| |
| |||||||
Log-Analyse und Auswertung: UKash Windows Security TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.03.2012, 13:43
| #1 |
| |  UKash Windows Security Trojaner Hallo Gemeinde, wie bei der Vielzahl von anderen Usern hat es mich auch erwischt (zum 2-ten Mal). Beim ersten Mal vor zwei Wochen hatte ich den BKA-Trojaner mit der gleichen Aufforderung 100 € zu zahlen, hab den Rechner im abgesicherten Modus neugestartet, unter Autostart auffällige EXE-Datei mit vielen zahlen gelöscht und da wa Ruhe. Heute das gleiche Prinzip nur unter anderen Umständen: angeblich illegale Windoof Version und darum Aufforderung von 100 €. Hab im abgesichertem Modus gestartet, mit dem OTL Tool und dem Script von euch den Quick Scan durchgeführt, wie es in der Anleitung stand, die TXT-Dateien hefte ich euch an. Danke schon mal im Vorraus Grüße webcollectorOTL Logfile: Code:
ATTFilter OTL logfile created on: 30.03.2012 14:21:58 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\install\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,39 Gb Available Physical Memory | 84,90% Memory free 7,99 Gb Paging File | 7,41 Gb Available in Paging File | 92,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 48,83 Gb Total Space | 14,76 Gb Free Space | 30,22% Space Free | Partition Type: NTFS Drive D: | 19,53 Gb Total Space | 14,99 Gb Free Space | 76,73% Space Free | Partition Type: NTFS Drive E: | 397,39 Gb Total Space | 257,52 Gb Free Space | 64,80% Space Free | Partition Type: NTFS Drive H: | 0,96 Mb Total Space | 0,96 Mb Free Space | 100,00% Space Free | Partition Type: FAT Drive I: | 1,82 Gb Total Space | 1,80 Gb Free Space | 98,82% Space Free | Partition Type: FAT32 Computer Name: PC | User Name: install | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.30 14:05:42 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\install\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.02.03 06:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.02.19 09:12:32 | 000,565,928 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxbkcoms.exe -- (lxbk_device) SRV - [2011.12.11 20:17:19 | 001,768,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe -- (Guard.Mail.ru) SRV - [2011.07.25 23:41:28 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.25 23:41:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- E:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.04.07 17:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Stopped] -- C:\Programme\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2011.03.04 03:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Stopped] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.08.04 17:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2009.07.14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.02.19 09:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxbkcoms.exe -- (lxbk_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.11.11 22:25:43 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.07.25 23:41:28 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.07.25 23:41:28 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.05.11 15:56:34 | 000,057,424 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus) DRV:64bit: - [2011.05.11 15:56:26 | 000,037,456 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3) DRV:64bit: - [2011.03.04 03:25:20 | 004,183,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC) DRV:64bit: - [2011.03.04 03:23:54 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2010.12.07 15:39:32 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrackPro.sys -- (MAUSBFASTTRACKPRO) DRV:64bit: - [2010.10.22 02:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB) DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.02.03 06:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.02.03 05:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.01.28 16:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.10.10 00:55:56 | 000,022,568 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:64bit: - [2009.09.25 16:58:32 | 000,178,688 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2009.09.25 16:58:24 | 000,073,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.08.20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\URLSearchHook: {83821C2B-32A8-4DD7-B6D4-44309A78E668} - SOFTWARE\Classes\CLSID\{83821C2B-32A8-4DD7-B6D4-44309A78E668}\InprocServer32 File not found IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {73AE0EAB-5680-456d-9FF1-97103CEA3839} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{45156678-551C-455a-A717-95AB3653AB9F}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\..\SearchScopes\{73AE0EAB-5680-456d-9FF1-97103CEA3839}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: E:\Mozilla Firefox 5\components [2012.03.18 19:56:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: E:\Mozilla Firefox 5\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: E:\Mozilla Firefox 5\components [2012.03.18 19:56:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: E:\Mozilla Firefox 5\plugins [2011.07.25 23:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\install\AppData\Roaming\mozilla\Extensions [2011.07.27 15:21:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\install\AppData\Roaming\mozilla\Firefox\Profiles\71zsfnsc.default\extensions O1 HOSTS File: ([2011.09.21 20:55:43 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AlterGeoBHO Class) - {9BFBA68E-E21B-458E-AE12-FE85E903D2C1} - C:\Program Files (x86)\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll (Wi2Geo) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [lxbkbmgr.exe] C:\Program Files (x86)\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.) O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe File not found O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe File not found O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] E:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe () O4 - HKLM..\Run: [LWS] E:\Logitech WebCam\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [MAgent] E:\MailAgent\MAgent.exe (Mail.Ru) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [DAEMON Tools Lite] E:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - HKCU..\Run: [MediaGet2] C:\Users\install\AppData\Local\MediaGet2\mediaget.exe --minimized File not found O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [vasja] C:\Users\install\AppData\Local\Temp\mor.exe (fbnF) O4 - Startup: C:\Users\install\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\install\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Экспорт в Microsoft Excel - E:\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: &Экспорт в Microsoft Excel - E:\Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - E:\MailAgent\magent.exe (Mail.Ru) O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - E:\MailAgent\magent.exe (Mail.Ru) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05FA07F0-B0A2-4DFD-941D-6B134BC56818}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{188e1278-0ca3-11e1-bf0b-001f3f07577d}\Shell - "" = AutoRun O33 - MountPoints2\{188e1278-0ca3-11e1-bf0b-001f3f07577d}\Shell\AutoRun\command - "" = G:\SETUP.EXE /AUTORUN O33 - MountPoints2\{188e1278-0ca3-11e1-bf0b-001f3f07577d}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{188e1278-0ca3-11e1-bf0b-001f3f07577d}\Shell\install\command - "" = G:\SETUP.EXE O33 - MountPoints2\{6d0d5bdc-b702-11e0-b534-6cf0490d7cd0}\Shell - "" = AutoRun O33 - MountPoints2\{6d0d5bdc-b702-11e0-b534-6cf0490d7cd0}\Shell\AutoRun\command - "" = I:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.03.30 14:16:25 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\install\Desktop\OTL.exe [2012.03.30 14:15:59 | 000,000,000 | ---D | C] -- C:\Users\install\Desktop\links [2012.03.22 21:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.03.22 21:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.03.22 21:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2012.03.22 21:33:47 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.03.22 21:33:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.03.18 17:42:20 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Roaming\DeepBurner [2012.03.18 17:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DeepBurner [2012.03.17 16:16:44 | 000,000,000 | ---D | C] -- C:\Users\install\Documents\Bewerbung [2012.03.10 20:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVSVideoBurner [2012.03.10 20:45:35 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2012.03.10 20:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2012.03.10 16:40:28 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Roaming\AVS4YOU [2012.03.10 16:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2012.03.10 16:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2012.03.10 16:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2012.03.09 23:27:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 [2012.03.09 22:29:49 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2012.03.09 17:15:25 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Local\Diagnostics [2012.03.03 19:06:39 | 000,000,000 | ---D | C] -- C:\Users\install\Documents\BFBC2 [2012.03.03 18:36:34 | 000,000,000 | ---D | C] -- C:\Users\install\AppData\Roaming\Ubisoft [2012.03.03 18:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2012.03.03 16:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield ========== Files - Modified Within 30 Days ========== [2012.03.30 14:13:51 | 001,740,056 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.30 14:13:51 | 000,748,932 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.30 14:13:51 | 000,694,324 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.30 14:13:51 | 000,165,238 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.30 14:13:51 | 000,134,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.30 14:09:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.30 14:09:39 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys [2012.03.30 14:05:42 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\install\Desktop\OTL.exe [2012.03.30 13:55:42 | 000,014,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.30 13:55:42 | 000,014,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.29 17:27:06 | 000,022,466 | ---- | M] () -- C:\Users\install\Documents\Deutsch-INhaltsangabe.odt [2012.03.25 17:49:48 | 001,693,400 | ---- | M] () -- C:\Users\install\Documents\ANJ2.jpg [2012.03.23 14:48:46 | 004,992,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.22 21:35:55 | 000,000,754 | ---- | M] () -- C:\Windows\ODBC.INI [2012.03.20 20:12:16 | 000,030,574 | ---- | M] () -- C:\Users\install\Documents\Debatte Komplett.odt [2012.03.18 17:42:07 | 000,000,540 | ---- | M] () -- C:\Users\install\Desktop\DeepBurner.lnk [2012.03.18 17:25:21 | 000,012,911 | ---- | M] () -- C:\Users\install\Documents\Deutsch Debatte.odt [2012.03.17 16:12:20 | 005,895,632 | ---- | M] () -- C:\Users\install\Documents\e.pdf [2012.03.17 16:02:04 | 000,382,987 | ---- | M] () -- C:\Users\install\Documents\f.pdf [2012.03.15 16:16:32 | 001,070,924 | ---- | M] () -- C:\Users\install\Documents\J.jpg [2012.03.15 16:13:30 | 001,283,479 | ---- | M] () -- C:\Users\install\Documents\ef.jpg [2012.03.15 16:10:36 | 001,681,964 | ---- | M] () -- C:\Users\install\Documents\4_2.jpg [2012.03.15 16:08:59 | 002,304,696 | ---- | M] () -- C:\Users\install\Documents\4_1.jpg [2012.03.15 16:07:16 | 002,364,941 | ---- | M] () -- C:\Users\install\Documents\3.jpg [2012.03.15 16:05:36 | 002,250,248 | ---- | M] () -- C:\Users\install\Documents\2.jpg [2012.03.15 16:03:46 | 002,146,404 | ---- | M] () -- C:\Users\install\Documents\1.jpg [2012.03.15 15:59:37 | 001,083,003 | ---- | M] () -- C:\Users\install\Documents\ung.jpg [2012.03.15 15:56:06 | 002,347,949 | ---- | M] () -- C:\Users\install\Documents\s.jpg [2012.03.11 20:19:55 | 000,027,838 | ---- | M] () -- C:\Users\install\Documents\Debatte.odt [2012.03.10 20:45:37 | 000,001,294 | ---- | M] () -- C:\Users\install\Desktop\AVS4YOU Software Navigator.lnk [2012.03.10 20:45:20 | 000,000,629 | ---- | M] () -- C:\Users\install\Desktop\AVS Video Converter 6.lnk [2012.03.10 02:34:28 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.03.10 02:34:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.03.09 22:29:49 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys ========== Files Created - No Company Name ========== [2012.03.29 17:19:53 | 000,022,466 | ---- | C] () -- C:\Users\install\Documents\Deutsch-INhaltsangabe.odt [2012.03.20 18:41:40 | 000,030,574 | ---- | C] () -- C:\Users\install\Documents\Debatte Komplett.odt [2012.03.18 17:42:07 | 000,000,540 | ---- | C] () -- C:\Users\install\Desktop\DeepBurner.lnk [2012.03.18 17:20:55 | 000,012,911 | ---- | C] () -- C:\Users\install\Documents\Deutsch Debatte.odt [2012.03.17 16:12:20 | 005,895,632 | ---- | C] () -- C:\Users\install\Documents\e.pdf [2012.03.17 16:02:02 | 000,382,987 | ---- | C] () -- C:\Users\install\Documents\ief.pdf [2012.03.15 21:25:16 | 001,693,400 | ---- | C] () -- C:\Users\install\Documents\2.jpg [2012.03.15 16:16:32 | 001,070,924 | ---- | C] () -- C:\Users\install\Documents\.jpg [2012.03.15 16:13:29 | 001,283,479 | ---- | C] () -- C:\Users\install\Documents\jpg [2012.03.15 16:10:36 | 001,681,964 | ---- | C] () -- C:\Users\install\Documents\gnis 4_2.jpg [2012.03.15 16:08:58 | 002,304,696 | ---- | C] () -- C:\Users\install\Documents\is 4_1.jpg [2012.03.15 16:07:15 | 002,364,941 | ---- | C] () -- C:\Users\install\Documents\gnis 3.jpg [2012.03.15 16:05:35 | 002,250,248 | ---- | C] () -- C:\Users\install\Documents\gnis 2.jpg [2012.03.15 16:03:45 | 002,146,404 | ---- | C] () -- C:\Users\install\Documents\gnis 1.jpg [2012.03.15 15:59:37 | 001,083,003 | ---- | C] () -- C:\Users\install\Documents\ng.jpg [2012.03.15 15:56:06 | 002,347,949 | ---- | C] () -- C:\Users\install\Documents\gnis.jpg [2012.03.11 20:15:20 | 000,027,838 | ---- | C] () -- C:\Users\install\Documents\Debatte.odt [2012.03.10 20:45:37 | 000,001,294 | ---- | C] () -- C:\Users\install\Desktop\AVS4YOU Software Navigator.lnk [2012.03.10 20:45:20 | 000,000,629 | ---- | C] () -- C:\Users\install\Desktop\AVS Video Converter 6.lnk [2012.03.10 02:34:28 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.03.10 02:34:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.02.09 16:30:20 | 000,003,584 | ---- | C] () -- C:\Users\install\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.24 21:54:36 | 001,626,780 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.20 21:27:27 | 011,516,718 | ---- | C] () -- C:\Windows\SysWow64\meinfotoalbum_meinfotoalbum_uninstaller.exe [2011.09.21 20:55:41 | 000,000,754 | ---- | C] () -- C:\Windows\ODBC.INI [2011.07.31 18:56:42 | 000,000,016 | ---- | C] () -- C:\Users\install\AppData\Roaming\msregsvv.dll [2011.07.31 18:56:42 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc [2011.07.26 20:04:45 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll [2011.07.26 20:04:45 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat [2011.07.26 14:43:12 | 000,000,235 | ---- | C] () -- C:\Windows\Lexstat.ini [2011.07.26 14:41:57 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkserv.dll [2011.07.26 14:41:57 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkusb1.dll [2011.07.26 14:41:57 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkhbn3.dll [2011.07.26 14:41:57 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomc.dll [2011.07.26 14:41:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpmui.dll [2011.07.26 14:41:57 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbklmpm.dll [2011.07.26 14:41:57 | 000,537,256 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcoms.exe [2011.07.26 14:41:57 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcomm.dll [2011.07.26 14:41:57 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\lxbkutil.dll [2011.07.26 14:41:57 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkinpa.dll [2011.07.26 14:41:57 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkiesc.dll [2011.07.26 14:41:57 | 000,385,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkih.exe [2011.07.26 14:41:57 | 000,381,608 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkcfg.exe [2011.07.26 14:41:57 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\LXBKinst.dll [2011.07.26 14:41:57 | 000,180,904 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkppls.exe [2011.07.26 14:41:57 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkprox.dll [2011.07.26 14:41:57 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxbkpplc.dll [2011.07.25 22:59:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.07.25 22:56:00 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.25 22:45:03 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2011.07.25 22:45:03 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2011.07.25 22:39:28 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.04 03:26:22 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011.03.04 03:26:22 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.03.04 03:26:16 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll ========== LOP Check ========== [2012.02.02 15:58:26 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\DAEMON Tools Lite [2012.03.18 17:52:58 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\DeepBurner [2012.03.30 13:49:18 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Dropbox [2012.03.28 20:45:21 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\ICQ [2011.07.31 19:04:36 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\IK Multimedia [2011.07.28 02:31:58 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Leadertech [2011.12.21 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Mra [2012.02.05 15:43:59 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\OpenOffice.org [2011.11.01 19:28:16 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\pdfforge [2011.07.26 02:29:45 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011.08.02 18:48:04 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Steinberg [2011.09.28 18:54:43 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\TeamViewer [2012.03.03 18:36:34 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\Ubisoft [2012.03.10 21:52:26 | 000,000,000 | ---D | M] -- C:\Users\install\AppData\Roaming\uTorrent [2012.02.15 11:56:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.07.25 22:37:16 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.07.25 23:25:26 | 000,000,000 | -HSD | M] -- C:\Boot [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.07.25 22:36:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.07.26 14:40:43 | 000,000,000 | ---D | M] -- C:\drivers [2011.12.24 21:53:39 | 000,000,000 | ---D | M] -- C:\inetpub [2011.07.25 22:41:37 | 000,000,000 | ---D | M] -- C:\Intel [2012.01.05 14:45:39 | 000,000,000 | ---D | M] -- C:\meinfotoalbum_GesendeterAuftrag [2011.07.26 21:06:07 | 000,000,000 | ---D | M] -- C:\Nexon [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.03.03 16:26:09 | 000,000,000 | R--D | M] -- C:\Program Files [2012.03.22 21:34:26 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.03.10 20:56:39 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.07.25 22:36:54 | 000,000,000 | -HSD | M] -- C:\Programme [2011.07.25 22:36:54 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.03.30 12:39:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.03.15 16:16:20 | 000,000,000 | ---D | M] -- C:\temp [2011.07.25 22:37:01 | 000,000,000 | R--D | M] -- C:\Users [2012.03.22 21:33:47 | 000,000,000 | ---D | M] -- C:\Windows [2012.02.18 15:18:58 | 000,000,000 | ---D | M] -- C:\WindowsESD < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.03.30 14:23:59 | 002,359,296 | -HS- | M] () -- C:\Users\install\NTUSER.DAT [2012.03.30 14:23:58 | 000,262,144 | -HS- | M] () -- C:\Users\install\ntuser.dat.LOG1 [2011.07.25 22:37:02 | 000,000,000 | -HS- | M] () -- C:\Users\install\ntuser.dat.LOG2 [2011.07.25 22:42:35 | 000,065,536 | -HS- | M] () -- C:\Users\install\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.07.25 22:42:35 | 000,524,288 | -HS- | M] () -- C:\Users\install\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.07.25 22:42:35 | 000,524,288 | -HS- | M] () -- C:\Users\install\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.07.25 22:37:03 | 000,000,020 | -HS- | M] () -- C:\Users\install\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Files - Unicode (All) ========== [2011.12.24 22:08:14 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\Go-Go ?? ???????.Inna dance - YouTube.URL) -- C:\Users\install\Desktop\Go-Go на пуантах.Inna dance - YouTube.URL [2011.12.24 22:08:14 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\Go-Go ?? ???????.Inna dance - YouTube.URL) -- C:\Users\install\Desktop\Go-Go на пуантах.Inna dance - YouTube.URL [2011.12.05 22:08:56 | 000,000,068 | ---- | M] ()(C:\Users\install\Desktop\????????? ?????? - ?????-????? vs Mina - Lo Faresti - YouTube.URL) -- C:\Users\install\Desktop\Унесенные ветром - Какао-Какао vs Mina - Lo Faresti - YouTube.URL [2011.12.05 22:08:56 | 000,000,068 | ---- | C] ()(C:\Users\install\Desktop\????????? ?????? - ?????-????? vs Mina - Lo Faresti - YouTube.URL) -- C:\Users\install\Desktop\Унесенные ветром - Какао-Какао vs Mina - Lo Faresti - YouTube.URL [2011.11.30 21:47:32 | 000,000,059 | ---- | M] ()(C:\Users\install\Desktop\?????????? ???????? ???????? 167 ??????????.URL) -- C:\Users\install\Desktop\Фотографии Элеоноры Агаповой 167 фотографий.URL [2011.11.30 21:47:32 | 000,000,059 | ---- | C] ()(C:\Users\install\Desktop\?????????? ???????? ???????? 167 ??????????.URL) -- C:\Users\install\Desktop\Фотографии Элеоноры Агаповой 167 фотографий.URL [2011.11.29 22:19:00 | 000,000,061 | ---- | M] ()(C:\Users\install\Desktop\«5 ??????? ?????» - ????? ????????? ???????? ????????.URL) -- C:\Users\install\Desktop\«5 бутылок водки» - фильм режиссера Светланы Басковой.URL [2011.11.29 22:19:00 | 000,000,061 | ---- | C] ()(C:\Users\install\Desktop\«5 ??????? ?????» - ????? ????????? ???????? ????????.URL) -- C:\Users\install\Desktop\«5 бутылок водки» - фильм режиссера Светланы Басковой.URL [2011.11.29 21:52:02 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\? ????? ?????? ???? - YouTube.URL) -- C:\Users\install\Desktop\У кошки четыре ноги - YouTube.URL [2011.11.29 21:52:02 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\? ????? ?????? ???? - YouTube.URL) -- C:\Users\install\Desktop\У кошки четыре ноги - YouTube.URL [2011.11.21 22:06:47 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\? ????? ?????? ?????? ??... - YouTube.URL) -- C:\Users\install\Desktop\С таким языком только на... - YouTube.URL [2011.11.21 22:06:47 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\? ????? ?????? ?????? ??... - YouTube.URL) -- C:\Users\install\Desktop\С таким языком только на... - YouTube.URL [2011.11.20 00:27:34 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\?????????? ?? ??????? ??????? ?????. ????????. - YouTube.URL) -- C:\Users\install\Desktop\ПИСЬМОШНАЯ на Пикнике журнала Афиша. Оригинал. - YouTube.URL [2011.11.20 00:27:34 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\?????????? ?? ??????? ??????? ?????. ????????. - YouTube.URL) -- C:\Users\install\Desktop\ПИСЬМОШНАЯ на Пикнике журнала Афиша. Оригинал. - YouTube.URL [2011.10.28 21:59:42 | 000,000,068 | ---- | M] ()(C:\Users\install\Desktop\?-????? - ??????? ?? ?????? - YouTube.URL) -- C:\Users\install\Desktop\Ю-Питер - Девушка По Городу - YouTube.URL [2011.10.28 21:59:42 | 000,000,068 | ---- | C] ()(C:\Users\install\Desktop\?-????? - ??????? ?? ?????? - YouTube.URL) -- C:\Users\install\Desktop\Ю-Питер - Девушка По Городу - YouTube.URL [2011.09.21 16:11:08 | 000,000,064 | ---- | M] ()(C:\Users\install\Desktop\???????? ??? ???????? ? ?????? ????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Подстава для режисера в прямом эфире - Fishki.Net Остальные Видео.URL [2011.09.21 16:11:08 | 000,000,064 | ---- | C] ()(C:\Users\install\Desktop\???????? ??? ???????? ? ?????? ????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Подстава для режисера в прямом эфире - Fishki.Net Остальные Видео.URL [2011.09.01 23:18:29 | 000,000,064 | ---- | M] ()(C:\Users\install\Desktop\??????????? - ???????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Барабанщики - виртуозы - Fishki.Net Остальные Видео.URL [2011.09.01 23:18:29 | 000,000,064 | ---- | C] ()(C:\Users\install\Desktop\??????????? - ???????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Барабанщики - виртуозы - Fishki.Net Остальные Видео.URL [2011.08.22 10:07:14 | 000,000,064 | ---- | M] ()(C:\Users\install\Desktop\??? ????? ????? ???????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Как нужно брать интервью - Fishki.Net Остальные Видео.URL [2011.08.22 10:07:14 | 000,000,064 | ---- | C] ()(C:\Users\install\Desktop\??? ????? ????? ???????? - Fishki.Net ????????? ?????.URL) -- C:\Users\install\Desktop\Как нужно брать интервью - Fishki.Net Остальные Видео.URL [2011.08.09 20:34:34 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\?Rammstein - Sehnsucht on bayan %))?? - YouTube.URL) -- C:\Users\install\Desktop\Rammstein - Sehnsucht on bayan %)) - YouTube.URL [2011.08.09 20:34:34 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\?Rammstein - Sehnsucht on bayan %))?? - YouTube.URL) -- C:\Users\install\Desktop\Rammstein - Sehnsucht on bayan %)) - YouTube.URL [2011.08.08 16:15:42 | 000,000,000 | ---D | M](C:\Users\install\Documents\????? Mail.Ru ??????) -- C:\Users\install\Documents\Файлы Mail.Ru Агента [2011.08.08 16:15:42 | 000,000,000 | ---D | C](C:\Users\install\Documents\????? Mail.Ru ??????) -- C:\Users\install\Documents\Файлы Mail.Ru Агента [2011.07.29 03:48:14 | 000,000,084 | ---- | M] ()(C:\Users\install\Desktop\?Gnomus - Värgtimmen?? - YouTube.URL) -- C:\Users\install\Desktop\Gnomus - Värgtimmen - YouTube.URL [2011.07.29 03:48:14 | 000,000,084 | ---- | C] ()(C:\Users\install\Desktop\?Gnomus - Värgtimmen?? - YouTube.URL) -- C:\Users\install\Desktop\Gnomus - Värgtimmen - YouTube.URL < End of report > Geändert von webcollector (30.03.2012 um 14:01 Uhr) |
|
30.03.2012, 15:22
| #2 |
| /// Malware-holic   | UKash Windows Security Trojaner hi
__________________naja, mit einfach löschen ists eben niemals getan. dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [vasja] C:\Users\install\AppData\Local\Temp\mor.exe (fbnF)
:Files
C:\Users\install\AppData\Local\Temp\mor.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ |
|
30.03.2012, 15:59
| #3 |
| | UKash Windows Security Trojaner Ihr Jungs seit schon Cracks hier
__________________ hab alles durchgeführt und alles geklappt, hier ist noch der Script nach dem Reboot. Upload lief auch unproblematisch. Super schnelle Antworten und Starke Lesitung! All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\vasja deleted successfully. C:\Users\install\AppData\Local\Temp\mor.exe moved successfully. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 41620 bytes User: Default User ->Flash cache emptied: 0 bytes User: install ->Flash cache emptied: 36608 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: install ->Temp folder emptied: 594517549 bytes ->Temporary Internet Files folder emptied: 62113070 bytes ->Java cache emptied: 2814635 bytes ->FireFox cache emptied: 670641587 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6696965 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46374304 bytes RecycleBin emptied: 584889133 bytes Total Files Cleaned = 1.877,00 mb OTL by OldTimer - Version 3.2.39.2 log created on 03302012_164445 Files\Folders moved on Reboot... C:\Users\install\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
30.03.2012, 16:31
| #4 | |
| /// Malware-holic | UKash Windows Security Trojaner danke für die netten worte :-) fertig sind wir aber noch nicht. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.03.2012, 14:00
| #5 |
| | UKash Windows Security Trojaner hab die Anweisungen soweit durchgeführt und hier ist die ComboFix.TXT Wurde der Rechner jetzt soweit gereinigt? Combofix Logfile: Code:
ATTFilter ComboFix 12-03-31.02 - install 31.03.2012 14:43:32.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4091.2856 [GMT 2:00]
ausgeführt von:: c:\users\install\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\install\AppData\Roaming\Microsoft\Windows\Cookies\isindex.dat
E:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-28 bis 2012-03-31 ))))))))))))))))))))))))))))))
.
.
2012-03-31 12:48 . 2012-03-31 12:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-30 14:44 . 2012-03-30 14:53 -------- d-----w- C:\_OTL
2012-03-30 10:40 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16143528-B3E3-4164-9BBE-34D8ABCAEEA8}\mpengine.dll
2012-03-22 19:34 . 2012-03-22 19:34 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-03-22 19:33 . 2012-03-22 19:33 -------- d-----w- c:\windows\PCHEALTH
2012-03-22 19:33 . 2012-03-22 19:33 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-18 15:42 . 2012-03-18 15:52 -------- d-----w- c:\users\install\AppData\Roaming\DeepBurner
2012-03-14 15:04 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 15:04 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:04 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-10 18:56 . 2012-03-10 18:56 -------- d-----w- c:\programdata\AVSVideoBurner
2012-03-10 18:44 . 2007-02-27 17:36 974848 ----a-w- c:\windows\SysWow64\mfc70.dll
2012-03-10 18:44 . 2007-02-27 17:36 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2012-03-10 18:44 . 2007-02-27 17:36 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-03-10 14:40 . 2012-03-10 14:40 -------- d-----w- c:\users\install\AppData\Roaming\AVS4YOU
2012-03-10 14:39 . 2012-03-10 18:45 -------- d-----w- c:\program files (x86)\AVS4YOU
2012-03-10 14:39 . 2012-03-10 18:45 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2012-03-10 14:38 . 2012-03-10 14:40 -------- d-----w- c:\programdata\AVS4YOU
2012-03-10 14:38 . 2011-08-22 15:32 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-03-10 12:40 . 2012-03-10 12:40 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-03-10 12:40 . 2012-03-10 12:40 -------- d-----w- c:\windows\system32\wbem\en-US
2012-03-10 00:33 . 2012-03-10 00:33 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-03-09 21:33 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-03-09 21:33 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-03-09 21:27 . 2012-03-09 21:27 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2012-03-09 21:26 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-03-09 21:26 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-03-09 21:26 . 2009-11-25 11:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-03-09 21:26 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-03-09 21:26 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-03-09 21:26 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-03-09 21:26 . 2009-11-25 11:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-03-09 21:26 . 2009-11-25 11:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-03-09 21:26 . 2009-11-25 11:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-03-09 21:26 . 2009-11-25 11:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-03-09 21:26 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-03-09 21:08 . 2011-11-17 07:10 340992 ----a-w- c:\windows\system32\schannel.dll
2012-03-09 21:07 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2012-03-09 21:02 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-09 21:01 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-03-09 21:00 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2012-03-09 21:00 . 2010-03-05 07:42 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2012-03-09 21:00 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-03-09 21:00 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-03-09 21:00 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-09 21:00 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-09 21:00 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-09 20:58 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-03-09 20:57 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-09 20:57 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-09 20:57 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-03-09 20:57 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-03-09 20:29 . 2012-03-09 20:29 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-03-09 15:15 . 2012-03-09 15:15 -------- d-----w- c:\users\install\AppData\Local\Diagnostics
2012-03-03 16:36 . 2012-03-03 16:36 -------- d-----w- c:\users\install\AppData\Roaming\Ubisoft
2012-03-03 16:36 . 2012-03-03 16:36 -------- d-----w- c:\programdata\Ubisoft
2012-03-03 16:31 . 2007-05-16 15:45 4496232 ----a-w- c:\windows\system32\d3dx9_34.dll
2012-03-03 14:22 . 2012-03-03 14:22 -------- d-----w- c:\programdata\Solidshield
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2011-07-25 22:05 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9BFBA68E-E21B-458E-AE12-FE85E903D2C1}]
2011-06-08 17:04 282656 ----a-w- c:\program files (x86)\AlterGeo\AlterGeo Magic Scanner\3.3.2.779\AlterGeo.BrowserPlugin.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-26 3077528]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-07-26 438272]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"DAEMON Tools Lite"="e:\daemon tools lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"avgnt"="e:\avira\AntiVir Desktop\avgnt.exe" [2011-07-25 281768]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"MAgent"="e:\mailagent\MAgent.exe" [2011-07-25 13233856]
"Guard.Mail.ru.gui"="c:\program files (x86)\Mail.Ru\Guard\GuardMailRu.exe" [2011-12-11 1768144]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"LWS"="e:\logitech webcam\LWS\Webcam Software\LWS.exe" [2011-03-01 190808]
.
c:\users\install\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\install\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MAUSBFASTTRACKPRO;Service for M-Audio FastTrack Pro;c:\windows\system32\DRIVERS\MAudioFastTrackPro.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;e:\avira\AntiVir Desktop\sched.exe [2011-07-25 136360]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Mail.Ru\Guard\GuardMailRu.exe [2011-12-11 1768144]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 565928]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-03-04 428640]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\install\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-22 8116256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"lxbkbmgr.exe"="c:\program files (x86)\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &??????? ? Microsoft Excel - e:\office\OFFICE11\EXCEL.EXE/3000
IE: {{7558B7E5-7B26-4201-BEDB-00D5FF534523} - e:\mailagent\magent.exe
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - e:\icq7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\install\AppData\Roaming\Mozilla\Firefox\Profiles\71zsfnsc.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-MediaGet2 - c:\users\install\AppData\Local\MediaGet2\mediaget.exe
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-Digitale Bibliothek 5 - e:\digitale bibliothek 5\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\!-*]
"7040110900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
e:\avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Lexmark X1100 Series\lxbkbmon.exe
c:\nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-31 14:54:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-31 12:54
.
Vor Suchlauf: 14 Verzeichnis(se), 16.716.795.904 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 16.570.363.904 Bytes frei
.
- - End Of File - - 1E23405E6EA629DE53DBD92F88F62EF8
|
|
31.03.2012, 15:40
| #6 |
| /// Malware-holic | UKash Windows Security Trojaner wir haben noch n bissel zu tun. nutze den tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html bitte bei funden skip wählen, erstmal nichts entfernen, log posten.
__________________ --> UKash Windows Security Trojaner |
|
01.04.2012, 13:54
| #7 |
| | UKash Windows Security Trojaner hab das tool 2 mal durchlaufen lassen, gabs aber keinen fund, hier ist der report 14:47:34.0249 0732 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18 14:47:34.0802 0732 ============================================================ 14:47:34.0802 0732 Current date / time: 2012/04/01 14:47:34.0802 14:47:34.0802 0732 SystemInfo: 14:47:34.0802 0732 14:47:34.0802 0732 OS Version: 6.1.7600 ServicePack: 0.0 14:47:34.0802 0732 Product type: Workstation 14:47:34.0802 0732 ComputerName: PC 14:47:34.0802 0732 UserName: install 14:47:34.0802 0732 Windows directory: C:\Windows 14:47:34.0802 0732 System windows directory: C:\Windows 14:47:34.0802 0732 Running under WOW64 14:47:34.0802 0732 Processor architecture: Intel x64 14:47:34.0802 0732 Number of processors: 4 14:47:34.0802 0732 Page size: 0x1000 14:47:34.0802 0732 Boot type: Normal boot 14:47:34.0802 0732 ============================================================ 14:47:36.0022 0732 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 14:47:36.0025 0732 \Device\Harddisk0\DR0: 14:47:36.0025 0732 MBR used 14:47:36.0030 0732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800, BlocksNum 0x270F800 14:47:36.0045 0732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2711800, BlocksNum 0x31AC6800 14:47:36.0045 0732 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x341D8800, BlocksNum 0x61A8580 14:47:36.0158 0732 Initialize success 14:47:36.0158 0732 ============================================================ 14:47:42.0485 4872 ============================================================ 14:47:42.0485 4872 Scan started 14:47:42.0485 4872 Mode: Manual; 14:47:42.0485 4872 ============================================================ 14:47:43.0558 4872 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 14:47:43.0571 4872 1394ohci - ok 14:47:43.0604 4872 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 14:47:43.0608 4872 ACPI - ok 14:47:43.0629 4872 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 14:47:43.0634 4872 AcpiPmi - ok 14:47:43.0674 4872 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 14:47:43.0689 4872 adp94xx - ok 14:47:43.0722 4872 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 14:47:43.0735 4872 adpahci - ok 14:47:43.0755 4872 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 14:47:43.0764 4872 adpu320 - ok 14:47:43.0816 4872 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 14:47:43.0817 4872 AeLookupSvc - ok 14:47:43.0881 4872 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 14:47:43.0887 4872 AFD - ok 14:47:43.0906 4872 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 14:47:43.0912 4872 agp440 - ok 14:47:43.0941 4872 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 14:47:43.0949 4872 ALG - ok 14:47:43.0977 4872 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 14:47:43.0982 4872 aliide - ok 14:47:44.0038 4872 AMD External Events Utility (c4c88cd854b28fc85495c841a0f6a069) C:\Windows\system32\atiesrxx.exe 14:47:44.0040 4872 AMD External Events Utility - ok 14:47:44.0057 4872 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 14:47:44.0062 4872 amdide - ok 14:47:44.0082 4872 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 14:47:44.0090 4872 AmdK8 - ok 14:47:44.0272 4872 amdkmdag (1147f8816d4ddc9fc43a40df52f40500) C:\Windows\system32\DRIVERS\atipmdag.sys 14:47:44.0506 4872 amdkmdag - ok 14:47:44.0549 4872 amdkmdap (ebc963d8f5b04c98f5ef597aae79cddd) C:\Windows\system32\DRIVERS\atikmpag.sys 14:47:44.0555 4872 amdkmdap - ok 14:47:44.0564 4872 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 14:47:44.0572 4872 AmdPPM - ok 14:47:44.0592 4872 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 14:47:44.0599 4872 amdsata - ok 14:47:44.0627 4872 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 14:47:44.0636 4872 amdsbs - ok 14:47:44.0660 4872 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 14:47:44.0660 4872 amdxata - ok 14:47:44.0763 4872 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) E:\Avira\AntiVir Desktop\sched.exe 14:47:44.0765 4872 AntiVirSchedulerService - ok 14:47:44.0971 4872 AntiVirService (72d90e56563165984224493069c69ed4) E:\Avira\AntiVir Desktop\avguard.exe 14:47:44.0973 4872 AntiVirService - ok 14:47:45.0100 4872 AppHostSvc (03fbb7c5ea4ef153f10282614b9771cb) C:\Windows\system32\inetsrv\apphostsvc.dll 14:47:45.0106 4872 AppHostSvc - ok 14:47:45.0141 4872 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 14:47:45.0146 4872 AppID - ok 14:47:45.0187 4872 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 14:47:45.0192 4872 AppIDSvc - ok 14:47:45.0217 4872 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 14:47:45.0218 4872 Appinfo - ok 14:47:45.0274 4872 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 14:47:45.0284 4872 AppMgmt - ok 14:47:45.0302 4872 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 14:47:45.0309 4872 arc - ok 14:47:45.0332 4872 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 14:47:45.0339 4872 arcsas - ok 14:47:45.0378 4872 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 14:47:45.0379 4872 AsyncMac - ok 14:47:45.0396 4872 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 14:47:45.0396 4872 atapi - ok 14:47:45.0474 4872 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys 14:47:45.0482 4872 AtiHdmiService - ok 14:47:45.0523 4872 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 14:47:45.0531 4872 AudioEndpointBuilder - ok 14:47:45.0545 4872 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 14:47:45.0551 4872 AudioSrv - ok 14:47:45.0586 4872 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys 14:47:45.0587 4872 avgntflt - ok 14:47:45.0627 4872 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys 14:47:45.0636 4872 avipbb - ok 14:47:45.0710 4872 AVM WLAN Connection Service (c6f4c466b654c1be98af31418bb5ac30) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe 14:47:45.0713 4872 AVM WLAN Connection Service - ok 14:47:45.0736 4872 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys 14:47:45.0741 4872 avmeject - ok 14:47:45.0762 4872 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 14:47:45.0770 4872 AxInstSV - ok 14:47:45.0798 4872 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 14:47:45.0814 4872 b06bdrv - ok 14:47:45.0843 4872 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 14:47:45.0855 4872 b57nd60a - ok 14:47:45.0902 4872 BCUService (f29d375926e36e3a56af4805c7749302) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe 14:47:45.0904 4872 BCUService - ok 14:47:45.0932 4872 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 14:47:45.0941 4872 BDESVC - ok 14:47:45.0958 4872 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 14:47:45.0961 4872 Beep - ok 14:47:46.0011 4872 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 14:47:46.0020 4872 BFE - ok 14:47:46.0084 4872 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll 14:47:46.0097 4872 BITS - ok 14:47:46.0122 4872 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 14:47:46.0128 4872 blbdrive - ok 14:47:46.0180 4872 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 14:47:46.0181 4872 bowser - ok 14:47:46.0198 4872 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:47:46.0201 4872 BrFiltLo - ok 14:47:46.0225 4872 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:47:46.0228 4872 BrFiltUp - ok 14:47:46.0290 4872 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 14:47:46.0298 4872 BridgeMP - ok 14:47:46.0325 4872 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 14:47:46.0327 4872 Browser - ok 14:47:46.0357 4872 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 14:47:46.0371 4872 Brserid - ok 14:47:46.0395 4872 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 14:47:46.0401 4872 BrSerWdm - ok 14:47:46.0411 4872 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:47:46.0415 4872 BrUsbMdm - ok 14:47:46.0425 4872 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 14:47:46.0428 4872 BrUsbSer - ok 14:47:46.0449 4872 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 14:47:46.0456 4872 BTHMODEM - ok 14:47:46.0485 4872 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 14:47:46.0493 4872 bthserv - ok 14:47:46.0516 4872 catchme - ok 14:47:46.0541 4872 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 14:47:46.0548 4872 cdfs - ok 14:47:46.0576 4872 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 14:47:46.0586 4872 cdrom - ok 14:47:46.0633 4872 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 14:47:46.0634 4872 CertPropSvc - ok 14:47:46.0645 4872 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 14:47:46.0652 4872 circlass - ok 14:47:46.0682 4872 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 14:47:46.0687 4872 CLFS - ok 14:47:46.0745 4872 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:47:46.0755 4872 clr_optimization_v2.0.50727_32 - ok 14:47:46.0797 4872 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:47:46.0806 4872 clr_optimization_v2.0.50727_64 - ok 14:47:46.0834 4872 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 14:47:46.0837 4872 CmBatt - ok 14:47:46.0863 4872 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 14:47:46.0868 4872 cmdide - ok 14:47:46.0927 4872 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 14:47:46.0933 4872 CNG - ok 14:47:46.0951 4872 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 14:47:46.0957 4872 Compbatt - ok 14:47:46.0992 4872 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 14:47:46.0999 4872 CompositeBus - ok 14:47:47.0008 4872 COMSysApp - ok 14:47:47.0020 4872 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 14:47:47.0025 4872 crcdisk - ok 14:47:47.0064 4872 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll 14:47:47.0066 4872 CryptSvc - ok 14:47:47.0108 4872 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 14:47:47.0125 4872 CSC - ok 14:47:47.0168 4872 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll 14:47:47.0178 4872 CscService - ok 14:47:47.0226 4872 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 14:47:47.0234 4872 DcomLaunch - ok 14:47:47.0261 4872 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 14:47:47.0275 4872 defragsvc - ok 14:47:47.0315 4872 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 14:47:47.0316 4872 DfsC - ok 14:47:47.0339 4872 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 14:47:47.0344 4872 Dhcp - ok 14:47:47.0362 4872 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 14:47:47.0362 4872 discache - ok 14:47:47.0406 4872 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 14:47:47.0407 4872 Disk - ok 14:47:47.0452 4872 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 14:47:47.0455 4872 Dnscache - ok 14:47:47.0483 4872 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 14:47:47.0496 4872 dot3svc - ok 14:47:47.0514 4872 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 14:47:47.0516 4872 DPS - ok 14:47:47.0555 4872 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 14:47:47.0558 4872 drmkaud - ok 14:47:47.0629 4872 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 14:47:47.0632 4872 dtsoftbus01 - ok 14:47:47.0693 4872 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 14:47:47.0716 4872 DXGKrnl - ok 14:47:47.0734 4872 EagleX64 - ok 14:47:47.0769 4872 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 14:47:47.0771 4872 EapHost - ok 14:47:47.0880 4872 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 14:47:47.0987 4872 ebdrv - ok 14:47:48.0069 4872 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 14:47:48.0071 4872 EFS - ok 14:47:48.0131 4872 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe 14:47:48.0154 4872 ehRecvr - ok 14:47:48.0167 4872 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 14:47:48.0178 4872 ehSched - ok 14:47:48.0225 4872 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 14:47:48.0241 4872 elxstor - ok 14:47:48.0258 4872 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 14:47:48.0263 4872 ErrDev - ok 14:47:48.0326 4872 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 14:47:48.0332 4872 EventSystem - ok 14:47:48.0371 4872 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 14:47:48.0381 4872 exfat - ok 14:47:48.0407 4872 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 14:47:48.0410 4872 fastfat - ok 14:47:48.0472 4872 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 14:47:48.0482 4872 Fax - ok 14:47:48.0507 4872 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 14:47:48.0512 4872 fdc - ok 14:47:48.0553 4872 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 14:47:48.0558 4872 fdPHost - ok 14:47:48.0567 4872 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 14:47:48.0575 4872 FDResPub - ok 14:47:48.0600 4872 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 14:47:48.0601 4872 FileInfo - ok 14:47:48.0623 4872 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 14:47:48.0628 4872 Filetrace - ok 14:47:48.0645 4872 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 14:47:48.0649 4872 flpydisk - ok 14:47:48.0678 4872 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 14:47:48.0681 4872 FltMgr - ok 14:47:48.0761 4872 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll 14:47:48.0777 4872 FontCache - ok 14:47:48.0826 4872 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:47:48.0833 4872 FontCache3.0.0.0 - ok 14:47:48.0857 4872 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 14:47:48.0864 4872 FsDepends - ok 14:47:48.0877 4872 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 14:47:48.0883 4872 Fs_Rec - ok 14:47:48.0913 4872 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys 14:47:48.0916 4872 fvevol - ok 14:47:48.0983 4872 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys 14:47:48.0989 4872 FWLANUSB - ok 14:47:49.0027 4872 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 14:47:49.0034 4872 gagp30kx - ok 14:47:49.0037 4872 gdrv - ok 14:47:49.0099 4872 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 14:47:49.0109 4872 gpsvc - ok 14:47:49.0236 4872 Guard.Mail.ru (bc0c334ccbcf5248d70619b40793fc38) C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe 14:47:49.0263 4872 Guard.Mail.ru - ok 14:47:49.0329 4872 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 14:47:49.0336 4872 hcw85cir - ok 14:47:49.0392 4872 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 14:47:49.0408 4872 HdAudAddService - ok 14:47:49.0451 4872 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 14:47:49.0452 4872 HDAudBus - ok 14:47:49.0478 4872 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 14:47:49.0483 4872 HidBatt - ok 14:47:49.0505 4872 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 14:47:49.0512 4872 HidBth - ok 14:47:49.0554 4872 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 14:47:49.0560 4872 HidIr - ok 14:47:49.0583 4872 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 14:47:49.0584 4872 hidserv - ok 14:47:49.0594 4872 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 14:47:49.0599 4872 HidUsb - ok 14:47:49.0616 4872 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 14:47:49.0618 4872 hkmsvc - ok 14:47:49.0644 4872 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 14:47:49.0658 4872 HomeGroupListener - ok 14:47:49.0697 4872 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 14:47:49.0701 4872 HomeGroupProvider - ok 14:47:49.0761 4872 hotcore3 (5e626ea93c77825c56e6fbc2fd5e5de5) C:\Windows\system32\DRIVERS\hotcore3.sys 14:47:49.0761 4872 hotcore3 - ok 14:47:49.0793 4872 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 14:47:49.0801 4872 HpSAMD - ok 14:47:49.0859 4872 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 14:47:49.0868 4872 HTTP - ok 14:47:49.0890 4872 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 14:47:49.0891 4872 hwpolicy - ok 14:47:49.0918 4872 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 14:47:49.0927 4872 i8042prt - ok 14:47:49.0961 4872 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 14:47:49.0974 4872 iaStorV - ok 14:47:50.0112 4872 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:47:50.0165 4872 idsvc - ok 14:47:50.0182 4872 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 14:47:50.0187 4872 iirsp - ok 14:47:50.0243 4872 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 14:47:50.0255 4872 IKEEXT - ok 14:47:50.0358 4872 IntcAzAudAddService (f6b3b107ecc1a94e7a8245b008b9e613) C:\Windows\system32\drivers\RTKVHD64.sys 14:47:50.0423 4872 IntcAzAudAddService - ok 14:47:50.0443 4872 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 14:47:50.0449 4872 intelide - ok 14:47:50.0483 4872 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 14:47:50.0484 4872 intelppm - ok 14:47:50.0515 4872 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 14:47:50.0524 4872 IPBusEnum - ok 14:47:50.0551 4872 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:47:50.0559 4872 IpFilterDriver - ok 14:47:50.0636 4872 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 14:47:50.0644 4872 iphlpsvc - ok 14:47:50.0655 4872 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 14:47:50.0663 4872 IPMIDRV - ok 14:47:50.0688 4872 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 14:47:50.0696 4872 IPNAT - ok 14:47:50.0739 4872 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 14:47:50.0744 4872 IRENUM - ok 14:47:50.0769 4872 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 14:47:50.0775 4872 isapnp - ok 14:47:50.0802 4872 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 14:47:50.0815 4872 iScsiPrt - ok 14:47:50.0835 4872 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 14:47:50.0842 4872 kbdclass - ok 14:47:50.0862 4872 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 14:47:50.0867 4872 kbdhid - ok 14:47:50.0937 4872 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:47:50.0939 4872 KeyIso - ok 14:47:50.0962 4872 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 14:47:50.0963 4872 KSecDD - ok 14:47:50.0985 4872 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 14:47:50.0987 4872 KSecPkg - ok 14:47:51.0000 4872 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 14:47:51.0005 4872 ksthunk - ok 14:47:51.0034 4872 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 14:47:51.0051 4872 KtmRm - ok 14:47:51.0099 4872 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll 14:47:51.0103 4872 LanmanServer - ok 14:47:51.0143 4872 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 14:47:51.0146 4872 LanmanWorkstation - ok 14:47:51.0183 4872 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 14:47:51.0190 4872 lltdio - ok 14:47:51.0214 4872 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 14:47:51.0227 4872 lltdsvc - ok 14:47:51.0237 4872 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 14:47:51.0243 4872 lmhosts - ok 14:47:51.0291 4872 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 14:47:51.0299 4872 LSI_FC - ok 14:47:51.0318 4872 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 14:47:51.0326 4872 LSI_SAS - ok 14:47:51.0344 4872 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:47:51.0351 4872 LSI_SAS2 - ok 14:47:51.0374 4872 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:47:51.0382 4872 LSI_SCSI - ok 14:47:51.0407 4872 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 14:47:51.0408 4872 luafv - ok 14:47:51.0473 4872 LVRS64 (8bb169810c66b32364886a8751325181) C:\Windows\system32\DRIVERS\lvrs64.sys 14:47:51.0486 4872 LVRS64 - ok 14:47:51.0627 4872 LVUVC64 (d49858fb1432a0601fce2a9e452d6bc9) C:\Windows\system32\DRIVERS\lvuvc64.sys 14:47:51.0761 4872 LVUVC64 - ok 14:47:51.0770 4872 lxbk_device - ok 14:47:51.0851 4872 MAUSBFASTTRACKPRO (066991e50a5cbbeefb2ec6880069cdb5) C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys 14:47:51.0862 4872 MAUSBFASTTRACKPRO - ok 14:47:51.0898 4872 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 14:47:51.0907 4872 Mcx2Svc - ok 14:47:51.0995 4872 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 14:47:51.0998 4872 MDM - ok 14:47:52.0030 4872 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 14:47:52.0036 4872 megasas - ok 14:47:52.0078 4872 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 14:47:52.0089 4872 MegaSR - ok 14:47:52.0120 4872 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:47:52.0123 4872 MMCSS - ok 14:47:52.0150 4872 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 14:47:52.0156 4872 Modem - ok 14:47:52.0166 4872 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 14:47:52.0166 4872 monitor - ok 14:47:52.0194 4872 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 14:47:52.0201 4872 mouclass - ok 14:47:52.0218 4872 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 14:47:52.0223 4872 mouhid - ok 14:47:52.0288 4872 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 14:47:52.0289 4872 mountmgr - ok 14:47:52.0322 4872 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 14:47:52.0334 4872 mpio - ok 14:47:52.0361 4872 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 14:47:52.0368 4872 mpsdrv - ok 14:47:52.0410 4872 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 14:47:52.0421 4872 MpsSvc - ok 14:47:52.0446 4872 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 14:47:52.0455 4872 MRxDAV - ok 14:47:52.0485 4872 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:47:52.0487 4872 mrxsmb - ok 14:47:52.0541 4872 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:47:52.0545 4872 mrxsmb10 - ok 14:47:52.0589 4872 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:47:52.0590 4872 mrxsmb20 - ok 14:47:52.0615 4872 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 14:47:52.0621 4872 msahci - ok 14:47:52.0644 4872 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 14:47:52.0653 4872 msdsm - ok 14:47:52.0681 4872 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 14:47:52.0693 4872 MSDTC - ok 14:47:52.0716 4872 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 14:47:52.0717 4872 Msfs - ok 14:47:52.0729 4872 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 14:47:52.0732 4872 mshidkmdf - ok 14:47:52.0748 4872 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 14:47:52.0749 4872 msisadrv - ok 14:47:52.0777 4872 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 14:47:52.0787 4872 MSiSCSI - ok 14:47:52.0795 4872 msiserver - ok 14:47:52.0831 4872 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 14:47:52.0835 4872 MSKSSRV - ok 14:47:52.0886 4872 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 14:47:52.0889 4872 MSPCLOCK - ok 14:47:52.0910 4872 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 14:47:52.0913 4872 MSPQM - ok 14:47:52.0946 4872 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 14:47:52.0950 4872 MsRPC - ok 14:47:52.0970 4872 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 14:47:52.0971 4872 mssmbios - ok 14:47:52.0989 4872 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 14:47:52.0992 4872 MSTEE - ok 14:47:53.0013 4872 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 14:47:53.0017 4872 MTConfig - ok 14:47:53.0039 4872 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 14:47:53.0040 4872 Mup - ok 14:47:53.0074 4872 mv91cons (6af2640b5d7202fa0d96467318d4592e) C:\Windows\system32\DRIVERS\mv91cons.sys 14:47:53.0075 4872 mv91cons - ok 14:47:53.0118 4872 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 14:47:53.0126 4872 napagent - ok 14:47:53.0172 4872 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 14:47:53.0186 4872 NativeWifiP - ok 14:47:53.0233 4872 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 14:47:53.0245 4872 NDIS - ok 14:47:53.0269 4872 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 14:47:53.0275 4872 NdisCap - ok 14:47:53.0317 4872 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 14:47:53.0322 4872 NdisTapi - ok 14:47:53.0362 4872 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 14:47:53.0368 4872 Ndisuio - ok 14:47:53.0386 4872 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 14:47:53.0396 4872 NdisWan - ok 14:47:53.0415 4872 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 14:47:53.0421 4872 NDProxy - ok 14:47:53.0432 4872 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 14:47:53.0433 4872 NetBIOS - ok 14:47:53.0457 4872 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 14:47:53.0460 4872 NetBT - ok 14:47:53.0506 4872 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:47:53.0507 4872 Netlogon - ok 14:47:53.0544 4872 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 14:47:53.0550 4872 Netman - ok 14:47:53.0579 4872 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 14:47:53.0586 4872 netprofm - ok 14:47:53.0673 4872 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:47:53.0684 4872 NetTcpPortSharing - ok 14:47:53.0722 4872 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 14:47:53.0729 4872 nfrd960 - ok 14:47:53.0992 4872 NIHardwareService (0bcb418c2906852c6f9347a258fd5711) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe 14:47:54.0115 4872 NIHardwareService - ok 14:47:54.0139 4872 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 14:47:54.0142 4872 NlaSvc - ok 14:47:54.0165 4872 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 14:47:54.0166 4872 Npfs - ok 14:47:54.0188 4872 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 14:47:54.0189 4872 nsi - ok 14:47:54.0202 4872 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 14:47:54.0203 4872 nsiproxy - ok 14:47:54.0257 4872 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 14:47:54.0278 4872 Ntfs - ok 14:47:54.0298 4872 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 14:47:54.0300 4872 Null - ok 14:47:54.0344 4872 nusb3hub (a61b0af4d6b934928cfd1140deea5c8d) C:\Windows\system32\DRIVERS\nusb3hub.sys 14:47:54.0351 4872 nusb3hub - ok 14:47:54.0398 4872 nusb3xhc (fa4b2f20561bdbcc6b9ac3e3bdcd7e3f) C:\Windows\system32\DRIVERS\nusb3xhc.sys 14:47:54.0407 4872 nusb3xhc - ok 14:47:54.0449 4872 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 14:47:54.0457 4872 nvraid - ok 14:47:54.0480 4872 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 14:47:54.0489 4872 nvstor - ok 14:47:54.0522 4872 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 14:47:54.0531 4872 nv_agp - ok 14:47:54.0556 4872 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 14:47:54.0563 4872 ohci1394 - ok 14:47:54.0653 4872 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:47:54.0663 4872 ose - ok 14:47:54.0688 4872 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:47:54.0694 4872 p2pimsvc - ok 14:47:54.0728 4872 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 14:47:54.0744 4872 p2psvc - ok 14:47:54.0766 4872 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 14:47:54.0774 4872 Parport - ok 14:47:54.0790 4872 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 14:47:54.0791 4872 partmgr - ok 14:47:54.0815 4872 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 14:47:54.0819 4872 PcaSvc - ok 14:47:54.0842 4872 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 14:47:54.0844 4872 pci - ok 14:47:54.0862 4872 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 14:47:54.0862 4872 pciide - ok 14:47:54.0886 4872 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 14:47:54.0897 4872 pcmcia - ok 14:47:54.0925 4872 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 14:47:54.0926 4872 pcw - ok 14:47:54.0955 4872 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 14:47:54.0979 4872 PEAUTH - ok 14:47:55.0055 4872 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 14:47:55.0074 4872 PeerDistSvc - ok 14:47:55.0116 4872 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 14:47:55.0123 4872 PerfHost - ok 14:47:55.0190 4872 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 14:47:55.0242 4872 pla - ok 14:47:55.0327 4872 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 14:47:55.0334 4872 PlugPlay - ok 14:47:55.0359 4872 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 14:47:55.0367 4872 PNRPAutoReg - ok 14:47:55.0396 4872 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:47:55.0401 4872 PNRPsvc - ok 14:47:55.0457 4872 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 14:47:55.0475 4872 PolicyAgent - ok 14:47:55.0518 4872 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 14:47:55.0522 4872 Power - ok 14:47:55.0565 4872 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 14:47:55.0574 4872 PptpMiniport - ok 14:47:55.0601 4872 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 14:47:55.0609 4872 Processor - ok 14:47:55.0639 4872 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll 14:47:55.0643 4872 ProfSvc - ok 14:47:55.0689 4872 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:47:55.0691 4872 ProtectedStorage - ok 14:47:55.0719 4872 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 14:47:55.0721 4872 Psched - ok 14:47:55.0803 4872 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 14:47:55.0861 4872 ql2300 - ok 14:47:55.0882 4872 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 14:47:55.0891 4872 ql40xx - ok 14:47:55.0914 4872 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 14:47:55.0924 4872 QWAVE - ok 14:47:55.0948 4872 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 14:47:55.0952 4872 QWAVEdrv - ok 14:47:55.0976 4872 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 14:47:55.0979 4872 RasAcd - ok 14:47:56.0017 4872 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:47:56.0021 4872 RasAgileVpn - ok 14:47:56.0031 4872 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 14:47:56.0037 4872 RasAuto - ok 14:47:56.0058 4872 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:47:56.0064 4872 Rasl2tp - ok 14:47:56.0105 4872 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 14:47:56.0116 4872 RasMan - ok 14:47:56.0138 4872 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 14:47:56.0144 4872 RasPppoe - ok 14:47:56.0168 4872 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 14:47:56.0173 4872 RasSstp - ok 14:47:56.0184 4872 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 14:47:56.0187 4872 rdbss - ok 14:47:56.0200 4872 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 14:47:56.0204 4872 rdpbus - ok 14:47:56.0230 4872 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:47:56.0231 4872 RDPCDD - ok 14:47:56.0269 4872 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 14:47:56.0275 4872 RDPDR - ok 14:47:56.0300 4872 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 14:47:56.0301 4872 RDPENCDD - ok 14:47:56.0319 4872 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 14:47:56.0319 4872 RDPREFMP - ok 14:47:56.0352 4872 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys 14:47:56.0361 4872 RDPWD - ok 14:47:56.0392 4872 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 14:47:56.0394 4872 rdyboost - ok 14:47:56.0419 4872 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 14:47:56.0428 4872 RemoteAccess - ok 14:47:56.0456 4872 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 14:47:56.0468 4872 RemoteRegistry - ok 14:47:56.0494 4872 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 14:47:56.0497 4872 RpcEptMapper - ok 14:47:56.0521 4872 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 14:47:56.0526 4872 RpcLocator - ok 14:47:56.0563 4872 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 14:47:56.0569 4872 RpcSs - ok 14:47:56.0594 4872 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 14:47:56.0602 4872 rspndr - ok 14:47:56.0662 4872 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys 14:47:56.0671 4872 RTL8167 - ok 14:47:56.0706 4872 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 14:47:56.0710 4872 s3cap - ok 14:47:56.0757 4872 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:47:56.0759 4872 SamSs - ok 14:47:56.0779 4872 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 14:47:56.0788 4872 sbp2port - ok 14:47:56.0811 4872 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 14:47:56.0822 4872 SCardSvr - ok 14:47:56.0844 4872 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 14:47:56.0850 4872 scfilter - ok 14:47:56.0917 4872 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 14:47:56.0931 4872 Schedule - ok 14:47:56.0965 4872 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 14:47:56.0966 4872 SCPolicySvc - ok 14:47:56.0988 4872 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 14:47:57.0002 4872 SDRSVC - ok 14:47:57.0017 4872 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 14:47:57.0020 4872 seclogon - ok 14:47:57.0062 4872 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 14:47:57.0065 4872 SENS - ok 14:47:57.0085 4872 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 14:47:57.0091 4872 SensrSvc - ok 14:47:57.0106 4872 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 14:47:57.0110 4872 Serenum - ok 14:47:57.0161 4872 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 14:47:57.0169 4872 Serial - ok 14:47:57.0208 4872 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 14:47:57.0212 4872 sermouse - ok 14:47:57.0239 4872 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 14:47:57.0242 4872 SessionEnv - ok 14:47:57.0268 4872 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 14:47:57.0271 4872 sffdisk - ok 14:47:57.0281 4872 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 14:47:57.0286 4872 sffp_mmc - ok 14:47:57.0310 4872 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 14:47:57.0314 4872 sffp_sd - ok 14:47:57.0323 4872 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 14:47:57.0326 4872 sfloppy - ok 14:47:57.0360 4872 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 14:47:57.0364 4872 SharedAccess - ok 14:47:57.0394 4872 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 14:47:57.0398 4872 ShellHWDetection - ok 14:47:57.0419 4872 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:47:57.0425 4872 SiSRaid2 - ok 14:47:57.0442 4872 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 14:47:57.0448 4872 SiSRaid4 - ok 14:47:57.0463 4872 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 14:47:57.0470 4872 Smb - ok 14:47:57.0514 4872 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 14:47:57.0519 4872 SNMPTRAP - ok 14:47:57.0538 4872 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 14:47:57.0539 4872 spldr - ok 14:47:57.0591 4872 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 14:47:57.0598 4872 Spooler - ok 14:47:57.0705 4872 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 14:47:57.0793 4872 sppsvc - ok 14:47:57.0824 4872 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 14:47:57.0833 4872 sppuinotify - ok 14:47:57.0890 4872 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 14:47:57.0896 4872 srv - ok 14:47:57.0920 4872 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 14:47:57.0925 4872 srv2 - ok 14:47:57.0961 4872 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 14:47:57.0963 4872 srvnet - ok 14:47:58.0003 4872 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 14:47:58.0007 4872 SSDPSRV - ok 14:47:58.0032 4872 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 14:47:58.0042 4872 SstpSvc - ok 14:47:58.0063 4872 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 14:47:58.0069 4872 stexstor - ok 14:47:58.0105 4872 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 14:47:58.0114 4872 stisvc - ok 14:47:58.0145 4872 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 14:47:58.0146 4872 storflt - ok 14:47:58.0171 4872 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 14:47:58.0178 4872 StorSvc - ok 14:47:58.0196 4872 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 14:47:58.0202 4872 storvsc - ok 14:47:58.0225 4872 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 14:47:58.0230 4872 swenum - ok 14:47:58.0403 4872 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 14:47:58.0408 4872 SwitchBoard - ok 14:47:58.0453 4872 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 14:47:58.0462 4872 swprv - ok 14:47:58.0527 4872 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 14:47:58.0557 4872 SysMain - ok 14:47:58.0582 4872 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 14:47:58.0592 4872 TabletInputService - ok 14:47:58.0618 4872 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 14:47:58.0634 4872 TapiSrv - ok 14:47:58.0648 4872 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 14:47:58.0651 4872 TBS - ok 14:47:58.0744 4872 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys 14:47:58.0775 4872 Tcpip - ok 14:47:58.0845 4872 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys 14:47:58.0861 4872 TCPIP6 - ok 14:47:58.0901 4872 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 14:47:58.0907 4872 tcpipreg - ok 14:47:58.0932 4872 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 14:47:58.0936 4872 TDPIPE - ok 14:47:58.0976 4872 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 14:47:58.0980 4872 TDTCP - ok 14:47:59.0001 4872 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 14:47:59.0007 4872 tdx - ok 14:47:59.0054 4872 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 14:47:59.0061 4872 TermDD - ok 14:47:59.0101 4872 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 14:47:59.0112 4872 TermService - ok 14:47:59.0133 4872 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 14:47:59.0135 4872 Themes - ok 14:47:59.0164 4872 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:47:59.0166 4872 THREADORDER - ok 14:47:59.0188 4872 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 14:47:59.0192 4872 TrkWks - ok 14:47:59.0232 4872 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 14:47:59.0234 4872 TrustedInstaller - ok 14:47:59.0257 4872 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:47:59.0263 4872 tssecsrv - ok 14:47:59.0294 4872 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 14:47:59.0296 4872 tunnel - ok 14:47:59.0320 4872 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 14:47:59.0327 4872 uagp35 - ok 14:47:59.0355 4872 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 14:47:59.0368 4872 udfs - ok 14:47:59.0390 4872 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 14:47:59.0399 4872 UI0Detect - ok 14:47:59.0459 4872 UimBus (70771e2b8eb3cde389906463bcd5e675) C:\Windows\system32\DRIVERS\uimx64.sys 14:47:59.0466 4872 UimBus - ok 14:47:59.0509 4872 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 14:47:59.0516 4872 uliagpkx - ok 14:47:59.0538 4872 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 14:47:59.0544 4872 umbus - ok 14:47:59.0561 4872 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 14:47:59.0566 4872 UmPass - ok 14:47:59.0598 4872 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll 14:47:59.0603 4872 UmRdpService - ok 14:47:59.0730 4872 UMVPFSrv (6aa98eeb910e3d3a718592834ebe61d7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 14:47:59.0734 4872 UMVPFSrv - ok 14:47:59.0764 4872 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 14:47:59.0771 4872 upnphost - ok 14:47:59.0795 4872 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 14:47:59.0804 4872 usbaudio - ok 14:47:59.0842 4872 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 14:47:59.0849 4872 usbccgp - ok 14:47:59.0886 4872 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 14:47:59.0898 4872 usbcir - ok 14:47:59.0919 4872 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 14:47:59.0925 4872 usbehci - ok 14:47:59.0957 4872 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 14:47:59.0972 4872 usbhub - ok 14:47:59.0992 4872 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 14:47:59.0997 4872 usbohci - ok 14:48:00.0019 4872 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 14:48:00.0023 4872 usbprint - ok 14:48:00.0060 4872 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 14:48:00.0066 4872 usbscan - ok 14:48:00.0088 4872 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:48:00.0090 4872 USBSTOR - ok 14:48:00.0113 4872 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 14:48:00.0119 4872 usbuhci - ok 14:48:00.0143 4872 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys 14:48:00.0152 4872 usbvideo - ok 14:48:00.0162 4872 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 14:48:00.0165 4872 UxSms - ok 14:48:00.0213 4872 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:48:00.0215 4872 VaultSvc - ok 14:48:00.0232 4872 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 14:48:00.0233 4872 vdrvroot - ok 14:48:00.0265 4872 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 14:48:00.0283 4872 vds - ok 14:48:00.0312 4872 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 14:48:00.0317 4872 vga - ok 14:48:00.0336 4872 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 14:48:00.0341 4872 VgaSave - ok 14:48:00.0370 4872 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 14:48:00.0384 4872 vhdmp - ok 14:48:00.0412 4872 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 14:48:00.0417 4872 viaide - ok 14:48:00.0452 4872 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 14:48:00.0464 4872 vmbus - ok 14:48:00.0491 4872 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 14:48:00.0495 4872 VMBusHID - ok 14:48:00.0540 4872 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 14:48:00.0542 4872 volmgr - ok 14:48:00.0568 4872 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 14:48:00.0573 4872 volmgrx - ok 14:48:00.0594 4872 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 14:48:00.0597 4872 volsnap - ok 14:48:00.0630 4872 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 14:48:00.0639 4872 vsmraid - ok 14:48:00.0707 4872 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 14:48:00.0749 4872 VSS - ok 14:48:00.0773 4872 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 14:48:00.0779 4872 vwifibus - ok 14:48:00.0824 4872 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 14:48:00.0831 4872 W32Time - ok 14:48:00.0905 4872 W3SVC (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll 14:48:00.0919 4872 W3SVC - ok 14:48:00.0939 4872 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 14:48:00.0944 4872 WacomPen - ok 14:48:00.0990 4872 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 14:48:00.0997 4872 WANARP - ok 14:48:01.0002 4872 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 14:48:01.0003 4872 Wanarpv6 - ok 14:48:01.0027 4872 WAS (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll 14:48:01.0031 4872 WAS - ok 14:48:01.0094 4872 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 14:48:01.0135 4872 wbengine - ok 14:48:01.0162 4872 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 14:48:01.0175 4872 WbioSrvc - ok 14:48:01.0208 4872 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll 14:48:01.0223 4872 wcncsvc - ok 14:48:01.0245 4872 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 14:48:01.0254 4872 WcsPlugInService - ok 14:48:01.0277 4872 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 14:48:01.0282 4872 Wd - ok 14:48:01.0318 4872 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 14:48:01.0327 4872 Wdf01000 - ok 14:48:01.0349 4872 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:48:01.0352 4872 WdiServiceHost - ok 14:48:01.0357 4872 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:48:01.0360 4872 WdiSystemHost - ok 14:48:01.0388 4872 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll 14:48:01.0402 4872 WebClient - ok 14:48:01.0431 4872 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 14:48:01.0444 4872 Wecsvc - ok 14:48:01.0461 4872 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 14:48:01.0464 4872 wercplsupport - ok 14:48:01.0488 4872 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 14:48:01.0492 4872 WerSvc - ok 14:48:01.0506 4872 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 14:48:01.0509 4872 WfpLwf - ok 14:48:01.0530 4872 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 14:48:01.0535 4872 WIMMount - ok 14:48:01.0568 4872 WinDefend - ok 14:48:01.0576 4872 WinHttpAutoProxySvc - ok 14:48:01.0631 4872 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 14:48:01.0634 4872 Winmgmt - ok 14:48:01.0715 4872 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 14:48:01.0756 4872 WinRM - ok 14:48:01.0823 4872 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 14:48:01.0831 4872 WinUsb - ok 14:48:01.0889 4872 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 14:48:01.0913 4872 Wlansvc - ok 14:48:02.0068 4872 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:48:02.0114 4872 wlidsvc - ok 14:48:02.0201 4872 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 14:48:02.0205 4872 WmiAcpi - ok 14:48:02.0242 4872 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 14:48:02.0252 4872 wmiApSrv - ok 14:48:02.0256 4872 WMPNetworkSvc - ok 14:48:02.0279 4872 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 14:48:02.0285 4872 WPCSvc - ok 14:48:02.0307 4872 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 14:48:02.0311 4872 WPDBusEnum - ok 14:48:02.0332 4872 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 14:48:02.0333 4872 ws2ifsl - ok 14:48:02.0352 4872 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 14:48:02.0355 4872 wscsvc - ok 14:48:02.0364 4872 WSearch - ok 14:48:02.0463 4872 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll 14:48:02.0524 4872 wuauserv - ok 14:48:02.0545 4872 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 14:48:02.0550 4872 WudfPf - ok 14:48:02.0589 4872 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:48:02.0591 4872 WUDFRd - ok 14:48:02.0615 4872 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 14:48:02.0625 4872 wudfsvc - ok 14:48:02.0650 4872 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 14:48:02.0664 4872 WwanSvc - ok 14:48:02.0710 4872 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 14:48:02.0762 4872 \Device\Harddisk0\DR0 - ok 14:48:02.0788 4872 Boot (0x1200) (ec029b95003cba4aeab607babe70c6e6) \Device\Harddisk0\DR0\Partition0 14:48:02.0790 4872 \Device\Harddisk0\DR0\Partition0 - ok 14:48:02.0802 4872 Boot (0x1200) (273ceeceff7478ee3ae30c27ee8aab49) \Device\Harddisk0\DR0\Partition1 14:48:02.0804 4872 \Device\Harddisk0\DR0\Partition1 - ok 14:48:02.0808 4872 Boot (0x1200) (9a208d2d614ddb5e4e2a0efcc8f94c5c) \Device\Harddisk0\DR0\Partition2 14:48:02.0810 4872 \Device\Harddisk0\DR0\Partition2 - ok 14:48:02.0810 4872 ============================================================ 14:48:02.0810 4872 Scan finished 14:48:02.0810 4872 ============================================================ 14:48:02.0825 4596 Detected object count: 0 14:48:02.0825 4596 Actual detected object count: 0 14:49:53.0436 4504 ============================================================ 14:49:53.0437 4504 Scan started 14:49:53.0437 4504 Mode: Manual; 14:49:53.0437 4504 ============================================================ 14:49:53.0711 4504 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 14:49:53.0714 4504 1394ohci - ok 14:49:53.0745 4504 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 14:49:53.0748 4504 ACPI - ok 14:49:53.0771 4504 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 14:49:53.0771 4504 AcpiPmi - ok 14:49:53.0803 4504 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 14:49:53.0807 4504 adp94xx - ok 14:49:53.0840 4504 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 14:49:53.0843 4504 adpahci - ok 14:49:53.0872 4504 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 14:49:53.0874 4504 adpu320 - ok 14:49:53.0909 4504 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 14:49:53.0910 4504 AeLookupSvc - ok 14:49:53.0962 4504 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 14:49:53.0967 4504 AFD - ok 14:49:53.0987 4504 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 14:49:53.0988 4504 agp440 - ok 14:49:54.0010 4504 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 14:49:54.0011 4504 ALG - ok 14:49:54.0034 4504 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 14:49:54.0035 4504 aliide - ok 14:49:54.0083 4504 AMD External Events Utility (c4c88cd854b28fc85495c841a0f6a069) C:\Windows\system32\atiesrxx.exe 14:49:54.0085 4504 AMD External Events Utility - ok 14:49:54.0102 4504 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 14:49:54.0103 4504 amdide - ok 14:49:54.0127 4504 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 14:49:54.0128 4504 AmdK8 - ok 14:49:54.0315 4504 amdkmdag (1147f8816d4ddc9fc43a40df52f40500) C:\Windows\system32\DRIVERS\atipmdag.sys 14:49:54.0342 4504 amdkmdag - ok 14:49:54.0391 4504 amdkmdap (ebc963d8f5b04c98f5ef597aae79cddd) C:\Windows\system32\DRIVERS\atikmpag.sys 14:49:54.0392 4504 amdkmdap - ok 14:49:54.0401 4504 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 14:49:54.0401 4504 AmdPPM - ok 14:49:54.0422 4504 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 14:49:54.0423 4504 amdsata - ok 14:49:54.0445 4504 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 14:49:54.0446 4504 amdsbs - ok 14:49:54.0466 4504 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 14:49:54.0466 4504 amdxata - ok 14:49:54.0521 4504 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) E:\Avira\AntiVir Desktop\sched.exe 14:49:54.0523 4504 AntiVirSchedulerService - ok 14:49:54.0538 4504 AntiVirService (72d90e56563165984224493069c69ed4) E:\Avira\AntiVir Desktop\avguard.exe 14:49:54.0540 4504 AntiVirService - ok 14:49:54.0606 4504 AppHostSvc (03fbb7c5ea4ef153f10282614b9771cb) C:\Windows\system32\inetsrv\apphostsvc.dll 14:49:54.0607 4504 AppHostSvc - ok 14:49:54.0636 4504 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 14:49:54.0636 4504 AppID - ok 14:49:54.0669 4504 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 14:49:54.0670 4504 AppIDSvc - ok 14:49:54.0687 4504 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 14:49:54.0688 4504 Appinfo - ok 14:49:54.0732 4504 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 14:49:54.0735 4504 AppMgmt - ok 14:49:54.0761 4504 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 14:49:54.0762 4504 arc - ok 14:49:54.0778 4504 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 14:49:54.0780 4504 arcsas - ok 14:49:54.0824 4504 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 14:49:54.0825 4504 AsyncMac - ok 14:49:54.0842 4504 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 14:49:54.0842 4504 atapi - ok 14:49:54.0884 4504 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys 14:49:54.0885 4504 AtiHdmiService - ok 14:49:54.0921 4504 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 14:49:54.0927 4504 AudioEndpointBuilder - ok 14:49:54.0940 4504 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 14:49:54.0945 4504 AudioSrv - ok 14:49:54.0985 4504 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys 14:49:54.0986 4504 avgntflt - ok 14:49:55.0001 4504 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys 14:49:55.0003 4504 avipbb - ok 14:49:55.0084 4504 AVM WLAN Connection Service (c6f4c466b654c1be98af31418bb5ac30) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe 14:49:55.0088 4504 AVM WLAN Connection Service - ok 14:49:55.0111 4504 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys 14:49:55.0111 4504 avmeject - ok 14:49:55.0136 4504 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 14:49:55.0137 4504 AxInstSV - ok 14:49:55.0173 4504 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 14:49:55.0177 4504 b06bdrv - ok 14:49:55.0205 4504 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 14:49:55.0208 4504 b57nd60a - ok 14:49:55.0253 4504 BCUService (f29d375926e36e3a56af4805c7749302) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe 14:49:55.0255 4504 BCUService - ok 14:49:55.0271 4504 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 14:49:55.0272 4504 BDESVC - ok 14:49:55.0284 4504 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 14:49:55.0285 4504 Beep - ok 14:49:55.0325 4504 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 14:49:55.0332 4504 BFE - ok 14:49:55.0386 4504 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll 14:49:55.0396 4504 BITS - ok 14:49:55.0412 4504 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 14:49:55.0413 4504 blbdrive - ok 14:49:55.0458 4504 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 14:49:55.0459 4504 bowser - ok 14:49:55.0476 4504 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:49:55.0476 4504 BrFiltLo - ok 14:49:55.0491 4504 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:49:55.0492 4504 BrFiltUp - ok 14:49:55.0509 4504 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 14:49:55.0510 4504 BridgeMP - ok 14:49:55.0532 4504 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 14:49:55.0533 4504 Browser - ok 14:49:55.0563 4504 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 14:49:55.0566 4504 Brserid - ok 14:49:55.0590 4504 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 14:49:55.0590 4504 BrSerWdm - ok 14:49:55.0600 4504 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:49:55.0601 4504 BrUsbMdm - ok 14:49:55.0612 4504 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 14:49:55.0612 4504 BrUsbSer - ok 14:49:55.0632 4504 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 14:49:55.0633 4504 BTHMODEM - ok 14:49:55.0667 4504 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 14:49:55.0669 4504 bthserv - ok 14:49:55.0688 4504 catchme - ok 14:49:55.0711 4504 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 14:49:55.0712 4504 cdfs - ok 14:49:55.0734 4504 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 14:49:55.0736 4504 cdrom - ok 14:49:55.0755 4504 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 14:49:55.0756 4504 CertPropSvc - ok 14:49:55.0767 4504 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 14:49:55.0767 4504 circlass - ok 14:49:55.0792 4504 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 14:49:55.0796 4504 CLFS - ok 14:49:55.0868 4504 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe |
|
01.04.2012, 13:55
| #8 |
| /// Malware-holic | UKash Windows Security Trojaner hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.04.2012, 13:56
| #9 |
| | UKash Windows Security Trojaner 14:49:55.0869 4504 clr_optimization_v2.0.50727_32 - ok 14:49:55.0907 4504 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:49:55.0908 4504 clr_optimization_v2.0.50727_64 - ok 14:49:55.0932 4504 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 14:49:55.0932 4504 CmBatt - ok 14:49:55.0962 4504 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 14:49:55.0962 4504 cmdide - ok 14:49:56.0013 4504 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 14:49:56.0017 4504 CNG - ok 14:49:56.0038 4504 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 14:49:56.0038 4504 Compbatt - ok 14:49:56.0066 4504 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 14:49:56.0067 4504 CompositeBus - ok 14:49:56.0075 4504 COMSysApp - ok 14:49:56.0087 4504 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 14:49:56.0087 4504 crcdisk - ok 14:49:56.0126 4504 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll 14:49:56.0128 4504 CryptSvc - ok 14:49:56.0170 4504 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 14:49:56.0175 4504 CSC - ok 14:49:56.0218 4504 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll 14:49:56.0225 4504 CscService - ok 14:49:56.0264 4504 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 14:49:56.0271 4504 DcomLaunch - ok 14:49:56.0300 4504 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 14:49:56.0303 4504 defragsvc - ok 14:49:56.0341 4504 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 14:49:56.0342 4504 DfsC - ok 14:49:56.0365 4504 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 14:49:56.0369 4504 Dhcp - ok 14:49:56.0388 4504 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 14:49:56.0389 4504 discache - ok 14:49:56.0408 4504 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 14:49:56.0409 4504 Disk - ok 14:49:56.0455 4504 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 14:49:56.0457 4504 Dnscache - ok 14:49:56.0486 4504 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 14:49:56.0489 4504 dot3svc - ok 14:49:56.0504 4504 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 14:49:56.0506 4504 DPS - ok 14:49:56.0533 4504 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 14:49:56.0534 4504 drmkaud - ok 14:49:56.0583 4504 dtsoftbus01 (400582b09e0bb557d0ec28a945150eeb) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 14:49:56.0586 4504 dtsoftbus01 - ok 14:49:56.0648 4504 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 14:49:56.0656 4504 DXGKrnl - ok 14:49:56.0665 4504 EagleX64 - ok 14:49:56.0699 4504 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 14:49:56.0702 4504 EapHost - ok 14:49:56.0807 4504 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 14:49:56.0826 4504 ebdrv - ok 14:49:56.0867 4504 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 14:49:56.0869 4504 EFS - ok 14:49:56.0929 4504 ehRecvr (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe 14:49:56.0936 4504 ehRecvr - ok 14:49:56.0953 4504 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 14:49:56.0955 4504 ehSched - ok 14:49:56.0988 4504 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 14:49:56.0993 4504 elxstor - ok 14:49:57.0008 4504 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 14:49:57.0009 4504 ErrDev - ok 14:49:57.0053 4504 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 14:49:57.0057 4504 EventSystem - ok 14:49:57.0086 4504 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 14:49:57.0088 4504 exfat - ok 14:49:57.0121 4504 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 14:49:57.0124 4504 fastfat - ok 14:49:57.0163 4504 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 14:49:57.0170 4504 Fax - ok 14:49:57.0185 4504 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 14:49:57.0186 4504 fdc - ok 14:49:57.0207 4504 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 14:49:57.0208 4504 fdPHost - ok 14:49:57.0219 4504 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 14:49:57.0220 4504 FDResPub - ok 14:49:57.0254 4504 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 14:49:57.0255 4504 FileInfo - ok 14:49:57.0277 4504 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 14:49:57.0278 4504 Filetrace - ok 14:49:57.0299 4504 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 14:49:57.0300 4504 flpydisk - ok 14:49:57.0320 4504 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 14:49:57.0323 4504 FltMgr - ok 14:49:57.0391 4504 FontCache (bc00505cfda789ed3be95d2ff38c4875) C:\Windows\system32\FntCache.dll 14:49:57.0402 4504 FontCache - ok 14:49:57.0456 4504 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:49:57.0457 4504 FontCache3.0.0.0 - ok 14:49:57.0487 4504 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 14:49:57.0488 4504 FsDepends - ok 14:49:57.0507 4504 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 14:49:57.0508 4504 Fs_Rec - ok 14:49:57.0544 4504 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys 14:49:57.0546 4504 fvevol - ok 14:49:57.0602 4504 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys 14:49:57.0606 4504 FWLANUSB - ok 14:49:57.0633 4504 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 14:49:57.0634 4504 gagp30kx - ok 14:49:57.0637 4504 gdrv - ok 14:49:57.0681 4504 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 14:49:57.0689 4504 gpsvc - ok 14:49:57.0818 4504 Guard.Mail.ru (bc0c334ccbcf5248d70619b40793fc38) C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe 14:49:57.0830 4504 Guard.Mail.ru - ok 14:49:57.0851 4504 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 14:49:57.0852 4504 hcw85cir - ok 14:49:57.0903 4504 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 14:49:57.0906 4504 HdAudAddService - ok 14:49:57.0937 4504 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 14:49:57.0938 4504 HDAudBus - ok 14:49:57.0964 4504 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 14:49:57.0965 4504 HidBatt - ok 14:49:57.0991 4504 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 14:49:57.0992 4504 HidBth - ok 14:49:58.0016 4504 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 14:49:58.0017 4504 HidIr - ok 14:49:58.0033 4504 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 14:49:58.0035 4504 hidserv - ok 14:49:58.0045 4504 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 14:49:58.0045 4504 HidUsb - ok 14:49:58.0078 4504 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 14:49:58.0081 4504 hkmsvc - ok 14:49:58.0107 4504 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 14:49:58.0110 4504 HomeGroupListener - ok 14:49:58.0147 4504 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 14:49:58.0151 4504 HomeGroupProvider - ok 14:49:58.0187 4504 hotcore3 (5e626ea93c77825c56e6fbc2fd5e5de5) C:\Windows\system32\DRIVERS\hotcore3.sys 14:49:58.0188 4504 hotcore3 - ok 14:49:58.0207 4504 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 14:49:58.0208 4504 HpSAMD - ok 14:49:58.0250 4504 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 14:49:58.0257 4504 HTTP - ok 14:49:58.0281 4504 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 14:49:58.0281 4504 hwpolicy - ok 14:49:58.0309 4504 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 14:49:58.0310 4504 i8042prt - ok 14:49:58.0339 4504 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 14:49:58.0343 4504 iaStorV - ok 14:49:58.0454 4504 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:49:58.0462 4504 idsvc - ok 14:49:58.0477 4504 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 14:49:58.0477 4504 iirsp - ok 14:49:58.0537 4504 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 14:49:58.0545 4504 IKEEXT - ok 14:49:58.0628 4504 IntcAzAudAddService (f6b3b107ecc1a94e7a8245b008b9e613) C:\Windows\system32\drivers\RTKVHD64.sys 14:49:58.0641 4504 IntcAzAudAddService - ok 14:49:58.0666 4504 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 14:49:58.0666 4504 intelide - ok 14:49:58.0693 4504 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 14:49:58.0693 4504 intelppm - ok 14:49:58.0713 4504 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 14:49:58.0714 4504 IPBusEnum - ok 14:49:58.0737 4504 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:49:58.0738 4504 IpFilterDriver - ok 14:49:58.0773 4504 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 14:49:58.0776 4504 iphlpsvc - ok 14:49:58.0786 4504 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 14:49:58.0787 4504 IPMIDRV - ok 14:49:58.0814 4504 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 14:49:58.0815 4504 IPNAT - ok 14:49:58.0854 4504 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 14:49:58.0854 4504 IRENUM - ok 14:49:58.0871 4504 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 14:49:58.0872 4504 isapnp - ok 14:49:58.0905 4504 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 14:49:58.0907 4504 iScsiPrt - ok 14:49:58.0937 4504 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 14:49:58.0938 4504 kbdclass - ok 14:49:58.0952 4504 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 14:49:58.0953 4504 kbdhid - ok 14:49:59.0003 4504 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:49:59.0005 4504 KeyIso - ok 14:49:59.0028 4504 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 14:49:59.0029 4504 KSecDD - ok 14:49:59.0051 4504 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 14:49:59.0053 4504 KSecPkg - ok 14:49:59.0067 4504 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 14:49:59.0067 4504 ksthunk - ok 14:49:59.0112 4504 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 14:49:59.0117 4504 KtmRm - ok 14:49:59.0153 4504 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll 14:49:59.0157 4504 LanmanServer - ok 14:49:59.0197 4504 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 14:49:59.0201 4504 LanmanWorkstation - ok 14:49:59.0225 4504 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 14:49:59.0226 4504 lltdio - ok 14:49:59.0268 4504 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 14:49:59.0272 4504 lltdsvc - ok 14:49:59.0282 4504 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 14:49:59.0284 4504 lmhosts - ok 14:49:59.0309 4504 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 14:49:59.0310 4504 LSI_FC - ok 14:49:59.0336 4504 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 14:49:59.0338 4504 LSI_SAS - ok 14:49:59.0363 4504 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:49:59.0364 4504 LSI_SAS2 - ok 14:49:59.0392 4504 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:49:59.0393 4504 LSI_SCSI - ok 14:49:59.0425 4504 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 14:49:59.0426 4504 luafv - ok 14:49:59.0479 4504 LVRS64 (8bb169810c66b32364886a8751325181) C:\Windows\system32\DRIVERS\lvrs64.sys 14:49:59.0482 4504 LVRS64 - ok 14:49:59.0609 4504 LVUVC64 (d49858fb1432a0601fce2a9e452d6bc9) C:\Windows\system32\DRIVERS\lvuvc64.sys 14:49:59.0634 4504 LVUVC64 - ok 14:49:59.0643 4504 lxbk_device - ok 14:49:59.0700 4504 MAUSBFASTTRACKPRO (066991e50a5cbbeefb2ec6880069cdb5) C:\Windows\system32\DRIVERS\MAudioFastTrackPro.sys 14:49:59.0702 4504 MAUSBFASTTRACKPRO - ok 14:49:59.0735 4504 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 14:49:59.0737 4504 Mcx2Svc - ok 14:49:59.0833 4504 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 14:49:59.0836 4504 MDM - ok 14:49:59.0856 4504 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 14:49:59.0856 4504 megasas - ok 14:49:59.0891 4504 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 14:49:59.0894 4504 MegaSR - ok 14:49:59.0922 4504 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:49:59.0924 4504 MMCSS - ok 14:49:59.0951 4504 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 14:49:59.0952 4504 Modem - ok 14:49:59.0963 4504 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 14:49:59.0963 4504 monitor - ok 14:49:59.0984 4504 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 14:49:59.0984 4504 mouclass - ok 14:50:00.0007 4504 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 14:50:00.0008 4504 mouhid - ok 14:50:00.0029 4504 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 14:50:00.0031 4504 mountmgr - ok 14:50:00.0063 4504 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 14:50:00.0065 4504 mpio - ok 14:50:00.0090 4504 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 14:50:00.0091 4504 mpsdrv - ok 14:50:00.0139 4504 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 14:50:00.0148 4504 MpsSvc - ok 14:50:00.0175 4504 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 14:50:00.0177 4504 MRxDAV - ok 14:50:00.0227 4504 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:50:00.0228 4504 mrxsmb - ok 14:50:00.0282 4504 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:50:00.0285 4504 mrxsmb10 - ok 14:50:00.0330 4504 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:50:00.0332 4504 mrxsmb20 - ok 14:50:00.0357 4504 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 14:50:00.0357 4504 msahci - ok 14:50:00.0385 4504 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 14:50:00.0387 4504 msdsm - ok 14:50:00.0411 4504 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 14:50:00.0413 4504 MSDTC - ok 14:50:00.0433 4504 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 14:50:00.0434 4504 Msfs - ok 14:50:00.0445 4504 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 14:50:00.0445 4504 mshidkmdf - ok 14:50:00.0465 4504 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 14:50:00.0466 4504 msisadrv - ok 14:50:00.0494 4504 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 14:50:00.0497 4504 MSiSCSI - ok 14:50:00.0505 4504 msiserver - ok 14:50:00.0524 4504 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 14:50:00.0525 4504 MSKSSRV - ok 14:50:00.0543 4504 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 14:50:00.0544 4504 MSPCLOCK - ok 14:50:00.0556 4504 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 14:50:00.0556 4504 MSPQM - ok 14:50:00.0591 4504 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 14:50:00.0595 4504 MsRPC - ok 14:50:00.0615 4504 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 14:50:00.0616 4504 mssmbios - ok 14:50:00.0634 4504 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 14:50:00.0634 4504 MSTEE - ok 14:50:00.0658 4504 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 14:50:00.0659 4504 MTConfig - ok 14:50:00.0684 4504 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 14:50:00.0685 4504 Mup - ok 14:50:00.0707 4504 mv91cons (6af2640b5d7202fa0d96467318d4592e) C:\Windows\system32\DRIVERS\mv91cons.sys 14:50:00.0708 4504 mv91cons - ok 14:50:00.0752 4504 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 14:50:00.0758 4504 napagent - ok 14:50:00.0782 4504 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 14:50:00.0785 4504 NativeWifiP - ok 14:50:00.0830 4504 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 14:50:00.0839 4504 NDIS - ok 14:50:00.0866 4504 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 14:50:00.0867 4504 NdisCap - ok 14:50:00.0890 4504 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 14:50:00.0891 4504 NdisTapi - ok 14:50:00.0911 4504 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 14:50:00.0912 4504 Ndisuio - ok 14:50:00.0936 4504 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 14:50:00.0937 4504 NdisWan - ok 14:50:00.0952 4504 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 14:50:00.0953 4504 NDProxy - ok 14:50:00.0976 4504 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 14:50:00.0976 4504 NetBIOS - ok 14:50:01.0006 4504 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 14:50:01.0008 4504 NetBT - ok 14:50:01.0055 4504 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:50:01.0057 4504 Netlogon - ok 14:50:01.0081 4504 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 14:50:01.0086 4504 Netman - ok 14:50:01.0116 4504 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 14:50:01.0121 4504 netprofm - ok 14:50:01.0210 4504 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:50:01.0212 4504 NetTcpPortSharing - ok 14:50:01.0236 4504 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 14:50:01.0237 4504 nfrd960 - ok 14:50:01.0486 4504 NIHardwareService (0bcb418c2906852c6f9347a258fd5711) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe 14:50:01.0509 4504 NIHardwareService - ok 14:50:01.0569 4504 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 14:50:01.0573 4504 NlaSvc - ok 14:50:01.0595 4504 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 14:50:01.0596 4504 Npfs - ok 14:50:01.0617 4504 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 14:50:01.0619 4504 nsi - ok 14:50:01.0632 4504 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 14:50:01.0632 4504 nsiproxy - ok 14:50:01.0701 4504 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 14:50:01.0716 4504 Ntfs - ok 14:50:01.0739 4504 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 14:50:01.0740 4504 Null - ok 14:50:01.0773 4504 nusb3hub (a61b0af4d6b934928cfd1140deea5c8d) C:\Windows\system32\DRIVERS\nusb3hub.sys 14:50:01.0774 4504 nusb3hub - ok 14:50:01.0827 4504 nusb3xhc (fa4b2f20561bdbcc6b9ac3e3bdcd7e3f) C:\Windows\system32\DRIVERS\nusb3xhc.sys 14:50:01.0829 4504 nusb3xhc - ok 14:50:01.0854 4504 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 14:50:01.0856 4504 nvraid - ok 14:50:01.0873 4504 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 14:50:01.0875 4504 nvstor - ok 14:50:01.0891 4504 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 14:50:01.0893 4504 nv_agp - ok 14:50:01.0913 4504 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 14:50:01.0914 4504 ohci1394 - ok 14:50:01.0986 4504 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:50:01.0987 4504 ose - ok 14:50:02.0009 4504 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:50:02.0013 4504 p2pimsvc - ok 14:50:02.0049 4504 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 14:50:02.0054 4504 p2psvc - ok 14:50:02.0076 4504 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 14:50:02.0077 4504 Parport - ok 14:50:02.0099 4504 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 14:50:02.0100 4504 partmgr - ok 14:50:02.0124 4504 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 14:50:02.0128 4504 PcaSvc - ok 14:50:02.0151 4504 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 14:50:02.0153 4504 pci - ok 14:50:02.0171 4504 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 14:50:02.0172 4504 pciide - ok 14:50:02.0195 4504 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 14:50:02.0197 4504 pcmcia - ok 14:50:02.0222 4504 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 14:50:02.0223 4504 pcw - ok 14:50:02.0252 4504 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 14:50:02.0258 4504 PEAUTH - ok 14:50:02.0328 4504 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 14:50:02.0342 4504 PeerDistSvc - ok 14:50:02.0389 4504 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 14:50:02.0391 4504 PerfHost - ok 14:50:02.0451 4504 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 14:50:02.0465 4504 pla - ok 14:50:02.0515 4504 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 14:50:02.0518 4504 PlugPlay - ok 14:50:02.0536 4504 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 14:50:02.0537 4504 PNRPAutoReg - ok 14:50:02.0560 4504 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:50:02.0563 4504 PNRPsvc - ok 14:50:02.0623 4504 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 14:50:02.0628 4504 PolicyAgent - ok 14:50:02.0671 4504 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 14:50:02.0675 4504 Power - ok 14:50:02.0694 4504 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 14:50:02.0696 4504 PptpMiniport - ok 14:50:02.0719 4504 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 14:50:02.0720 4504 Processor - ok 14:50:02.0756 4504 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll 14:50:02.0760 4504 ProfSvc - ok 14:50:02.0807 4504 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:50:02.0809 4504 ProtectedStorage - ok 14:50:02.0825 4504 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 14:50:02.0826 4504 Psched - ok 14:50:02.0885 4504 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 14:50:02.0896 4504 ql2300 - ok 14:50:02.0915 4504 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 14:50:02.0916 4504 ql40xx - ok 14:50:02.0947 4504 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 14:50:02.0950 4504 QWAVE - ok 14:50:02.0969 4504 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 14:50:02.0970 4504 QWAVEdrv - ok 14:50:02.0986 4504 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 14:50:02.0986 4504 RasAcd - ok 14:50:03.0026 4504 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:50:03.0027 4504 RasAgileVpn - ok 14:50:03.0038 4504 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 14:50:03.0041 4504 RasAuto - ok 14:50:03.0068 4504 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:50:03.0069 4504 Rasl2tp - ok 14:50:03.0091 4504 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 14:50:03.0095 4504 RasMan - ok 14:50:03.0111 4504 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 14:50:03.0113 4504 RasPppoe - ok 14:50:03.0129 4504 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 14:50:03.0130 4504 RasSstp - ok 14:50:03.0144 4504 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 14:50:03.0147 4504 rdbss - ok 14:50:03.0161 4504 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 14:50:03.0162 4504 rdpbus - ok 14:50:03.0180 4504 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:50:03.0180 4504 RDPCDD - ok 14:50:03.0219 4504 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 14:50:03.0220 4504 RDPDR - ok 14:50:03.0250 4504 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 14:50:03.0250 4504 RDPENCDD - ok 14:50:03.0268 4504 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 14:50:03.0269 4504 RDPREFMP - ok 14:50:03.0314 4504 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys 14:50:03.0316 4504 RDPWD - ok 14:50:03.0342 4504 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 14:50:03.0344 4504 rdyboost - ok 14:50:03.0368 4504 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 14:50:03.0371 4504 RemoteAccess - ok 14:50:03.0405 4504 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 14:50:03.0409 4504 RemoteRegistry - ok 14:50:03.0431 4504 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 14:50:03.0434 4504 RpcEptMapper - ok 14:50:03.0459 4504 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 14:50:03.0460 4504 RpcLocator - ok 14:50:03.0488 4504 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 14:50:03.0494 4504 RpcSs - ok 14:50:03.0520 4504 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 14:50:03.0521 4504 rspndr - ok 14:50:03.0551 4504 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys 14:50:03.0554 4504 RTL8167 - ok 14:50:03.0584 4504 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 14:50:03.0584 4504 s3cap - ok 14:50:03.0635 4504 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:50:03.0637 4504 SamSs - ok 14:50:03.0668 4504 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 14:50:03.0670 4504 sbp2port - ok 14:50:03.0700 4504 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 14:50:03.0704 4504 SCardSvr - ok 14:50:03.0722 4504 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 14:50:03.0722 4504 scfilter - ok 14:50:03.0795 4504 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 14:50:03.0807 4504 Schedule - ok 14:50:03.0842 4504 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 14:50:03.0844 4504 SCPolicySvc - ok 14:50:03.0865 4504 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 14:50:03.0869 4504 SDRSVC - ok 14:50:03.0883 4504 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 14:50:03.0885 4504 seclogon - ok 14:50:03.0903 4504 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 14:50:03.0906 4504 SENS - ok 14:50:03.0926 4504 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 14:50:03.0929 4504 SensrSvc - ok 14:50:03.0948 4504 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 14:50:03.0948 4504 Serenum - ok 14:50:03.0967 4504 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 14:50:03.0968 4504 Serial - ok 14:50:03.0990 4504 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 14:50:03.0990 4504 sermouse - ok 14:50:04.0021 4504 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 14:50:04.0024 4504 SessionEnv - ok 14:50:04.0050 4504 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 14:50:04.0050 4504 sffdisk - ok 14:50:04.0060 4504 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 14:50:04.0061 4504 sffp_mmc - ok 14:50:04.0080 4504 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 14:50:04.0080 4504 sffp_sd - ok 14:50:04.0091 4504 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 14:50:04.0091 4504 sfloppy - ok 14:50:04.0130 4504 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 14:50:04.0134 4504 SharedAccess - ok 14:50:04.0164 4504 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 14:50:04.0170 4504 ShellHWDetection - ok 14:50:04.0188 4504 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:50:04.0189 4504 SiSRaid2 - ok 14:50:04.0211 4504 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 14:50:04.0212 4504 SiSRaid4 - ok 14:50:04.0233 4504 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 14:50:04.0234 4504 Smb - ok 14:50:04.0259 4504 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 14:50:04.0262 4504 SNMPTRAP - ok 14:50:04.0283 4504 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 14:50:04.0284 4504 spldr - ok 14:50:04.0336 4504 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 14:50:04.0343 4504 Spooler - ok 14:50:04.0453 4504 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 14:50:04.0469 4504 sppsvc - ok 14:50:04.0485 4504 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 14:50:04.0486 4504 sppuinotify - ok 14:50:04.0540 4504 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 14:50:04.0544 4504 srv - ok 14:50:04.0570 4504 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 14:50:04.0574 4504 srv2 - ok 14:50:04.0611 4504 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 14:50:04.0613 4504 srvnet - ok 14:50:04.0628 4504 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 14:50:04.0632 4504 SSDPSRV - ok 14:50:04.0645 4504 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 14:50:04.0648 4504 SstpSvc - ok 14:50:04.0665 4504 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 14:50:04.0666 4504 stexstor - ok 14:50:04.0706 4504 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 14:50:04.0714 4504 stisvc - ok 14:50:04.0746 4504 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 14:50:04.0747 4504 storflt - ok 14:50:04.0772 4504 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 14:50:04.0775 4504 StorSvc - ok 14:50:04.0797 4504 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 14:50:04.0798 4504 storvsc - ok 14:50:04.0827 4504 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 14:50:04.0827 4504 swenum - ok 14:50:04.0956 4504 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 14:50:04.0961 4504 SwitchBoard - ok 14:50:05.0007 4504 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 14:50:05.0014 4504 swprv - ok 14:50:05.0080 4504 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 14:50:05.0098 4504 SysMain - ok 14:50:05.0123 4504 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 14:50:05.0125 4504 TabletInputService - ok 14:50:05.0147 4504 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 14:50:05.0150 4504 TapiSrv - ok 14:50:05.0165 4504 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 14:50:05.0167 4504 TBS - ok 14:50:05.0249 4504 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys 14:50:05.0264 4504 Tcpip - ok 14:50:05.0333 4504 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys 14:50:05.0350 4504 TCPIP6 - ok 14:50:05.0382 4504 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 14:50:05.0383 4504 tcpipreg - ok 14:50:05.0413 4504 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 14:50:05.0414 4504 TDPIPE - ok 14:50:05.0445 4504 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 14:50:05.0446 4504 TDTCP - ok 14:50:05.0470 4504 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 14:50:05.0471 4504 tdx - ok 14:50:05.0487 4504 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 14:50:05.0488 4504 TermDD - ok 14:50:05.0534 4504 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 14:50:05.0542 4504 TermService - ok 14:50:05.0566 4504 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 14:50:05.0569 4504 Themes - ok 14:50:05.0597 4504 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:50:05.0600 4504 THREADORDER - ok 14:50:05.0622 4504 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 14:50:05.0626 4504 TrkWks - ok 14:50:05.0666 4504 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 14:50:05.0668 4504 TrustedInstaller - ok 14:50:05.0690 4504 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:50:05.0691 4504 tssecsrv - ok 14:50:05.0703 4504 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 14:50:05.0704 4504 tunnel - ok 14:50:05.0729 4504 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 14:50:05.0730 4504 uagp35 - ok 14:50:05.0764 4504 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 14:50:05.0767 4504 udfs - ok 14:50:05.0799 4504 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 14:50:05.0802 4504 UI0Detect - ok 14:50:05.0845 4504 UimBus (70771e2b8eb3cde389906463bcd5e675) C:\Windows\system32\DRIVERS\uimx64.sys 14:50:05.0846 4504 UimBus - ok 14:50:05.0870 4504 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 14:50:05.0871 4504 uliagpkx - ok 14:50:05.0899 4504 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 14:50:05.0900 4504 umbus - ok 14:50:05.0923 4504 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 14:50:05.0923 4504 UmPass - ok 14:50:05.0960 4504 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll 14:50:05.0964 4504 UmRdpService - ok 14:50:06.0067 4504 UMVPFSrv (6aa98eeb910e3d3a718592834ebe61d7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe 14:50:06.0071 4504 UMVPFSrv - ok 14:50:06.0102 4504 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 14:50:06.0107 4504 upnphost - ok 14:50:06.0133 4504 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 14:50:06.0134 4504 usbaudio - ok 14:50:06.0155 4504 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 14:50:06.0157 4504 usbccgp - ok 14:50:06.0188 4504 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 14:50:06.0189 4504 usbcir - ok 14:50:06.0208 4504 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 14:50:06.0209 4504 usbehci - ok 14:50:06.0234 4504 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 14:50:06.0237 4504 usbhub - ok 14:50:06.0257 4504 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 14:50:06.0258 4504 usbohci - ok 14:50:06.0284 4504 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 14:50:06.0285 4504 usbprint - ok 14:50:06.0325 4504 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 14:50:06.0326 4504 usbscan - ok 14:50:06.0354 4504 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:50:06.0355 4504 USBSTOR - ok 14:50:06.0379 4504 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 14:50:06.0380 4504 usbuhci - ok 14:50:06.0408 4504 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys 14:50:06.0410 4504 usbvideo - ok 14:50:06.0421 4504 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 14:50:06.0424 4504 UxSms - ok 14:50:06.0467 4504 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:50:06.0468 4504 VaultSvc - ok 14:50:06.0479 4504 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 14:50:06.0480 4504 vdrvroot - ok 14:50:06.0507 4504 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 14:50:06.0514 4504 vds - ok 14:50:06.0542 4504 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 14:50:06.0542 4504 vga - ok 14:50:06.0566 4504 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 14:50:06.0567 4504 VgaSave - ok 14:50:06.0600 4504 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 14:50:06.0602 4504 vhdmp - ok 14:50:06.0630 4504 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 14:50:06.0630 4504 viaide - ok 14:50:06.0669 4504 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 14:50:06.0671 4504 vmbus - ok 14:50:06.0696 4504 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 14:50:06.0697 4504 VMBusHID - ok 14:50:06.0734 4504 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 14:50:06.0735 4504 volmgr - ok 14:50:06.0762 4504 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 14:50:06.0765 4504 volmgrx - ok 14:50:06.0800 4504 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 14:50:06.0803 4504 volsnap - ok 14:50:06.0835 4504 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 14:50:06.0837 4504 vsmraid - ok 14:50:06.0900 4504 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 14:50:06.0914 4504 VSS - ok 14:50:06.0931 4504 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 14:50:06.0931 4504 vwifibus - ok 14:50:06.0956 4504 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 14:50:06.0959 4504 W32Time - ok 14:50:07.0014 4504 W3SVC (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll 14:50:07.0018 4504 W3SVC - ok 14:50:07.0037 4504 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 14:50:07.0037 4504 WacomPen - ok 14:50:07.0063 4504 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 14:50:07.0064 4504 WANARP - ok 14:50:07.0069 4504 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 14:50:07.0070 4504 Wanarpv6 - ok 14:50:07.0087 4504 WAS (06d2b9bc146bb0f45f45ff7a296d50c4) C:\Windows\system32\inetsrv\iisw3adm.dll 14:50:07.0091 4504 WAS - ok 14:50:07.0144 4504 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 14:50:07.0156 4504 wbengine - ok 14:50:07.0175 4504 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 14:50:07.0178 4504 WbioSrvc - ok 14:50:07.0208 4504 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll 14:50:07.0212 4504 wcncsvc - ok 14:50:07.0234 4504 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 14:50:07.0236 4504 WcsPlugInService - ok 14:50:07.0254 4504 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 14:50:07.0255 4504 Wd - ok 14:50:07.0294 4504 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 14:50:07.0297 4504 Wdf01000 - ok 14:50:07.0314 4504 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:50:07.0316 4504 WdiServiceHost - ok 14:50:07.0319 4504 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:50:07.0321 4504 WdiSystemHost - ok 14:50:07.0340 4504 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll 14:50:07.0343 4504 WebClient - ok 14:50:07.0359 4504 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 14:50:07.0362 4504 Wecsvc - ok 14:50:07.0378 4504 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 14:50:07.0380 4504 wercplsupport - ok 14:50:07.0394 4504 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 14:50:07.0396 4504 WerSvc - ok 14:50:07.0411 4504 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 14:50:07.0412 4504 WfpLwf - ok 14:50:07.0435 4504 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 14:50:07.0435 4504 WIMMount - ok 14:50:07.0461 4504 WinDefend - ok 14:50:07.0466 4504 WinHttpAutoProxySvc - ok 14:50:07.0525 4504 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 14:50:07.0527 4504 Winmgmt - ok 14:50:07.0608 4504 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 14:50:07.0628 4504 WinRM - ok 14:50:07.0680 4504 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 14:50:07.0681 4504 WinUsb - ok 14:50:07.0734 4504 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 14:50:07.0744 4504 Wlansvc - ok 14:50:07.0902 4504 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:50:07.0922 4504 wlidsvc - ok 14:50:07.0951 4504 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 14:50:07.0951 4504 WmiAcpi - ok 14:50:07.0978 4504 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 14:50:07.0980 4504 wmiApSrv - ok 14:50:08.0007 4504 WMPNetworkSvc - ok 14:50:08.0028 4504 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 14:50:08.0031 4504 WPCSvc - ok 14:50:08.0056 4504 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 14:50:08.0060 4504 WPDBusEnum - ok 14:50:08.0082 4504 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 14:50:08.0082 4504 ws2ifsl - ok 14:50:08.0101 4504 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 14:50:08.0105 4504 wscsvc - ok 14:50:08.0113 4504 WSearch - ok 14:50:08.0200 4504 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll 14:50:08.0216 4504 wuauserv - ok 14:50:08.0235 4504 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 14:50:08.0236 4504 WudfPf - ok 14:50:08.0266 4504 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:50:08.0268 4504 WUDFRd - ok 14:50:08.0292 4504 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 14:50:08.0296 4504 wudfsvc - ok 14:50:08.0316 4504 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 14:50:08.0320 4504 WwanSvc - ok 14:50:08.0351 4504 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 14:50:08.0392 4504 \Device\Harddisk0\DR0 - ok 14:50:08.0418 4504 Boot (0x1200) (ec029b95003cba4aeab607babe70c6e6) \Device\Harddisk0\DR0\Partition0 14:50:08.0420 4504 \Device\Harddisk0\DR0\Partition0 - ok 14:50:08.0432 4504 Boot (0x1200) (273ceeceff7478ee3ae30c27ee8aab49) \Device\Harddisk0\DR0\Partition1 14:50:08.0433 4504 \Device\Harddisk0\DR0\Partition1 - ok 14:50:08.0437 4504 Boot (0x1200) (9a208d2d614ddb5e4e2a0efcc8f94c5c) \Device\Harddisk0\DR0\Partition2 14:50:08.0439 4504 \Device\Harddisk0\DR0\Partition2 - ok 14:50:08.0440 4504 ============================================================ 14:50:08.0440 4504 Scan finished 14:50:08.0440 4504 ============================================================ 14:50:08.0449 2188 Detected object count: 0 14:50:08.0449 2188 Actual detected object count: 0 |
|
01.04.2012, 13:57
| #10 |
| /// Malware-holic | UKash Windows Security Trojaner hi, dann mal weiter mit malwarebytes :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.04.2012, 14:55
| #11 |
| | UKash Windows Security Trojaner soo hier ist der bericht Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.04.01.01 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 install :: PC [Administrator] 01.04.2012 15:01:30 mbam-log-2012-04-01 (15-01-30).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 426844 Laufzeit: 51 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\_OTL\MovedFiles\03302012_164445\C_Users\install\AppData\Local\Temp\mor.exe (Worm.KoobFace) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\AVSVideoConverter\activator.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\BBC2\rld-bbc2.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\DOWNLOAD\AVS Video Converter 8.1.2.510\activator.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
01.04.2012, 15:49
| #12 |
| /// Malware-holic | UKash Windows Security Trojaner E:\AVSVideoConverter\activator.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\BBC2\rld-bbc2.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt. E:\DOWNLOAD\AVS Video Converter 8.1.2.510\activator.exe (PUP.Hacktool.Patcher) -> Erfolgreich gelöscht und in Quarantäne gestellt. dies sind dateien, mit denen man auf illegale weise programme freischalten kann, da wir dies nicht unterstützen gibts hier nur hilfe beim formatieren, neu aufsetzen, und pc absichern
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu UKash Windows Security Trojaner |
| 0x00000001, abgesicherten, anderen, anleitung, askbar, autostart, durchgeführt, erwischt, gelöscht, heute, illegale, lws.exe, modus, mor.exe, nvstor.sys, pando media booster, plug-in, rechner, required, scan, script, searchscopes, security, tool, trojane, trojaner, usb 3.0, usern, version, windoof, windows, woche, wochen, zahlen |
Linear-Darstellung
