD6EF9F32109B88D ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
15:28:53.0389 1816 pccsmcfd - ok
15:28:53.0514 1816 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
15:28:53.0530 1816 pci - ok
15:28:53.0545 1816 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
15:28:53.0561 1816 pciide - ok
15:28:53.0608 1816 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:28:53.0639 1816 pcmcia - ok
15:28:53.0686 1816 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:28:53.0795 1816 PEAUTH - ok
15:28:53.0920 1816 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:28:53.0982 1816 PerfHost - ok
15:28:54.0029 1816 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
15:28:54.0123 1816 pla - ok
15:28:54.0169 1816 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:28:54.0403 1816 PlugPlay - ok
15:28:54.0419 1816 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:28:54.0450 1816 PNRPAutoReg - ok
15:28:54.0481 1816 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:28:54.0637 1816 PNRPsvc - ok
15:28:54.0700 1816 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:28:54.0762 1816 PolicyAgent - ok
15:28:54.0840 1816 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:28:54.0903 1816 PptpMiniport - ok
15:28:54.0934 1816 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
15:28:54.0981 1816 Processor - ok
15:28:55.0043 1816 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
15:28:55.0152 1816 ProfSvc - ok
15:28:55.0183 1816 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
15:28:55.0199 1816 ProtectedStorage - ok
15:28:55.0277 1816 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe
15:28:55.0308 1816 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
15:28:55.0308 1816 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
15:28:55.0386 1816 [ 1D0A3F565397D08707F3D75B88586645 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
15:28:55.0433 1816 Ps2 - ok
15:28:55.0480 1816 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:28:55.0511 1816 PSched - ok
15:28:55.0667 1816 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:28:55.0776 1816 ql2300 - ok
15:28:55.0792 1816 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:28:55.0839 1816 ql40xx - ok
15:28:55.0932 1816 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
15:28:56.0010 1816 QWAVE - ok
15:28:56.0057 1816 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:28:56.0073 1816 QWAVEdrv - ok
15:28:56.0088 1816 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:28:56.0213 1816 RasAcd - ok
15:28:56.0229 1816 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
15:28:56.0275 1816 RasAuto - ok
15:28:56.0307 1816 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:28:56.0353 1816 Rasl2tp - ok
15:28:56.0385 1816 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
15:28:56.0416 1816 RasMan - ok
15:28:56.0509 1816 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:28:56.0556 1816 RasPppoe - ok
15:28:56.0603 1816 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:28:56.0650 1816 RasSstp - ok
15:28:56.0697 1816 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:28:56.0759 1816 rdbss - ok
15:28:56.0790 1816 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:28:56.0821 1816 RDPCDD - ok
15:28:56.0853 1816 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:28:57.0055 1816 rdpdr - ok
15:28:57.0055 1816 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:28:57.0133 1816 RDPENCDD - ok
15:28:57.0196 1816 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:28:57.0305 1816 RDPWD - ok
15:28:57.0352 1816 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:28:57.0414 1816 RemoteAccess - ok
15:28:57.0477 1816 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:28:57.0539 1816 RemoteRegistry - ok
15:28:57.0601 1816 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
15:28:58.0069 1816 RpcLocator - ok
15:28:58.0116 1816 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
15:28:58.0147 1816 RpcSs - ok
15:28:58.0194 1816 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:28:58.0225 1816 rspndr - ok
15:28:58.0272 1816 [ 82B66ABF055611024E5DBB9FA556C11D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
15:28:58.0319 1816 RTL8169 - ok
15:28:58.0335 1816 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
15:28:58.0350 1816 SamSs - ok
15:28:58.0366 1816 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:28:58.0397 1816 sbp2port - ok
15:28:58.0459 1816 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:28:58.0506 1816 SCardSvr - ok
15:28:58.0569 1816 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
15:28:58.0787 1816 Schedule - ok
15:28:58.0834 1816 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:28:58.0849 1816 SCPolicySvc - ok
15:28:58.0881 1816 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:28:58.0990 1816 SDRSVC - ok
15:28:59.0021 1816 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:28:59.0099 1816 secdrv - ok
15:28:59.0115 1816 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
15:28:59.0177 1816 seclogon - ok
15:28:59.0208 1816 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
15:28:59.0239 1816 SENS - ok
15:28:59.0255 1816 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:28:59.0317 1816 Serenum - ok
15:28:59.0364 1816 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
15:28:59.0442 1816 Serial - ok
15:28:59.0458 1816 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:28:59.0505 1816 sermouse - ok
15:28:59.0629 1816 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
15:28:59.0692 1816 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
15:28:59.0692 1816 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
15:28:59.0770 1816 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
15:28:59.0817 1816 SessionEnv - ok
15:28:59.0832 1816 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:28:59.0879 1816 sffdisk - ok
15:28:59.0926 1816 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:28:59.0973 1816 sffp_mmc - ok
15:28:59.0988 1816 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:29:00.0051 1816 sffp_sd - ok
15:29:00.0097 1816 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:29:00.0160 1816 sfloppy - ok
15:29:00.0222 1816 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:29:00.0316 1816 ShellHWDetection - ok
15:29:00.0363 1816 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:29:00.0378 1816 SiSRaid2 - ok
15:29:00.0394 1816 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:29:00.0409 1816 SiSRaid4 - ok
15:29:00.0487 1816 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
15:29:00.0612 1816 slsvc - ok
15:29:00.0643 1816 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:29:00.0706 1816 SLUINotify - ok
15:29:00.0784 1816 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:29:00.0846 1816 Smb - ok
15:29:00.0877 1816 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:29:00.0940 1816 SNMPTRAP - ok
15:29:01.0018 1816 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
15:29:01.0033 1816 spldr - ok
15:29:01.0111 1816 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
15:29:01.0174 1816 Spooler - ok
15:29:01.0267 1816 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
15:29:01.0345 1816 srv - ok
15:29:01.0423 1816 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:29:01.0517 1816 srv2 - ok
15:29:01.0564 1816 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:29:01.0642 1816 srvnet - ok
15:29:01.0720 1816 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:29:01.0767 1816 SSDPSRV - ok
15:29:01.0782 1816 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:29:01.0813 1816 SstpSvc - ok
15:29:01.0907 1816 [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
15:29:01.0938 1816 ss_bbus - ok
15:29:02.0016 1816 [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
15:29:02.0047 1816 ss_bmdfl - ok
15:29:02.0110 1816 [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
15:29:02.0125 1816 ss_bmdm - ok
15:29:02.0219 1816 [ 677CDC98F8363ACCAAE783FDE1599C2A ] ss_bserd C:\Windows\system32\DRIVERS\ss_bserd.sys
15:29:02.0235 1816 ss_bserd - ok
15:29:02.0235 1816 StarOpen - ok
15:29:02.0328 1816 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
15:29:02.0422 1816 stisvc - ok
15:29:02.0515 1816 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:29:02.0531 1816 swenum - ok
15:29:02.0578 1816 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
15:29:02.0625 1816 swprv - ok
15:29:02.0671 1816 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:29:02.0703 1816 Symc8xx - ok
15:29:02.0734 1816 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:29:02.0749 1816 Sym_hi - ok
15:29:02.0765 1816 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:29:02.0781 1816 Sym_u3 - ok
15:29:02.0843 1816 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
15:29:02.0937 1816 SysMain - ok
15:29:02.0968 1816 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:29:03.0030 1816 TabletInputService - ok
15:29:03.0108 1816 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:29:03.0155 1816 TapiSrv - ok
15:29:03.0202 1816 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
15:29:03.0233 1816 TBS - ok
15:29:03.0264 1816 [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:29:03.0358 1816 Tcpip - ok
15:29:03.0389 1816 [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:29:03.0420 1816 Tcpip6 - ok
15:29:03.0451 1816 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:29:03.0607 1816 tcpipreg - ok
15:29:03.0639 1816 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:29:03.0717 1816 TDPIPE - ok
15:29:03.0732 1816 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:29:03.0826 1816 TDTCP - ok
15:29:03.0873 1816 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:29:03.0951 1816 tdx - ok
15:29:03.0997 1816 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:29:04.0044 1816 TermDD - ok
15:29:04.0122 1816 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
15:29:04.0216 1816 TermService - ok
15:29:04.0263 1816 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
15:29:04.0294 1816 TFsExDisk - ok
15:29:04.0341 1816 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
15:29:04.0356 1816 Themes - ok
15:29:04.0387 1816 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
15:29:04.0419 1816 THREADORDER - ok
15:29:04.0434 1816 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
15:29:04.0497 1816 TrkWks - ok
15:29:04.0621 1816 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:29:04.0684 1816 TrustedInstaller - ok
15:29:04.0715 1816 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:29:04.0777 1816 tssecsrv - ok
15:29:04.0793 1816 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:29:04.0887 1816 tunmp - ok
15:29:04.0949 1816 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:29:05.0043 1816 tunnel - ok
15:29:05.0058 1816 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:29:05.0074 1816 uagp35 - ok
15:29:05.0136 1816 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:29:05.0214 1816 udfs - ok
15:29:05.0261 1816 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:29:05.0308 1816 UI0Detect - ok
15:29:05.0386 1816 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:29:05.0401 1816 uliagpkx - ok
15:29:05.0433 1816 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:29:05.0495 1816 uliahci - ok
15:29:05.0511 1816 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:29:05.0573 1816 UlSata - ok
15:29:05.0635 1816 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:29:05.0651 1816 ulsata2 - ok
15:29:05.0667 1816 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:29:05.0713 1816 umbus - ok
15:29:05.0745 1816 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
15:29:05.0823 1816 upnphost - ok
15:29:05.0885 1816 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:29:05.0932 1816 usbccgp - ok
15:29:05.0947 1816 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:29:06.0072 1816 usbcir - ok
15:29:06.0119 1816 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:29:06.0213 1816 usbehci - ok
15:29:06.0291 1816 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:29:06.0353 1816 usbhub - ok
15:29:06.0400 1816 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:29:06.0493 1816 usbohci - ok
15:29:06.0556 1816 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:29:06.0649 1816 usbprint - ok
15:29:06.0727 1816 [ F7386007FB19E7685FC7B298560AA81F ] usbser C:\Windows\system32\DRIVERS\usbser.sys
15:29:06.0774 1816 usbser - ok
15:29:06.0837 1816 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:29:06.0899 1816 USBSTOR - ok
15:29:06.0915 1816 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:29:06.0946 1816 usbuhci - ok
15:29:07.0024 1816 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
15:29:07.0195 1816 UxSms - ok
15:29:07.0227 1816 [ 5581BB749DDE273F92A1E4A4D6CDF15A ] UxTuneUp C:\Windows\System32\uxtuneup.dll
15:29:07.0227 1816 UxTuneUp - ok
15:29:07.0289 1816 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
15:29:07.0336 1816 vds - ok
15:29:07.0367 1816 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:29:07.0398 1816 vga - ok
15:29:07.0414 1816 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:29:07.0445 1816 VgaSave - ok
15:29:07.0476 1816 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
15:29:07.0507 1816 viaide - ok
15:29:07.0554 1816 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:29:07.0570 1816 volmgr - ok
15:29:07.0617 1816 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:29:07.0663 1816 volmgrx - ok
15:29:07.0726 1816 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:29:07.0741 1816 volsnap - ok
15:29:07.0773 1816 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:29:07.0788 1816 vsmraid - ok
15:29:07.0851 1816 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
15:29:07.0991 1816 VSS - ok
15:29:08.0069 1816 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
15:29:08.0178 1816 W32Time - ok
15:29:08.0194 1816 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:29:08.0241 1816 WacomPen - ok
15:29:08.0319 1816 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:29:08.0397 1816 Wanarp - ok
15:29:08.0397 1816 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:29:08.0412 1816 Wanarpv6 - ok
15:29:08.0443 1816 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:29:08.0506 1816 wcncsvc - ok
15:29:08.0568 1816 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:29:08.0615 1816 WcsPlugInService - ok
15:29:08.0631 1816 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
15:29:08.0677 1816 Wd - ok
15:29:08.0709 1816 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:29:08.0740 1816 Wdf01000 - ok
15:29:08.0802 1816 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:29:08.0833 1816 WdiServiceHost - ok
15:29:08.0849 1816 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:29:08.0880 1816 WdiSystemHost - ok
15:29:08.0896 1816 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
15:29:08.0974 1816 WebClient - ok
15:29:09.0052 1816 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:29:09.0114 1816 Wecsvc - ok
15:29:09.0130 1816 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:29:09.0161 1816 wercplsupport - ok
15:29:09.0177 1816 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
15:29:09.0239 1816 WerSvc - ok
15:29:09.0239 1816 WinHttpAutoProxySvc - ok
15:29:09.0333 1816 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:29:09.0395 1816 Winmgmt - ok
15:29:09.0551 1816 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
15:29:09.0613 1816 WinRM - ok
15:29:09.0676 1816 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:29:09.0769 1816 Wlansvc - ok
15:29:09.0816 1816 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:29:09.0879 1816 WmiAcpi - ok
15:29:09.0925 1816 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:29:09.0972 1816 wmiApSrv - ok
15:29:10.0019 1816 WMPNetworkSvc - ok
15:29:10.0050 1816 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:29:10.0113 1816 WPCSvc - ok
15:29:10.0191 1816 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:29:10.0237 1816 WPDBusEnum - ok
15:29:10.0284 1816 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:29:10.0315 1816 WpdUsb - ok
15:29:10.0440 1816 [ 8E344C1B4FE7EDE0E9055405B9987862 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:29:10.0518 1816 WPFFontCache_v0400 - ok
15:29:10.0565 1816 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:29:10.0627 1816 ws2ifsl - ok
15:29:10.0627 1816 WSearch - ok
15:29:10.0674 1816 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:29:10.0737 1816 WudfPf - ok
15:29:10.0752 1816 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:29:10.0815 1816 WUDFRd - ok
15:29:10.0846 1816 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:29:10.0924 1816 wudfsvc - ok
15:29:10.0939 1816 ================ Scan global ===============================
15:29:11.0017 1816 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
15:29:11.0080 1816 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
15:29:11.0127 1816 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
15:29:11.0158 1816 [ F8DCE3BED869F69C9F7C562B943BC255 ] C:\Windows\system32\services.exe
15:29:11.0173 1816 [Global] - ok
15:29:11.0173 1816 ================ Scan MBR ==================================
15:29:11.0189 1816 [ 125A9EFB00805296E689C06CF6020C43 ] \Device\Harddisk0\DR0
15:29:11.0595 1816 \Device\Harddisk0\DR0 - ok
15:29:11.0595 1816 ================ Scan VBR ==================================
15:29:11.0595 1816 [ 711AB08345BE695E88998963FA4834DF ] \Device\Harddisk0\DR0\Partition1
15:29:11.0595 1816 \Device\Harddisk0\DR0\Partition1 - ok
15:29:11.0610 1816 [ B2EAC4B1DCB39CC668431E809B17E1E1 ] \Device\Harddisk0\DR0\Partition2
15:29:11.0610 1816 \Device\Harddisk0\DR0\Partition2 - ok
15:29:11.0610 1816 ============================================================
15:29:11.0610 1816 Scan finished
15:29:11.0610 1816 ============================================================
15:29:11.0610 2600 Detected object count: 5
15:29:11.0610 2600 Actual detected object count: 5
15:29:33.0403 2600 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:33.0403 2600 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:33.0403 2600 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:33.0403 2600 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:33.0403 2600 MBAMProtector ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:33.0403 2600 MBAMProtector ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:33.0403 2600 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:33.0403 2600 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:33.0403 2600 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
15:29:33.0403 2600 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:29:37.0023 1232 Deinitialize success
|
|
23.07.2013, 19:19
| #10 | |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC Supi Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.07.2013, 09:43
| #11 |
| | TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC Tja, ich habe es jetzt seit gestern mehrfach mit Combofix versucht. Am Anfang hat er zum Start immer eine Fehlermeldung ausgeworfen, daß Avira noch aktiviert wäre, obwohl der Scanner deaktiviert ist. Das hat er heute morgen dann auch nicht mehr bemängelt, doch er läuft nur bis nach "Fertiggestellt Stufe_50" Dann kommt die Meldung: System file is infected!! Attempting to restore "C:\Windows\system32\Services.exe" Danach passiert dann auch nach Stunden nichts mehr. Habe ihn auch über Nacht laufen lassen, das einzige Resultat war, daß er ganz eingefroren ist. Vor Stufe_48 wurde noch eine Datei verschoben. Ein Logfile wurde mangels Fertigstellung nicht erstellt. |
|
24.07.2013, 11:44
| #12 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC Lass mal bitte TDSSKiller nochmal scannen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.07.2013, 20:32
| #13 |
| | TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC Done Code:
ATTFilter 21:30:27.0363 1408 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:30:27.0535 1408 ============================================================
21:30:27.0535 1408 Current date / time: 2013/07/24 21:30:27.0535
21:30:27.0535 1408 SystemInfo:
21:30:27.0535 1408
21:30:27.0535 1408 OS Version: 6.0.6002 ServicePack: 2.0
21:30:27.0535 1408 Product type: Workstation
21:30:27.0535 1408 ComputerName: GNUBBI-TEILCHEN
21:30:27.0535 1408 UserName: Gnubbi
21:30:27.0535 1408 Windows directory: C:\Windows
21:30:27.0535 1408 System windows directory: C:\Windows
21:30:27.0535 1408 Running under WOW64
21:30:27.0535 1408 Processor architecture: Intel x64
21:30:27.0535 1408 Number of processors: 4
21:30:27.0535 1408 Page size: 0x1000
21:30:27.0535 1408 Boot type: Normal boot
21:30:27.0535 1408 ============================================================
21:30:27.0863 1408 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:30:27.0878 1408 ============================================================
21:30:27.0878 1408 \Device\Harddisk0\DR0:
21:30:27.0878 1408 MBR partitions:
21:30:27.0878 1408 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x48B621A0
21:30:27.0878 1408 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48B621DF, BlocksNum 0x1CF4CE2
21:30:27.0878 1408 ============================================================
21:30:27.0941 1408 C: <-> \Device\Harddisk0\DR0\Partition1
21:30:28.0003 1408 D: <-> \Device\Harddisk0\DR0\Partition2
21:30:28.0003 1408 ============================================================
21:30:28.0003 1408 Initialize success
21:30:28.0003 1408 ============================================================
21:30:34.0789 4044 ============================================================
21:30:34.0789 4044 Scan started
21:30:34.0789 4044 Mode: Manual; SigCheck; TDLFS;
21:30:34.0789 4044 ============================================================
21:30:35.0132 4044 ================ Scan system memory ========================
21:30:35.0132 4044 System memory - ok
21:30:35.0132 4044 ================ Scan services =============================
21:30:35.0304 4044 [ A3769020F7E8A70FD3E824C050F33306 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
21:30:35.0444 4044 acedrv11 - ok
21:30:35.0507 4044 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
21:30:35.0538 4044 ACPI - ok
21:30:35.0678 4044 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:30:35.0694 4044 AdobeARMservice - ok
21:30:35.0819 4044 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:30:35.0819 4044 AdobeFlashPlayerUpdateSvc - ok
21:30:35.0897 4044 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:30:35.0912 4044 adp94xx - ok
21:30:35.0959 4044 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:30:35.0975 4044 adpahci - ok
21:30:36.0021 4044 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:30:36.0021 4044 adpu160m - ok
21:30:36.0053 4044 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:30:36.0084 4044 adpu320 - ok
21:30:36.0115 4044 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:30:36.0162 4044 AeLookupSvc - ok
21:30:36.0209 4044 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
21:30:36.0271 4044 AFD - ok
21:30:36.0287 4044 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:30:36.0302 4044 agp440 - ok
21:30:36.0318 4044 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:30:36.0333 4044 aic78xx - ok
21:30:36.0349 4044 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
21:30:36.0411 4044 ALG - ok
21:30:36.0443 4044 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
21:30:36.0443 4044 aliide - ok
21:30:36.0505 4044 [ 962227630779043B5C1D4CD157ABB912 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:30:36.0521 4044 AMD External Events Utility - ok
21:30:36.0536 4044 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
21:30:36.0552 4044 amdide - ok
21:30:36.0567 4044 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:30:36.0630 4044 AmdK8 - ok
21:30:36.0833 4044 [ 56D6631761EC37745F0DF16BCDC4CAF4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:30:37.0191 4044 amdkmdag - ok
21:30:37.0223 4044 [ 2D9005EA0BFD25C740E53C8DD3C069E0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:30:37.0238 4044 amdkmdap - ok
21:30:37.0301 4044 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:30:37.0316 4044 AntiVirSchedulerService - ok
21:30:37.0332 4044 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:30:37.0347 4044 AntiVirService - ok
21:30:37.0363 4044 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
21:30:37.0410 4044 Appinfo - ok
21:30:37.0457 4044 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
21:30:37.0472 4044 arc - ok
21:30:37.0488 4044 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:30:37.0503 4044 arcsas - ok
21:30:37.0519 4044 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:30:37.0581 4044 AsyncMac - ok
21:30:37.0597 4044 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
21:30:37.0613 4044 atapi - ok
21:30:37.0659 4044 [ 5D6566D19FCCAF8A10D46B6C479227A9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
21:30:37.0675 4044 AtiHDAudioService - ok
21:30:37.0847 4044 [ 56D6631761EC37745F0DF16BCDC4CAF4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:30:38.0081 4044 atikmdag - ok
21:30:38.0127 4044 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
21:30:38.0143 4044 atksgt - ok
21:30:38.0190 4044 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:30:38.0237 4044 AudioEndpointBuilder - ok
21:30:38.0283 4044 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:30:38.0299 4044 AudioSrv - ok
21:30:38.0330 4044 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:30:38.0346 4044 avgntflt - ok
21:30:38.0346 4044 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:30:38.0377 4044 avipbb - ok
21:30:38.0408 4044 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
21:30:38.0424 4044 avkmgr - ok
21:30:38.0424 4044 Beep - ok
21:30:38.0486 4044 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
21:30:38.0549 4044 BFE - ok
21:30:38.0595 4044 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
21:30:38.0689 4044 BITS - ok
21:30:38.0720 4044 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:30:38.0783 4044 blbdrive - ok
21:30:38.0814 4044 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:30:38.0845 4044 bowser - ok
21:30:38.0876 4044 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:30:38.0923 4044 BrFiltLo - ok
21:30:38.0954 4044 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:30:39.0001 4044 BrFiltUp - ok
21:30:39.0032 4044 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
21:30:39.0079 4044 Browser - ok
21:30:39.0110 4044 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
21:30:39.0188 4044 Brserid - ok
21:30:39.0219 4044 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:30:39.0282 4044 BrSerWdm - ok
21:30:39.0313 4044 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:30:39.0391 4044 BrUsbMdm - ok
21:30:39.0407 4044 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:30:39.0469 4044 BrUsbSer - ok
21:30:39.0485 4044 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:30:39.0547 4044 BTHMODEM - ok
21:30:39.0781 4044 catchme - ok
21:30:39.0812 4044 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:30:39.0875 4044 cdfs - ok
21:30:39.0906 4044 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:30:39.0953 4044 cdrom - ok
21:30:39.0984 4044 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
21:30:40.0031 4044 CertPropSvc - ok
21:30:40.0046 4044 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
21:30:40.0109 4044 circlass - ok
21:30:40.0155 4044 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
21:30:40.0187 4044 CLFS - ok
21:30:40.0265 4044 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:30:40.0280 4044 clr_optimization_v2.0.50727_32 - ok
21:30:40.0452 4044 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:30:40.0467 4044 clr_optimization_v2.0.50727_64 - ok
21:30:40.0545 4044 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:30:40.0561 4044 clr_optimization_v4.0.30319_32 - ok
21:30:40.0733 4044 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:30:40.0748 4044 clr_optimization_v4.0.30319_64 - ok
21:30:40.0779 4044 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:30:40.0779 4044 cmdide - ok
21:30:40.0811 4044 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:30:40.0826 4044 Compbatt - ok
21:30:40.0826 4044 COMSysApp - ok
21:30:40.0842 4044 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:30:40.0857 4044 crcdisk - ok
21:30:40.0889 4044 [ 1B22BC0B71F65001479DAB792C3F626C ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:30:40.0920 4044 CryptSvc - ok
21:30:40.0967 4044 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:30:41.0029 4044 DcomLaunch - ok
21:30:41.0091 4044 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:30:41.0123 4044 DfsC - ok
21:30:41.0232 4044 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
21:30:41.0388 4044 DFSR - ok
21:30:41.0466 4044 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
21:30:41.0481 4044 dg_ssudbus - ok
21:30:41.0513 4044 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:30:41.0559 4044 Dhcp - ok
21:30:41.0591 4044 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
21:30:41.0606 4044 disk - ok
21:30:41.0700 4044 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:30:41.0715 4044 Dnscache - ok
21:30:41.0762 4044 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
21:30:41.0825 4044 dot3svc - ok
21:30:41.0856 4044 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
21:30:41.0918 4044 DPS - ok
21:30:41.0965 4044 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:30:42.0059 4044 drmkaud - ok
21:30:42.0074 4044 dump_wmimmc - ok
21:30:42.0137 4044 [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:30:42.0168 4044 DXGKrnl - ok
21:30:42.0230 4044 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
21:30:42.0261 4044 E1G60 - ok
21:30:42.0277 4044 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
21:30:42.0355 4044 EapHost - ok
21:30:42.0386 4044 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
21:30:42.0402 4044 Ecache - ok
21:30:42.0464 4044 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:30:42.0495 4044 ehRecvr - ok
21:30:42.0542 4044 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
21:30:42.0558 4044 ehSched - ok
21:30:42.0573 4044 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
21:30:42.0589 4044 ehstart - ok
21:30:42.0620 4044 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:30:42.0636 4044 elxstor - ok
21:30:42.0698 4044 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:30:42.0745 4044 EMDMgmt - ok
21:30:42.0792 4044 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:30:42.0839 4044 ErrDev - ok
21:30:42.0901 4044 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
21:30:42.0963 4044 EventSystem - ok
21:30:43.0041 4044 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
21:30:43.0088 4044 exfat - ok
21:30:43.0104 4044 ezSharedSvc - ok
21:30:43.0166 4044 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:30:43.0229 4044 fastfat - ok
21:30:43.0244 4044 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:30:43.0275 4044 fdc - ok
21:30:43.0416 4044 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
21:30:43.0431 4044 fdPHost - ok
21:30:43.0541 4044 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
21:30:43.0603 4044 FDResPub - ok
21:30:43.0619 4044 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:30:43.0634 4044 FileInfo - ok
21:30:43.0697 4044 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:30:43.0728 4044 Filetrace - ok
21:30:43.0977 4044 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:30:44.0024 4044 flpydisk - ok
21:30:44.0055 4044 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:30:44.0087 4044 FltMgr - ok
21:30:44.0133 4044 [ F20A97F51C104DD0A163251325460747 ] FontCache C:\Windows\system32\FntCache.dll
21:30:44.0211 4044 FontCache - ok
21:30:44.0305 4044 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:30:44.0321 4044 FontCache3.0.0.0 - ok
21:30:44.0367 4044 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:30:44.0399 4044 Fs_Rec - ok
21:30:44.0430 4044 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:30:44.0445 4044 gagp30kx - ok
21:30:44.0492 4044 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
21:30:44.0539 4044 gpsvc - ok
21:30:44.0648 4044 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:30:44.0648 4044 gupdate - ok
21:30:44.0648 4044 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:30:44.0664 4044 gupdatem - ok
21:30:44.0789 4044 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:30:44.0804 4044 gusvc - ok
21:30:44.0929 4044 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:30:45.0007 4044 HdAudAddService - ok
21:30:45.0054 4044 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:30:45.0132 4044 HDAudBus - ok
21:30:45.0163 4044 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:30:45.0241 4044 HidBth - ok
21:30:45.0272 4044 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:30:45.0335 4044 HidIr - ok
21:30:45.0366 4044 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
21:30:45.0413 4044 hidserv - ok
21:30:45.0444 4044 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:30:45.0475 4044 HidUsb - ok
21:30:45.0522 4044 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
21:30:45.0553 4044 hkmsvc - ok
21:30:45.0771 4044 [ A3A30438C48D2D71556E120C9C7BA7A0 ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
21:30:45.0818 4044 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
21:30:45.0818 4044 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
21:30:45.0849 4044 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:30:45.0865 4044 HpCISSs - ok
21:30:46.0037 4044 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:30:46.0099 4044 HTTP - ok
21:30:46.0130 4044 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:30:46.0146 4044 i2omp - ok
21:30:46.0161 4044 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:30:46.0208 4044 i8042prt - ok
21:30:46.0255 4044 [ 5B19DFC29A9563A5DA5CA559BED83AA8 ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:30:46.0271 4044 IAANTMON - ok
21:30:46.0286 4044 [ A5AFC75C01044C0DDA0231C4E26C15A0 ] iaStor C:\Windows\system32\drivers\iastor.sys
21:30:46.0302 4044 iaStor - ok
21:30:46.0333 4044 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:30:46.0349 4044 iaStorV - ok
21:30:46.0411 4044 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:30:46.0458 4044 idsvc - ok
21:30:46.0473 4044 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:30:46.0489 4044 iirsp - ok
21:30:46.0567 4044 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
21:30:46.0629 4044 IKEEXT - ok
21:30:46.0692 4044 [ 46CB3ABE8150E7B181E86D4906DE17E8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:30:46.0754 4044 IntcAzAudAddService - ok
21:30:46.0770 4044 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
21:30:46.0785 4044 intelide - ok
21:30:46.0817 4044 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:30:46.0832 4044 intelppm - ok
21:30:46.0863 4044 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:30:46.0926 4044 IPBusEnum - ok
21:30:46.0941 4044 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:30:46.0973 4044 IpFilterDriver - ok
21:30:47.0035 4044 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:30:47.0082 4044 iphlpsvc - ok
21:30:47.0097 4044 IpInIp - ok
21:30:47.0129 4044 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:30:47.0175 4044 IPMIDRV - ok
21:30:47.0191 4044 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:30:47.0253 4044 IPNAT - ok
21:30:47.0285 4044 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:30:47.0331 4044 IRENUM - ok
21:30:47.0363 4044 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:30:47.0378 4044 isapnp - ok
21:30:47.0409 4044 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:30:47.0425 4044 iScsiPrt - ok
21:30:47.0441 4044 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:30:47.0456 4044 iteatapi - ok
21:30:47.0456 4044 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:30:47.0472 4044 iteraid - ok
21:30:47.0487 4044 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:30:47.0503 4044 kbdclass - ok
21:30:47.0550 4044 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:30:47.0597 4044 kbdhid - ok
21:30:47.0612 4044 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
21:30:47.0643 4044 KeyIso - ok
21:30:47.0675 4044 [ 4E76398AEF64CB6D782CFEB99B4EAE55 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
21:30:47.0690 4044 KMWDFILTER - ok
21:30:47.0753 4044 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:30:47.0784 4044 KSecDD - ok
21:30:47.0815 4044 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:30:47.0877 4044 ksthunk - ok
21:30:47.0909 4044 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
21:30:47.0971 4044 KtmRm - ok
21:30:48.0033 4044 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:30:48.0065 4044 LanmanServer - ok
21:30:48.0096 4044 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:30:48.0111 4044 LanmanWorkstation - ok
21:30:48.0143 4044 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
21:30:48.0143 4044 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:30:48.0143 4044 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:30:48.0345 4044 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
21:30:48.0345 4044 lirsgt - ok
21:30:48.0361 4044 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:30:48.0408 4044 lltdio - ok
21:30:48.0439 4044 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:30:48.0486 4044 lltdsvc - ok
21:30:48.0517 4044 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:30:48.0564 4044 lmhosts - ok
21:30:48.0595 4044 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:30:48.0611 4044 LSI_FC - ok
21:30:48.0626 4044 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:30:48.0642 4044 LSI_SAS - ok
21:30:48.0657 4044 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:30:48.0673 4044 LSI_SCSI - ok
21:30:48.0704 4044 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
21:30:48.0751 4044 luafv - ok
21:30:48.0782 4044 [ 79DA94B35371B9E7104460C7693DCB2C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:30:48.0798 4044 MBAMProtector ( UnsignedFile.Multi.Generic ) - warning
21:30:48.0798 4044 MBAMProtector - detected UnsignedFile.Multi.Generic (1)
21:30:48.0860 4044 [ 056B19651BD7B7CE5F89A3AC46DBDC08 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:30:48.0876 4044 MBAMService - ok
21:30:48.0891 4044 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:30:48.0907 4044 Mcx2Svc - ok
21:30:48.0923 4044 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
21:30:48.0938 4044 megasas - ok
21:30:48.0969 4044 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:30:49.0001 4044 MegaSR - ok
21:30:49.0016 4044 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
21:30:49.0047 4044 MMCSS - ok
21:30:49.0063 4044 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
21:30:49.0110 4044 Modem - ok
21:30:49.0125 4044 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:30:49.0172 4044 monitor - ok
21:30:49.0219 4044 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:30:49.0219 4044 mouclass - ok
21:30:49.0235 4044 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:30:49.0281 4044 mouhid - ok
21:30:49.0297 4044 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:30:49.0313 4044 MountMgr - ok
21:30:49.0375 4044 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:30:49.0406 4044 MozillaMaintenance - ok
21:30:49.0406 4044 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
21:30:49.0437 4044 mpio - ok
21:30:49.0453 4044 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:30:49.0500 4044 mpsdrv - ok
21:30:49.0562 4044 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
21:30:49.0625 4044 MpsSvc - ok
21:30:49.0640 4044 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:30:49.0640 4044 Mraid35x - ok
21:30:49.0671 4044 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:30:49.0703 4044 MRxDAV - ok
21:30:49.0749 4044 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:30:49.0749 4044 mrxsmb - ok
21:30:49.0812 4044 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:30:49.0859 4044 mrxsmb10 - ok
21:30:49.0890 4044 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:30:49.0905 4044 mrxsmb20 - ok
21:30:49.0921 4044 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
21:30:49.0937 4044 msahci - ok
21:30:49.0968 4044 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:30:49.0983 4044 msdsm - ok
21:30:50.0015 4044 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
21:30:50.0061 4044 MSDTC - ok
21:30:50.0093 4044 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:30:50.0139 4044 Msfs - ok
21:30:50.0171 4044 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:30:50.0186 4044 msisadrv - ok
21:30:50.0217 4044 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:30:50.0264 4044 MSiSCSI - ok
21:30:50.0280 4044 msiserver - ok
21:30:50.0295 4044 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:30:50.0358 4044 MSKSSRV - ok
21:30:50.0389 4044 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:30:50.0436 4044 MSPCLOCK - ok
21:30:50.0451 4044 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:30:50.0514 4044 MSPQM - ok
21:30:50.0561 4044 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:30:50.0576 4044 MsRPC - ok
21:30:50.0592 4044 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:30:50.0607 4044 mssmbios - ok
21:30:50.0607 4044 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:30:50.0639 4044 MSTEE - ok
21:30:50.0654 4044 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
21:30:50.0670 4044 Mup - ok
21:30:50.0717 4044 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
21:30:50.0763 4044 napagent - ok
21:30:50.0810 4044 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:30:50.0857 4044 NativeWifiP - ok
21:30:50.0904 4044 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:30:50.0951 4044 NDIS - ok
21:30:50.0997 4044 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:30:51.0044 4044 NdisTapi - ok
21:30:51.0060 4044 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:30:51.0107 4044 Ndisuio - ok
21:30:51.0153 4044 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:30:51.0169 4044 NdisWan - ok
21:30:51.0200 4044 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:30:51.0216 4044 NDProxy - ok
21:30:51.0231 4044 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:30:51.0278 4044 NetBIOS - ok
21:30:51.0309 4044 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:30:51.0356 4044 netbt - ok
21:30:51.0372 4044 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
21:30:51.0387 4044 Netlogon - ok
21:30:51.0419 4044 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
21:30:51.0465 4044 Netman - ok
21:30:51.0481 4044 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
21:30:51.0528 4044 netprofm - ok
21:30:51.0559 4044 [ 8E6AF418ED39B976B172F1CEA9E6F538 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
21:30:51.0606 4044 netr28x - ok
21:30:51.0653 4044 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:30:51.0668 4044 NetTcpPortSharing - ok
21:30:51.0684 4044 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:30:51.0699 4044 nfrd960 - ok
21:30:51.0715 4044 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
21:30:51.0777 4044 NlaSvc - ok
21:30:51.0793 4044 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:30:51.0840 4044 Npfs - ok
21:30:51.0855 4044 npggsvc - ok
21:30:51.0855 4044 NPPTNT2 - ok
21:30:51.0887 4044 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
21:30:51.0918 4044 nsi - ok
21:30:51.0933 4044 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:30:51.0980 4044 nsiproxy - ok
21:30:52.0043 4044 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:30:52.0105 4044 Ntfs - ok
21:30:52.0121 4044 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
21:30:52.0167 4044 Null - ok
21:30:52.0199 4044 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:30:52.0214 4044 nvraid - ok
21:30:52.0230 4044 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:30:52.0245 4044 nvstor - ok
21:30:52.0277 4044 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:30:52.0292 4044 nv_agp - ok
21:30:52.0292 4044 NwlnkFlt - ok
21:30:52.0292 4044 NwlnkFwd - ok
21:30:52.0339 4044 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:30:52.0386 4044 ohci1394 - ok
21:30:52.0433 4044 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:30:52.0511 4044 p2pimsvc - ok
21:30:52.0542 4044 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
21:30:52.0573 4044 p2psvc - ok
21:30:52.0589 4044 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
21:30:52.0635 4044 Parport - ok
21:30:52.0682 4044 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:30:52.0698 4044 partmgr - ok
21:30:52.0713 4044 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
21:30:52.0729 4044 PcaSvc - ok
21:30:52.0760 4044 [ 81B5E63131090879AD6EF9F32109B88D ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
21:30:52.0791 4044 pccsmcfd - ok
21:30:52.0807 4044 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
21:30:52.0823 4044 pci - ok
21:30:52.0838 4044 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
21:30:52.0854 4044 pciide - ok
21:30:52.0869 4044 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:30:52.0885 4044 pcmcia - ok
21:30:52.0916 4044 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:30:52.0994 4044 PEAUTH - ok
21:30:53.0072 4044 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:30:53.0135 4044 PerfHost - ok
21:30:53.0181 4044 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
21:30:53.0291 4044 pla - ok
21:30:53.0322 4044 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:30:53.0353 4044 PlugPlay - ok
21:30:53.0369 4044 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:30:53.0400 4044 PNRPAutoReg - ok
21:30:53.0462 4044 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:30:53.0478 4044 PNRPsvc - ok
21:30:53.0540 4044 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:30:53.0618 4044 PolicyAgent - ok
21:30:53.0665 4044 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:30:53.0696 4044 PptpMiniport - ok
21:30:53.0727 4044 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
21:30:53.0774 4044 Processor - ok
21:30:53.0821 4044 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
21:30:53.0868 4044 ProfSvc - ok
21:30:53.0883 4044 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
21:30:53.0899 4044 ProtectedStorage - ok
21:30:53.0946 4044 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe
21:30:53.0977 4044 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - warning
21:30:53.0977 4044 ProtexisLicensing - detected UnsignedFile.Multi.Generic (1)
21:30:54.0024 4044 [ 1D0A3F565397D08707F3D75B88586645 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
21:30:54.0024 4044 Ps2 - ok
21:30:54.0071 4044 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:30:54.0086 4044 PSched - ok
21:30:54.0149 4044 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:30:54.0195 4044 ql2300 - ok
21:30:54.0211 4044 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:30:54.0227 4044 ql40xx - ok
21:30:54.0258 4044 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
21:30:54.0289 4044 QWAVE - ok
21:30:54.0289 4044 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:30:54.0305 4044 QWAVEdrv - ok
21:30:54.0320 4044 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:30:54.0367 4044 RasAcd - ok
21:30:54.0398 4044 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
21:30:54.0429 4044 RasAuto - ok
21:30:54.0445 4044 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:30:54.0492 4044 Rasl2tp - ok
21:30:54.0523 4044 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
21:30:54.0554 4044 RasMan - ok
21:30:54.0601 4044 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:30:54.0648 4044 RasPppoe - ok
21:30:54.0679 4044 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:30:54.0710 4044 RasSstp - ok
21:30:54.0757 4044 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:30:54.0819 4044 rdbss - ok
21:30:54.0866 4044 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:30:54.0897 4044 RDPCDD - ok
21:30:54.0913 4044 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:30:54.0975 4044 rdpdr - ok
21:30:54.0975 4044 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:30:55.0038 4044 RDPENCDD - ok
21:30:55.0100 4044 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:30:55.0163 4044 RDPWD - ok
21:30:55.0225 4044 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:30:55.0303 4044 RemoteAccess - ok
21:30:55.0334 4044 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:30:55.0381 4044 RemoteRegistry - ok
21:30:55.0412 4044 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
21:30:55.0443 4044 RpcLocator - ok
21:30:55.0490 4044 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
21:30:55.0521 4044 RpcSs - ok
21:30:55.0537 4044 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:30:55.0568 4044 rspndr - ok
21:30:55.0599 4044 [ 82B66ABF055611024E5DBB9FA556C11D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
21:30:55.0615 4044 RTL8169 - ok
21:30:55.0631 4044 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
21:30:55.0646 4044 SamSs - ok
21:30:55.0677 4044 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:30:55.0693 4044 sbp2port - ok
21:30:55.0771 4044 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:30:55.0849 4044 SCardSvr - ok
21:30:55.0927 4044 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
21:30:55.0958 4044 Schedule - ok
21:30:56.0005 4044 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:30:56.0021 4044 SCPolicySvc - ok
21:30:56.0067 4044 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:30:56.0145 4044 SDRSVC - ok
21:30:56.0177 4044 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:30:56.0239 4044 secdrv - ok
21:30:56.0286 4044 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
21:30:56.0333 4044 seclogon - ok
21:30:56.0364 4044 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
21:30:56.0395 4044 SENS - ok
21:30:56.0551 4044 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:30:56.0629 4044 Serenum - ok
21:30:56.0660 4044 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
21:30:56.0723 4044 Serial - ok
21:30:56.0769 4044 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:30:56.0801 4044 sermouse - ok
21:30:56.0879 4044 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
21:30:56.0894 4044 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
21:30:56.0894 4044 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
21:30:56.0925 4044 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
21:30:56.0972 4044 SessionEnv - ok
21:30:57.0003 4044 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:30:57.0035 4044 sffdisk - ok
21:30:57.0035 4044 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:30:57.0097 4044 sffp_mmc - ok
21:30:57.0128 4044 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:30:57.0159 4044 sffp_sd - ok
21:30:57.0159 4044 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:30:57.0237 4044 sfloppy - ok
21:30:57.0300 4044 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:30:57.0378 4044 SharedAccess - ok
21:30:57.0409 4044 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:30:57.0471 4044 ShellHWDetection - ok
21:30:57.0487 4044 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:30:57.0503 4044 SiSRaid2 - ok
21:30:57.0518 4044 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:30:57.0518 4044 SiSRaid4 - ok
21:30:57.0612 4044 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
21:30:57.0877 4044 slsvc - ok
21:30:57.0939 4044 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:30:58.0002 4044 SLUINotify - ok
21:30:58.0064 4044 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:30:58.0095 4044 Smb - ok
21:30:58.0111 4044 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:30:58.0158 4044 SNMPTRAP - ok
21:30:58.0189 4044 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
21:30:58.0205 4044 spldr - ok
21:30:58.0267 4044 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
21:30:58.0345 4044 Spooler - ok
21:30:58.0407 4044 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
21:30:58.0470 4044 srv - ok
21:30:58.0501 4044 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:30:58.0517 4044 srv2 - ok
21:30:58.0532 4044 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:30:58.0563 4044 srvnet - ok
21:30:58.0579 4044 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:30:58.0626 4044 SSDPSRV - ok
21:30:58.0626 4044 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:30:58.0673 4044 SstpSvc - ok
21:30:58.0704 4044 [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
21:30:58.0719 4044 ss_bbus - ok
21:30:58.0766 4044 [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
21:30:58.0782 4044 ss_bmdfl - ok
21:30:58.0844 4044 [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
21:30:58.0844 4044 ss_bmdm - ok
21:30:58.0907 4044 [ 677CDC98F8363ACCAAE783FDE1599C2A ] ss_bserd C:\Windows\system32\DRIVERS\ss_bserd.sys
21:30:58.0922 4044 ss_bserd - ok
21:30:58.0922 4044 StarOpen - ok
21:30:58.0969 4044 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
21:30:59.0031 4044 stisvc - ok
21:30:59.0078 4044 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:30:59.0094 4044 swenum - ok
21:30:59.0141 4044 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
21:30:59.0203 4044 swprv - ok
21:30:59.0234 4044 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:30:59.0250 4044 Symc8xx - ok
21:30:59.0297 4044 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:30:59.0312 4044 Sym_hi - ok
21:30:59.0328 4044 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:30:59.0343 4044 Sym_u3 - ok
21:30:59.0390 4044 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
21:30:59.0468 4044 SysMain - ok
21:30:59.0515 4044 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:30:59.0546 4044 TabletInputService - ok
21:30:59.0593 4044 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:30:59.0640 4044 TapiSrv - ok
21:30:59.0655 4044 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
21:30:59.0687 4044 TBS - ok
21:30:59.0733 4044 [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:30:59.0827 4044 Tcpip - ok
21:30:59.0874 4044 [ C7C60777592EEF169A11647AAE7A91C3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:30:59.0936 4044 Tcpip6 - ok
21:30:59.0983 4044 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:31:00.0014 4044 tcpipreg - ok
21:31:00.0045 4044 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:31:00.0108 4044 TDPIPE - ok
21:31:00.0123 4044 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:31:00.0186 4044 TDTCP - ok
21:31:00.0264 4044 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:31:00.0311 4044 tdx - ok
21:31:00.0326 4044 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:31:00.0342 4044 TermDD - ok
21:31:00.0420 4044 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
21:31:00.0498 4044 TermService - ok
21:31:00.0607 4044 [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
21:31:00.0623 4044 TFsExDisk - ok
21:31:00.0638 4044 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
21:31:00.0654 4044 Themes - ok
21:31:00.0685 4044 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
21:31:00.0716 4044 THREADORDER - ok
21:31:00.0747 4044 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
21:31:00.0810 4044 TrkWks - ok
21:31:00.0888 4044 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:31:00.0919 4044 TrustedInstaller - ok
21:31:00.0966 4044 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:31:00.0997 4044 tssecsrv - ok
21:31:01.0013 4044 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:31:01.0028 4044 tunmp - ok
21:31:01.0075 4044 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:31:01.0106 4044 tunnel - ok
21:31:01.0137 4044 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:31:01.0137 4044 uagp35 - ok
21:31:01.0184 4044 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:31:01.0231 4044 udfs - ok
21:31:01.0247 4044 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:31:01.0293 4044 UI0Detect - ok
21:31:01.0309 4044 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:31:01.0325 4044 uliagpkx - ok
21:31:01.0340 4044 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:31:01.0356 4044 uliahci - ok
21:31:01.0371 4044 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:31:01.0371 4044 UlSata - ok
21:31:01.0387 4044 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:31:01.0403 4044 ulsata2 - ok
21:31:01.0418 4044 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:31:01.0481 4044 umbus - ok
21:31:01.0496 4044 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
21:31:01.0559 4044 upnphost - ok
21:31:01.0605 4044 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:31:01.0652 4044 usbccgp - ok
21:31:01.0683 4044 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:31:01.0761 4044 usbcir - ok
21:31:01.0793 4044 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:31:01.0824 4044 usbehci - ok
21:31:01.0886 4044 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:31:01.0949 4044 usbhub - ok
21:31:01.0980 4044 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:31:02.0042 4044 usbohci - ok
21:31:02.0073 4044 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:31:02.0120 4044 usbprint - ok
21:31:02.0136 4044 [ F7386007FB19E7685FC7B298560AA81F ] usbser C:\Windows\system32\DRIVERS\usbser.sys
21:31:02.0167 4044 usbser - ok
21:31:02.0198 4044 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:31:02.0245 4044 USBSTOR - ok
21:31:02.0261 4044 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:31:02.0292 4044 usbuhci - ok
21:31:02.0323 4044 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
21:31:02.0354 4044 UxSms - ok
21:31:02.0370 4044 [ 5581BB749DDE273F92A1E4A4D6CDF15A ] UxTuneUp C:\Windows\System32\uxtuneup.dll
21:31:02.0385 4044 UxTuneUp - ok
21:31:02.0448 4044 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
21:31:02.0495 4044 vds - ok
21:31:02.0510 4044 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:31:02.0541 4044 vga - ok
21:31:02.0557 4044 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:31:02.0588 4044 VgaSave - ok
21:31:02.0604 4044 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
21:31:02.0619 4044 viaide - ok
21:31:02.0666 4044 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:31:02.0666 4044 volmgr - ok
21:31:02.0729 4044 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:31:02.0744 4044 volmgrx - ok
21:31:02.0807 4044 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:31:02.0822 4044 volsnap - ok
21:31:02.0853 4044 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:31:02.0869 4044 vsmraid - ok
21:31:02.0931 4044 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
21:31:03.0025 4044 VSS - ok
21:31:03.0103 4044 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
21:31:03.0150 4044 W32Time - ok
21:31:03.0197 4044 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:31:03.0243 4044 WacomPen - ok
21:31:03.0290 4044 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:31:03.0321 4044 Wanarp - ok
21:31:03.0337 4044 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:31:03.0353 4044 Wanarpv6 - ok
21:31:03.0384 4044 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:31:03.0477 4044 wcncsvc - ok
21:31:03.0524 4044 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:31:03.0571 4044 WcsPlugInService - ok
21:31:03.0587 4044 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
21:31:03.0602 4044 Wd - ok
21:31:03.0633 4044 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:31:03.0680 4044 Wdf01000 - ok
21:31:03.0696 4044 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:31:03.0727 4044 WdiServiceHost - ok
21:31:03.0727 4044 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:31:03.0774 4044 WdiSystemHost - ok
21:31:03.0774 4044 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
21:31:03.0805 4044 WebClient - ok
21:31:03.0852 4044 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:31:03.0899 4044 Wecsvc - ok
21:31:03.0930 4044 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:31:03.0945 4044 wercplsupport - ok
21:31:03.0961 4044 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
21:31:04.0008 4044 WerSvc - ok
21:31:04.0055 4044 WinDefend - ok
21:31:04.0055 4044 WinHttpAutoProxySvc - ok
21:31:04.0117 4044 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:31:04.0148 4044 Winmgmt - ok
21:31:04.0242 4044 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
21:31:04.0335 4044 WinRM - ok
21:31:04.0413 4044 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:31:04.0460 4044 Wlansvc - ok
21:31:04.0523 4044 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:31:04.0569 4044 WmiAcpi - ok
21:31:04.0616 4044 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:31:04.0647 4044 wmiApSrv - ok
21:31:04.0647 4044 WMPNetworkSvc - ok
21:31:04.0679 4044 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:31:04.0725 4044 WPCSvc - ok
21:31:04.0757 4044 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:31:04.0788 4044 WPDBusEnum - ok
21:31:04.0819 4044 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:31:04.0850 4044 WpdUsb - ok
21:31:05.0006 4044 [ 8E344C1B4FE7EDE0E9055405B9987862 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:31:05.0037 4044 WPFFontCache_v0400 - ok
21:31:05.0084 4044 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:31:05.0131 4044 ws2ifsl - ok
21:31:05.0193 4044 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
21:31:05.0209 4044 wscsvc - ok
21:31:05.0209 4044 WSearch - ok
21:31:05.0303 4044 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:31:05.0396 4044 wuauserv - ok
21:31:05.0412 4044 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:31:05.0443 4044 WudfPf - ok
21:31:05.0474 4044 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:31:05.0490 4044 WUDFRd - ok
21:31:05.0521 4044 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:31:05.0552 4044 wudfsvc - ok
21:31:05.0568 4044 ================ Scan global ===============================
21:31:05.0615 4044 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
21:31:05.0677 4044 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
21:31:05.0693 4044 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
21:31:05.0724 4044 [ F8DCE3BED869F69C9F7C562B943BC255 ] C:\Windows\system32\services.exe
21:31:05.0739 4044 [Global] - ok
21:31:05.0739 4044 ================ Scan MBR ==================================
21:31:05.0739 4044 [ 125A9EFB00805296E689C06CF6020C43 ] \Device\Harddisk0\DR0
21:31:06.0005 4044 \Device\Harddisk0\DR0 - ok
21:31:06.0005 4044 ================ Scan VBR ==================================
21:31:06.0005 4044 [ 711AB08345BE695E88998963FA4834DF ] \Device\Harddisk0\DR0\Partition1
21:31:06.0005 4044 \Device\Harddisk0\DR0\Partition1 - ok
21:31:06.0020 4044 [ B2EAC4B1DCB39CC668431E809B17E1E1 ] \Device\Harddisk0\DR0\Partition2
21:31:06.0020 4044 \Device\Harddisk0\DR0\Partition2 - ok
21:31:06.0020 4044 ============================================================
21:31:06.0020 4044 Scan finished
21:31:06.0020 4044 ============================================================
21:31:06.0020 0568 Detected object count: 5
21:31:06.0020 0568 Actual detected object count: 5
21:31:24.0803 0568 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:24.0803 0568 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:24.0803 0568 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:24.0803 0568 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:24.0803 0568 MBAMProtector ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:24.0803 0568 MBAMProtector ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:24.0803 0568 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:24.0803 0568 ProtexisLicensing ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:24.0803 0568 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:24.0803 0568 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:31:29.0155 4324 Deinitialize success
|
|
25.07.2013, 07:33
| #14 |
| /// the machine /// TB-Ausbilder | TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC Supi. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.07.2013, 09:32
| #15 |
| | TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC Mal wieder einiges gefunden: AdwCleaner Code:
ATTFilter # AdwCleaner v2.306 - Datei am 25/07/2013 um 10:04:06 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Gnubbi - GNUBBI-TEILCHEN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Gnubbi\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Windows\Uninstall.exe
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Gelöscht mit Neustart : C:\Program Files (x86)\Conduit
Gelöscht mit Neustart : C:\Program Files (x86)\Gophoto.it
Gelöscht mit Neustart : C:\Program Files (x86)\ICQ6Toolbar
Gelöscht mit Neustart : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Gelöscht mit Neustart : C:\ProgramData\ICQ\ICQToolbar
Gelöscht mit Neustart : C:\Users\Gnubbi\AppData\Local\PackageAware
Gelöscht mit Neustart : C:\Users\Gnubbi\AppData\Local\PutLockerDownloader
Gelöscht mit Neustart : C:\Users\Gnubbi\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\Gnubbi\AppData\Roaming\DataMgr
Gelöscht mit Neustart : C:\Users\Gnubbi\AppData\Roaming\DesktopIconForAmazon
Gelöscht mit Neustart : C:\Users\Gnubbi\AppData\Roaming\dvdvideosoftiehelpers
Gelöscht mit Neustart : C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Gelöscht mit Neustart : C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\4vhv66wx.default\extensions\sparpilot@sparpilot.com
Gelöscht mit Neustart : C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\4vhv66wx.default\extensions\staged
Gelöscht mit Neustart : C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\extensions\sparpilot@sparpilot.com
Gelöscht mit Neustart : C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\jetpack
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Freeze.com
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DesktopIconAmazon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\5f48addbd38e844
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5f48addbd38e844
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [firejump@firejump.net]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.19443
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=42D400225F09AD59&affID=122450&tsp=4943 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.searchrocket.info/?pid=658&r=2013/05/22&hid=2597692014&lg=EN&cc=DE&unqvl=16 --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\prefs.js
Gelöscht : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Gelöscht : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Gelöscht : user_pref("CommunityToolbar.alert.alertEnabled", false);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jan 15 2011 13:49:55 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jan 15 2011 13:49:47 GMT+0100");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "6586f229-71d4-4460-b418-c8f82734f6cc");
Gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Gelöscht : user_pref("aol_toolbar.default.search.check", false);
Gelöscht : user_pref("browser.search.defaultenginename", "WebSearch");
Gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.searchrocket.info/?pid=658&r=2013/05/22&hid[...]
Gelöscht : user_pref("browser.search.order.1", "Delta Search");
Gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "de");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "42d4944500000000000000225f09ad59");
Gelöscht : user_pref("extensions.delta.instlDay", "15900");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.514:11:22");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=122450&tsp=4943");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.searchrocket.info/?[...]
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.searchrocket.info/?pid=658&r=201[...]
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
*************************
AdwCleaner[R1].txt - [25403 octets] - [25/07/2013 10:03:20]
AdwCleaner[S1].txt - [19563 octets] - [25/07/2013 10:04:06]
########## EOF - C:\AdwCleaner[S1].txt - [19624 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows (TM) Vista Home Premium x64
Ran by Gnubbi on 25.07.2013 at 10:10:42,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4CB690B1-11EC-457C-B66A-3003BC43F5E3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F5C44D02-1CFC-4026-BBCC-E3514C88692E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4CB690B1-11EC-457C-B66A-3003BC43F5E3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{F5C44D02-1CFC-4026-BBCC-E3514C88692E}
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Gnubbi\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\Program Files (x86)\icq6toolbar"
~~~ FireFox
Successfully deleted: [File] C:\Users\Gnubbi\AppData\Roaming\mozilla\firefox\profiles\wljaky0a.default\invalidprefs.js
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com"
Successfully deleted the following from C:\Users\Gnubbi\AppData\Roaming\mozilla\firefox\profiles\wljaky0a.default\prefs.js
user_pref("om.config", "{\"active\":true,\"name\":\"twde\",\"id\":25,\"dispId\":\"CH-25\",\"aboutLink\":\"\",\"trackingGeneral\":true,\"gaAccount\":\"UA-39484183-1\",\"gaDomai
Emptied folder: C:\Users\Gnubbi\AppData\Roaming\mozilla\firefox\profiles\wljaky0a.default\minidumps [34 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.07.2013 at 10:15:21,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2013
Ran by Gnubbi (administrator) on 25-07-2013 10:26:24
Running from C:\Users\Gnubbi\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Users\Gnubbi\RocketDock\RocketDock.exe
(Windows Net) C:\Users\Gnubbi\AppData\Roaming\Windows Net Data\net.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
==================== Registry (Whitelisted) ==================
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
HKCU\...\Run: [RocketDock] - C:\Users\Gnubbi\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKCU\...\Run: [SSync] - C:\Users\Gnubbi\AppData\Roaming\SSync\SSync.exe [36864 2013-04-10] ()
HKCU\...\Run: [SCheck] - C:\Users\Gnubbi\AppData\Roaming\SCheck\SCheck.exe [36864 2013-04-10] ()
HKCU\...\Run: [Snoozer] - C:\Users\Gnubbi\AppData\Roaming\Snz\Snz.exe [1137673 2013-07-21] ()
HKCU\...\Run: [Intermediate] - C:\Users\Gnubbi\AppData\Roaming\Intermediate\Intermediate.exe [36864 2013-04-10] ()
HKLM-x32\...\Run: [avgnt] - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKU\Administrator\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-07-03] (Hewlett-Packard)
Startup: C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\net.lnk
ShortcutTarget: net.lnk -> C:\Users\Gnubbi\AppData\Roaming\Windows Net Data\net.exe (Windows Net)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=84&bd=Pavilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {4CB690B1-11EC-457C-B66A-3003BC43F5E3} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {F5C44D02-1CFC-4026-BBCC-E3514C88692E} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {01_TL-YODL-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_yodl&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {03_TL-GOOGLE-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {03_TL-TELEFONBUCH-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_telefonbuch&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {04_TL-AMAZON-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_amazon&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {05_TL-EBAY-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_ebay&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {07_TL-CONRAD-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_conrad&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {08_TL-OTTO-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_otto&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {09_TL-CLIPFISH-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_clipfish&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {10_TL-MYVIDEO-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_myvideo&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
SearchScopes: HKCU - {11_TL-MUSICLOAD-DE-E1416B8B2E3A} URL = hxxp://www.yodl.de/href.php?hrefname=FF-splug_musicload&q={searchTerms}&affid=1&uid=7DAF7DAD-E59A-4683-8823-F9FF0893EFF6
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: PiccShare BHO - {553318DA-D010-469E-84B1-496563CAE1C0} - C:\Users\Gnubbi\AppData\Local\ext_piccshare\ext_piccshare.dll (HTTO Group, Ltd)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.)
DPF: HKLM-x32 {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.72\npchrome_frame.dll (Google Inc.)
Handler-x32: ipp - No CLSID Value -
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
FireFox:
========
FF ProfilePath: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://www.google.de/ig
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\clipfish.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\conrad.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\discount24.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\musicload.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\myvideo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\otto.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\quelle.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\telefonbuch-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yodl.xml
FF Extension: Amazon-Icon - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\amazon-icon@winload.de
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\ich@maltegoetz.de
FF Extension: om - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\om@offermosquito.com.xpi
FF Extension: toolbar - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [mail@gutscheinrausch.de] C:\Users\Gnubbi\AppData\Roaming\Mozilla\Firefox\Profiles\wljaky0a.default\extensions\mail@gutscheinrausch.de
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: () - C:\Users\Gnubbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab\background.html
CHR Extension: (Amazon-Icon) - C:\Users\Gnubbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Gnubbi\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [652360 2012-01-13] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.)
S4 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] ()
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-03-12] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-10-11] (Avira GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-03-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23152 2011-12-10] (Malwarebytes Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2004-12-30] (INCA Internet Co., Ltd.)
S3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-04-27] (MCCI Corporation)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dump_wmimmc; \??\C:\Program Files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S1 StarOpen; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-25 10:15 - 2013-07-25 10:15 - 00003862 _____ C:\Users\Gnubbi\Desktop\JRT.txt
2013-07-25 10:10 - 2013-07-25 10:10 - 00000000 ____D C:\Windows\ERUNT
2013-07-25 10:09 - 2013-07-25 10:09 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Gnubbi\Desktop\JRT.exe
2013-07-25 10:07 - 2013-07-25 10:07 - 00019568 _____ C:\Users\Gnubbi\Desktop\AdwCleaner[S1].txt
2013-07-25 10:04 - 2013-07-25 10:04 - 00019568 _____ C:\AdwCleaner[S1].txt
2013-07-25 10:04 - 2013-07-25 10:04 - 00001324 _____ C:\Windows\DeleteOnReboot.bat
2013-07-25 10:03 - 2013-07-25 10:04 - 00025403 _____ C:\AdwCleaner[R1].txt
2013-07-25 10:02 - 2013-07-25 10:02 - 00666633 _____ C:\Users\Gnubbi\Desktop\adwcleaner.exe
2013-07-24 22:57 - 2013-07-24 22:57 - 00000000 ____D C:\Windows\system32\MRT
2013-07-24 10:28 - 2013-07-24 10:31 - 00000218 _____ C:\Users\Gnubbi\Desktop\combofix.txt
2013-07-24 09:43 - 2013-07-24 10:28 - 00000000 ___SD C:\ComboFix
2013-07-24 09:43 - 2013-07-24 09:43 - 00000000 ___SD C:\32788R22FWJFW
2013-07-23 20:27 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-23 20:27 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-23 20:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-23 20:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-23 20:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-23 20:27 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-23 20:27 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-23 20:27 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-23 20:24 - 2013-07-24 09:44 - 00000000 ____D C:\Qoobox
2013-07-23 20:24 - 2013-07-24 00:58 - 00000000 ____D C:\Windows\erdnt
2013-07-23 20:22 - 2013-07-23 20:23 - 05092552 ____R (Swearware) C:\Users\Gnubbi\Desktop\ComboFix.exe
2013-07-23 15:27 - 2013-07-23 15:27 - 00208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\62705974.sys
2013-07-23 15:23 - 2013-07-23 15:23 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-23 13:24 - 2013-07-23 13:25 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Gnubbi\Desktop\tdsskiller.exe
2013-07-22 21:19 - 2013-07-22 21:19 - 1165953648 _____ C:\Windows\MEMORY.DMP
2013-07-22 21:19 - 2013-07-22 21:19 - 00276984 _____ C:\Windows\Minidump\Mini072213-01.dmp
2013-07-22 21:19 - 2013-07-22 21:19 - 00000000 ____D C:\Windows\Minidump
2013-07-22 19:17 - 2013-07-22 19:17 - 00034708 _____ C:\Users\Gnubbi\Desktop\Addition.txt
2013-07-22 19:16 - 2013-07-23 15:33 - 00000000 ____D C:\FRST
2013-07-22 19:15 - 2013-07-22 19:15 - 01779363 _____ (Farbar) C:\Users\Gnubbi\Desktop\FRST64.exe
2013-07-22 17:23 - 2013-07-22 17:23 - 00009619 _____ C:\Users\Gnubbi\Desktop\gmer.txt
2013-07-22 15:38 - 2013-07-22 15:38 - 00377856 _____ C:\Users\Gnubbi\Desktop\gmer_2.1.19163.exe
2013-07-22 15:29 - 2013-07-22 15:29 - 00065906 _____ C:\Users\Gnubbi\Desktop\Extras.Txt
2013-07-22 15:27 - 2013-07-22 15:27 - 00121358 _____ C:\Users\Gnubbi\Desktop\OTL.Txt
2013-07-22 15:15 - 2013-07-22 15:15 - 00602112 _____ (OldTimer Tools) C:\Users\Gnubbi\Desktop\OTL.exe
2013-07-22 15:15 - 2013-07-22 15:15 - 00000474 _____ C:\Users\Gnubbi\Desktop\defogger_disable.log
2013-07-22 15:15 - 2013-07-22 15:15 - 00000000 _____ C:\Users\Gnubbi\defogger_reenable
2013-07-22 15:14 - 2013-07-22 15:14 - 00050477 _____ C:\Users\Gnubbi\Desktop\Defogger.exe
2013-07-22 12:00 - 2013-07-22 15:08 - 00010235 _____ C:\Windows\SysWOW64\Sandy Beach.log
2013-07-22 12:00 - 2013-07-22 12:00 - 00000000 ____D C:\Program Files (x86)\Sandy Beach 3D Screensaver
2013-07-22 12:00 - 2013-02-06 10:47 - 02644504 _____ (3Planesoft) C:\Windows\SysWOW64\Sandy_Beach_3D_Screensaver.scr
2013-07-22 11:54 - 2013-07-22 15:23 - 00010325 _____ C:\Windows\SysWOW64\Caribbean Islands.log
2013-07-22 11:54 - 2013-07-22 11:54 - 00000000 ____D C:\Program Files (x86)\Caribbean Islands 3D Screensaver
2013-07-22 11:54 - 2013-04-04 17:19 - 02536992 _____ (3Planesoft) C:\Windows\SysWOW64\Caribbean_Islands_3D_Screensaver.scr
2013-07-21 19:46 - 2013-07-21 19:46 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Snz
2013-07-16 16:18 - 2010-10-12 10:28 - 00421744 _____ C:\Windows\system32\Drivers\etc\hosts.20130716-161851.backup
2013-07-16 16:18 - 2010-10-12 10:28 - 00421744 _____ C:\Windows\system32\Drivers\etc\hosts.20130716-161827.backup
2013-07-15 14:16 - 2013-07-22 19:12 - 00009043 _____ C:\Windows\SysWOW64\Tropical Fish.log
2013-07-15 14:16 - 2013-07-15 14:16 - 00000000 ____D C:\Program Files (x86)\Tropical Fish 3D Screensaver
2013-07-15 14:16 - 2013-02-06 11:01 - 02511384 _____ (3Planesoft) C:\Windows\SysWOW64\Tropical_Fish_3D_Screensaver.scr
2013-07-15 14:05 - 2013-07-15 14:05 - 00197120 _____ (ScreenTime Media) C:\Windows\SysWOW64\3-D Jellyfish DemoESD.scr
2013-07-15 14:05 - 2013-07-15 14:05 - 00000000 ____D C:\Windows\SysWOW64\3-D Jellyfish DemoESD dir
2013-07-15 13:17 - 2013-07-25 10:05 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 13:17 - 2013-07-24 22:32 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-15 13:17 - 2013-07-21 19:47 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Intermediate
2013-07-15 13:17 - 2013-07-16 09:27 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 13:17 - 2013-07-16 09:27 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\SSync
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\SCheck
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\ext_piccshare
2013-07-15 13:16 - 2013-07-15 13:16 - 00000871 _____ C:\Users\Administrator\Desktop\Earth 3D Space Tour.lnk
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\PiccShare
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Common
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Program Files (x86)\3D Space Tour
2013-07-15 13:08 - 2013-07-15 13:08 - 00001079 _____ C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\View My Screensavers.lnk
2013-07-15 13:08 - 2013-07-15 13:08 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Astro Gemini Software
2013-07-15 13:08 - 2007-11-06 18:46 - 00106496 _____ C:\Windows\SysWOW64\Astro Gemini Screensaver Manager.scr
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\ChromeExtensions
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Windows Net Data
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Tempd859abcc6d9b14452ff9125efb5084c2
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Tempcbef2bd2ff1ab5bdb78c8808e08fc05e
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Temp75647aea5aa07b4ca02750042d58fa47
2013-07-14 14:11 - 2013-07-14 14:11 - 00003320 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-14 14:11 - 2013-07-14 14:11 - 00000000 ____D C:\Program Files (x86)\ScreenSaverGift
2013-07-10 22:40 - 2013-07-10 22:40 - 00002030 _____ C:\Users\Administrator\Desktop\Mehr Bildschirmschonern.lnk
2013-07-10 22:40 - 2013-07-10 22:40 - 00000827 _____ C:\Users\Administrator\Desktop\Nächtliche Stadt 3D Bildschirmschoner.lnk
2013-07-10 22:40 - 2007-04-03 13:52 - 00002303 _____ C:\Windows\SysWOW64\NaechtlicheStadt3DBildschirmschoner.html
2013-07-10 22:40 - 2007-04-03 13:51 - 12460032 _____ C:\Windows\SysWOW64\Nächtliche Stadt 3D Bildschirmschoner.scr
2013-07-10 12:41 - 2013-06-04 04:03 - 02775040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-10 12:41 - 2013-06-01 06:19 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-10 12:41 - 2013-06-01 06:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-10 12:41 - 2013-05-29 13:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-10 12:41 - 2013-05-29 13:30 - 00916480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-10 12:41 - 2013-05-29 13:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-10 12:41 - 2013-05-29 13:28 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-07-10 12:41 - 2013-05-29 13:26 - 06016000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-10 12:41 - 2013-05-29 13:26 - 00611840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2013-07-10 12:41 - 2013-05-29 13:26 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-07-10 12:41 - 2013-05-29 13:25 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-10 12:41 - 2013-05-29 13:25 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-07-10 12:41 - 2013-05-29 13:25 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-07-10 12:41 - 2013-05-29 13:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 11111424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 02004992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-10 12:41 - 2013-05-29 13:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-10 12:41 - 2013-05-29 13:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-10 12:41 - 2013-05-29 11:47 - 00385024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-07-10 12:41 - 2013-05-29 10:07 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-10 12:41 - 2013-05-29 10:06 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2013-07-10 12:41 - 2013-05-29 10:05 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-07-10 12:41 - 2013-05-29 10:04 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-10 12:41 - 2013-05-29 09:12 - 01489408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-10 12:41 - 2013-05-29 09:12 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-10 12:41 - 2013-05-29 09:12 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-10 12:41 - 2013-05-29 09:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-07-10 12:41 - 2013-05-29 09:09 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 09339904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00742912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-07-10 12:41 - 2013-05-29 09:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 12509184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 02356736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 01538560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-10 12:41 - 2013-05-29 09:07 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-10 12:41 - 2013-05-29 09:07 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-10 12:41 - 2013-05-29 07:59 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-07-10 12:41 - 2013-05-29 06:27 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-10 12:41 - 2013-05-29 06:26 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-10 12:41 - 2013-05-29 06:24 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-07-10 12:41 - 2013-05-29 06:23 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-10 12:41 - 2013-05-08 06:18 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 12:41 - 2013-05-08 06:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 12:41 - 2013-04-17 14:32 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-10 12:41 - 2013-04-17 14:32 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-10 12:41 - 2013-04-17 14:32 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-10 12:41 - 2013-04-17 14:32 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-10 12:41 - 2013-04-17 13:29 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-10 12:41 - 2013-04-17 13:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-07-10 12:41 - 2013-04-17 13:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-07-10 12:41 - 2013-04-17 13:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-07-10 12:41 - 2013-04-17 13:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-07-10 12:41 - 2013-04-17 13:27 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-10 12:41 - 2013-04-17 13:02 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-10 12:41 - 2013-04-17 12:58 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 12:41 - 2013-04-17 12:58 - 01149440 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-10 12:41 - 2013-04-17 12:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-07-10 12:41 - 2013-04-17 12:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-07-10 12:41 - 2013-04-17 12:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-07-10 12:41 - 2013-04-17 12:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-07 15:55 - 2013-07-07 15:55 - 00000032 _____ C:\Windows\setup.INI
2013-07-03 13:13 - 2013-07-03 13:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 20:53 - 2013-06-30 20:53 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\PuzzleLab
2013-06-30 20:45 - 2013-06-30 20:52 - 00000000 ____D C:\Program Files (x86)\Phenomenon - Meteorit Sammleredition
2013-06-30 20:45 - 2013-06-30 20:45 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phenomenon - Meteorit Sammleredition
==================== One Month Modified Files and Folders =======
2013-07-25 10:15 - 2013-07-25 10:15 - 00003862 _____ C:\Users\Gnubbi\Desktop\JRT.txt
2013-07-25 10:13 - 2012-03-30 08:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 10:11 - 2008-10-21 19:56 - 01134959 _____ C:\Windows\WindowsUpdate.log
2013-07-25 10:10 - 2013-07-25 10:10 - 00000000 ____D C:\Windows\ERUNT
2013-07-25 10:09 - 2013-07-25 10:09 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\Gnubbi\Desktop\JRT.exe
2013-07-25 10:07 - 2013-07-25 10:07 - 00019568 _____ C:\Users\Gnubbi\Desktop\AdwCleaner[S1].txt
2013-07-25 10:05 - 2013-07-15 13:17 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-25 10:05 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 10:05 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 10:05 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 10:04 - 2013-07-25 10:04 - 00019568 _____ C:\AdwCleaner[S1].txt
2013-07-25 10:04 - 2013-07-25 10:04 - 00001324 _____ C:\Windows\DeleteOnReboot.bat
2013-07-25 10:04 - 2013-07-25 10:03 - 00025403 _____ C:\AdwCleaner[R1].txt
2013-07-25 10:04 - 2006-11-02 17:42 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-25 10:02 - 2013-07-25 10:02 - 00666633 _____ C:\Users\Gnubbi\Desktop\adwcleaner.exe
2013-07-24 23:02 - 2013-07-24 22:57 - 00000000 ____D C:\Windows\system32\MRT
2013-07-24 22:32 - 2013-07-15 13:17 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-24 15:53 - 2009-04-15 15:53 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-24 10:33 - 2013-05-28 12:50 - 00007714 _____ C:\Windows\PFRO.log
2013-07-24 10:31 - 2013-07-24 10:28 - 00000218 _____ C:\Users\Gnubbi\Desktop\combofix.txt
2013-07-24 10:28 - 2013-07-24 09:43 - 00000000 ___SD C:\ComboFix
2013-07-24 09:44 - 2013-07-23 20:24 - 00000000 ____D C:\Qoobox
2013-07-24 09:43 - 2013-07-24 09:43 - 00000000 ___SD C:\32788R22FWJFW
2013-07-24 09:39 - 2009-04-11 17:30 - 00000000 ____D C:\Users\Gnubbi
2013-07-24 01:01 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2013-07-24 00:58 - 2013-07-23 20:24 - 00000000 ____D C:\Windows\erdnt
2013-07-24 00:53 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2013-07-23 20:23 - 2013-07-23 20:22 - 05092552 ____R (Swearware) C:\Users\Gnubbi\Desktop\ComboFix.exe
2013-07-23 15:33 - 2013-07-22 19:16 - 00000000 ____D C:\FRST
2013-07-23 15:27 - 2013-07-23 15:27 - 00208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\62705974.sys
2013-07-23 15:25 - 2009-10-20 23:36 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2013-07-23 15:23 - 2013-07-23 15:23 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-23 13:25 - 2013-07-23 13:24 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Gnubbi\Desktop\tdsskiller.exe
2013-07-23 11:16 - 2012-11-27 17:03 - 00010110 _____ C:\Windows\SysWOW64\Watermill.log
2013-07-22 21:19 - 2013-07-22 21:19 - 1165953648 _____ C:\Windows\MEMORY.DMP
2013-07-22 21:19 - 2013-07-22 21:19 - 00276984 _____ C:\Windows\Minidump\Mini072213-01.dmp
2013-07-22 21:19 - 2013-07-22 21:19 - 00000000 ____D C:\Windows\Minidump
2013-07-22 19:17 - 2013-07-22 19:17 - 00034708 _____ C:\Users\Gnubbi\Desktop\Addition.txt
2013-07-22 19:15 - 2013-07-22 19:15 - 01779363 _____ (Farbar) C:\Users\Gnubbi\Desktop\FRST64.exe
2013-07-22 19:12 - 2013-07-15 14:16 - 00009043 _____ C:\Windows\SysWOW64\Tropical Fish.log
2013-07-22 17:23 - 2013-07-22 17:23 - 00009619 _____ C:\Users\Gnubbi\Desktop\gmer.txt
2013-07-22 15:59 - 2012-12-14 21:28 - 00007274 _____ C:\Windows\SysWOW64\Snow Village.log
2013-07-22 15:38 - 2013-07-22 15:38 - 00377856 _____ C:\Users\Gnubbi\Desktop\gmer_2.1.19163.exe
2013-07-22 15:29 - 2013-07-22 15:29 - 00065906 _____ C:\Users\Gnubbi\Desktop\Extras.Txt
2013-07-22 15:27 - 2013-07-22 15:27 - 00121358 _____ C:\Users\Gnubbi\Desktop\OTL.Txt
2013-07-22 15:23 - 2013-07-22 11:54 - 00010325 _____ C:\Windows\SysWOW64\Caribbean Islands.log
2013-07-22 15:15 - 2013-07-22 15:15 - 00602112 _____ (OldTimer Tools) C:\Users\Gnubbi\Desktop\OTL.exe
2013-07-22 15:15 - 2013-07-22 15:15 - 00000474 _____ C:\Users\Gnubbi\Desktop\defogger_disable.log
2013-07-22 15:15 - 2013-07-22 15:15 - 00000000 _____ C:\Users\Gnubbi\defogger_reenable
2013-07-22 15:14 - 2013-07-22 15:14 - 00050477 _____ C:\Users\Gnubbi\Desktop\Defogger.exe
2013-07-22 15:08 - 2013-07-22 12:00 - 00010235 _____ C:\Windows\SysWOW64\Sandy Beach.log
2013-07-22 12:00 - 2013-07-22 12:00 - 00000000 ____D C:\Program Files (x86)\Sandy Beach 3D Screensaver
2013-07-22 11:54 - 2013-07-22 11:54 - 00000000 ____D C:\Program Files (x86)\Caribbean Islands 3D Screensaver
2013-07-22 11:54 - 2012-11-27 17:37 - 00000000 ____D C:\ProgramData\3Planesoft
2013-07-22 11:54 - 2012-11-27 17:37 - 00000000 ____D C:\Program Files (x86)\3Planesoft Screensaver Manager
2013-07-22 11:29 - 2013-01-01 16:30 - 00008167 _____ C:\Windows\SysWOW64\Nature.log
2013-07-21 19:47 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Intermediate
2013-07-21 19:46 - 2013-07-21 19:46 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Snz
2013-07-20 21:36 - 2009-04-11 17:33 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Adobe
2013-07-20 20:22 - 2013-05-30 15:00 - 00001626 _____ C:\Windows\setupact.log
2013-07-19 17:16 - 2009-04-11 18:45 - 00000418 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2013-07-17 20:58 - 2013-01-01 16:37 - 00008402 _____ C:\Windows\SysWOW64\Coral Reef.log
2013-07-17 15:56 - 2012-11-28 09:54 - 00010261 _____ C:\Windows\SysWOW64\Faraway Planet.log
2013-07-17 15:55 - 2012-11-27 21:55 - 00011055 _____ C:\Windows\SysWOW64\Koi Fish.log
2013-07-17 12:45 - 2012-11-28 14:01 - 00010495 _____ C:\Windows\SysWOW64\Sunny Patio.log
2013-07-17 12:45 - 2012-11-28 13:56 - 00009316 _____ C:\Windows\SysWOW64\Wildflowers.log
2013-07-17 12:44 - 2012-11-28 14:47 - 00011666 _____ C:\Windows\SysWOW64\Autumn Wonderland.log
2013-07-17 12:43 - 2012-11-28 14:41 - 00000958 _____ C:\Windows\SysWOW64\Autumn Forest.log
2013-07-17 12:19 - 2012-12-28 14:36 - 00008916 _____ C:\Windows\SysWOW64\Ancient Castle.log
2013-07-16 13:54 - 2009-08-18 11:40 - 00002098 _____ C:\Windows\wininit.ini
2013-07-16 13:54 - 2009-04-11 17:36 - 00000000 ___RD C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-16 13:18 - 2009-04-11 23:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-16 09:27 - 2013-07-15 13:17 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-16 09:27 - 2013-07-15 13:17 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-15 16:01 - 2009-04-11 18:24 - 00000000 ___RD C:\INCOME
2013-07-15 14:16 - 2013-07-15 14:16 - 00000000 ____D C:\Program Files (x86)\Tropical Fish 3D Screensaver
2013-07-15 14:09 - 2009-06-17 12:58 - 00000368 _____ C:\Users\Gnubbi\AppData\Roaming\burnaware.ini
2013-07-15 14:05 - 2013-07-15 14:05 - 00197120 _____ (ScreenTime Media) C:\Windows\SysWOW64\3-D Jellyfish DemoESD.scr
2013-07-15 14:05 - 2013-07-15 14:05 - 00000000 ____D C:\Windows\SysWOW64\3-D Jellyfish DemoESD dir
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\SSync
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\SCheck
2013-07-15 13:17 - 2013-07-15 13:17 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\ext_piccshare
2013-07-15 13:17 - 2009-04-11 22:23 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Google
2013-07-15 13:17 - 2009-04-11 22:23 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-15 13:16 - 2013-07-15 13:16 - 00000871 _____ C:\Users\Administrator\Desktop\Earth 3D Space Tour.lnk
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\PiccShare
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Common
2013-07-15 13:16 - 2013-07-15 13:16 - 00000000 ____D C:\Program Files (x86)\3D Space Tour
2013-07-15 13:08 - 2013-07-15 13:08 - 00001079 _____ C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\View My Screensavers.lnk
2013-07-15 13:08 - 2013-07-15 13:08 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Astro Gemini Software
2013-07-15 13:08 - 2011-11-30 22:00 - 00000000 ____D C:\Program Files (x86)\Astro Gemini Software
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\ChromeExtensions
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Windows Net Data
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Tempd859abcc6d9b14452ff9125efb5084c2
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Tempcbef2bd2ff1ab5bdb78c8808e08fc05e
2013-07-15 13:07 - 2013-07-15 13:07 - 00000000 ____D C:\Users\Gnubbi\AppData\Local\Temp75647aea5aa07b4ca02750042d58fa47
2013-07-14 14:11 - 2013-07-14 14:11 - 00003320 _____ C:\Windows\System32\Tasks\EPUpdater
2013-07-14 14:11 - 2013-07-14 14:11 - 00000000 ____D C:\Program Files (x86)\ScreenSaverGift
2013-07-11 11:17 - 2006-11-02 17:21 - 00327552 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 11:16 - 2006-11-02 17:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2013-07-11 11:16 - 2006-11-02 17:07 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 11:15 - 2010-03-25 00:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 00:43 - 2008-10-03 04:44 - 00639210 _____ C:\Windows\system32\perfh007.dat
2013-07-11 00:43 - 2008-10-03 04:44 - 00131250 _____ C:\Windows\system32\perfc007.dat
2013-07-11 00:43 - 2006-11-02 14:46 - 01497522 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-10 22:40 - 2013-07-10 22:40 - 00002030 _____ C:\Users\Administrator\Desktop\Mehr Bildschirmschonern.lnk
2013-07-10 22:40 - 2013-07-10 22:40 - 00000827 _____ C:\Users\Administrator\Desktop\Nächtliche Stadt 3D Bildschirmschoner.lnk
2013-07-07 20:24 - 2013-01-18 15:30 - 00000000 ____D C:\Program Files (x86)\Mystery Stories - Das Geisterschiff
2013-07-07 20:23 - 2013-01-18 13:44 - 00000000 ____D C:\Program Files (x86)\Mystery Stories - Expedition des Grauens
2013-07-07 15:55 - 2013-07-07 15:55 - 00000032 _____ C:\Windows\setup.INI
2013-07-05 13:51 - 2009-04-11 18:24 - 00000000 ____D C:\POST
2013-07-04 12:23 - 2012-04-27 20:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 20:54 - 2009-04-11 18:24 - 00000000 ____D C:\FOTO
2013-07-03 13:14 - 2013-07-03 13:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 20:53 - 2013-06-30 20:53 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\PuzzleLab
2013-06-30 20:52 - 2013-06-30 20:45 - 00000000 ____D C:\Program Files (x86)\Phenomenon - Meteorit Sammleredition
2013-06-30 20:51 - 2011-07-19 17:23 - 00000000 ____D C:\BigFishGamesCache
2013-06-30 20:45 - 2013-06-30 20:45 - 00000000 ____D C:\Users\Gnubbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phenomenon - Meteorit Sammleredition
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-10-20 23:36] - [2013-07-23 15:25] - 0380928 ____A (Microsoft Corporation) F8DCE3BED869F69C9F7C562B943BC255
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-25 10:12
==================== End Of Log ============================
|
|
| Themen zu TR/ATRAPS.Gen2 in C:\windows\installer\...\80000032.@ Avira Fund auf Vista PC |
| amazon-icon, antivir, autorun, avira, bho, black, browser, converter, entfernen, error, firefox, flash player, home, install.exe, intranet, kommt immer wieder, logfile, mozilla, mp3, object, piccshare, plug-in, popup, problem, realtek, registry, scan, security, snoozer, software, somoto, svchost.exe, vista, win32k.sys, windows |
Linear-Darstellung
