Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.04.2012, 07:05   #1
oOROo
 
100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop - Standard

100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop



Hallo liebes Team,

ich habe den Laptop von meiner Tante der befallen ist. (Sie hat mich gebeten darum zu kümmern, da sie selber leider kaum Zeit und Ahnung hat)
Bzw ist nur der Zugang von ihrer Tochter befallen. Ich kann mich unter ihrem Zugang ganz normal ohne Probleme einloggen.

Laut meiner Tante ist die Festplatte "zweigeteilt".

Da ich nun mehrfach gelesen habe, dass man noch nichts laufen lassen soll, habe ich auch noch gar nichts gemacht um das Problem zu beheben. Und hoffe auf Hilfe.

Betriebssystem ist Windows 7.

Vielen Dank schon mal,

Rieke

Alt 05.04.2012, 10:21   #2
Chris4You
 
100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop - Standard

100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop



Hi,

probieren wir mal was einfaches:

In den nicht befallenen User booten und dann:
Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

Danach in den abgesicherten Modus booten (F8, s. u.) als verseuchten User einloggen und ein OTL-Log posten:
OTL
Boote in den abgesicherten Modus mit Netzwerkunterstützung (F8 beim Booten).
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop.
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris
__________________

__________________

Alt 05.04.2012, 15:07   #3
oOROo
 
100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop - Standard

100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop



hier die Log Datei von malware

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.05.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
b :: B-PC [Administrator]

Schutz: Aktiviert

05.04.2012 14:32:09
mbam-log-2012-04-05 (14-32-09).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 464467
Laufzeit: 1 Stunde(n), 34 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

das ist die otl.txt dateiOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/5/2012 4:15:44 PM - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\zoe\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.91 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 68.62% Memory free
7.82 Gb Paging File | 6.63 Gb Available in Paging File | 84.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657.54 Gb Total Space | 602.53 Gb Free Space | 91.63% Space Free | Partition Type: NTFS
Drive D: | 37.99 Gb Total Space | 16.02 Gb Free Space | 42.16% Space Free | Partition Type: NTFS
 
Computer Name: B-PC | User Name: b | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\zoe\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (watchmi) -- C:\Program Files (x86)\watchmi\TvdService.exe ()
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (x10nets) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10)
SRV - (WisLMSvc) -- C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Wistron Corp.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (mod7764) -- C:\Windows\SysNative\drivers\mod77-64.sys (DiBcom SA)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (hwusbdev) -- C:\Windows\SysNative\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV:64bit: - (X10Hid) -- C:\Windows\SysNative\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = {CE5C69F2-BB00-4923-8025-5EAD98FB557E}
IE - HKCU\..\SearchScopes\{CE5C69F2-BB00-4923-8025-5EAD98FB557E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/07/13 15:14:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/07/13 15:14:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/07/13 15:14:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/13 15:07:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/08/21 20:02:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\b\AppData\Roaming\mozilla\Extensions
[2011/12/22 13:13:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/12/22 13:13:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/07/08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/01/01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/01/01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/01/01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files (x86)\Launch Manager\OSDCtrl.exe" File not found
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Wbutton] C:\Program Files (x86)\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C98CD9E-06C7-4B36-AC4B-6E3E3B0E020D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{86DD59FC-FF24-4A07-9C3E-C46AC9E7255C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{622f57e8-cb54-11e0-8a09-00262dc6dc9a}\Shell - "" = AutoRun
O33 - MountPoints2\{622f57e8-cb54-11e0-8a09-00262dc6dc9a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8265cb6a-a3cc-11e0-a9e9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8265cb6a-a3cc-11e0-a9e9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f3217532-a4b9-11e0-bd10-00262dc6dc9a}\Shell - "" = AutoRun
O33 - MountPoints2\{f3217532-a4b9-11e0-bd10-00262dc6dc9a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/04/05 13:00:15 | 000,000,000 | ---D | C] -- C:\Users\b\AppData\Roaming\Malwarebytes
[2012/04/05 13:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/05 13:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/05 13:00:05 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/05 13:00:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/01 14:03:55 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/03/16 15:40:16 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/16 15:40:14 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/16 15:40:13 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 22:01:03 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 21:51:36 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 21:51:36 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 21:51:36 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 21:51:34 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 21:51:34 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/05 16:17:27 | 003,920,358 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/05 16:17:27 | 000,694,906 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/04/05 16:17:27 | 000,689,584 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/04/05 16:17:27 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/04/05 16:17:27 | 000,632,656 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat
[2012/04/05 16:17:27 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/05 16:17:27 | 000,148,528 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat
[2012/04/05 16:17:27 | 000,130,358 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/04/05 16:17:27 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/04/05 16:17:27 | 000,127,362 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/04/05 16:17:27 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/05 16:12:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/05 16:12:09 | 3148,091,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/05 15:51:09 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/05 13:01:13 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/05 13:01:13 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/05 13:00:09 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/04/05 12:53:22 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/01 14:03:21 | 252,198,513 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/01 00:59:41 | 000,002,715 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/16 19:16:33 | 000,392,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/04/05 13:00:09 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/04/01 14:03:21 | 252,198,513 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/20 19:54:03 | 003,971,374 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/24 13:57:25 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011/04/24 13:57:24 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2011/04/24 13:35:41 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/24 13:35:40 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/04/24 13:35:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

< End of report >
         
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 4/5/2012 4:15:44 PM - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\zoe\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.91 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 68.62% Memory free
7.82 Gb Paging File | 6.63 Gb Available in Paging File | 84.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657.54 Gb Total Space | 602.53 Gb Free Space | 91.63% Space Free | Partition Type: NTFS
Drive D: | 37.99 Gb Total Space | 16.02 Gb Free Space | 42.16% Space Free | Partition Type: NTFS
 
Computer Name: B-PC | User Name: b | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{794E5C90-96E5-4413-B3F5-C803205AE30C}" = Intel(R) PROSet/Wireless WiFi Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E3725525-DE3E-48C1-9B81-D5FF1BFA23BC}" = VR-pulse Installer
"{EC1369CF-15BD-4FAF-BA84-65E4788C682E}" = AMI VR-pulse OS Switcher
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel(R) WiDi
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8A84AE-BCE5-E696-3DC2-D30BE2C7AA59}" = Versandhelfer
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.0.1) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira Free Antivirus
"dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 5.0.1 (x86 de)" = Mozilla Firefox 5.0.1 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"X10Hardware" = X10 Hardware(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 3/20/2012 5:35:37 PM | Computer Name = b-PC | Source = Microsoft Office 14 | ID = 2001
Description = 
 
Error - 3/21/2012 9:18:37 AM | Computer Name = b-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421,
 Zeitstempel: 0x4d76255d  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce6c3  ID des fehlerhaften
 Prozesses: 0x2dec  Startzeit der fehlerhaften Anwendung: 0x01cd07651e19482d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 5dbc1567-7358-11e1-9ef8-00262dc6dc9a
 
Error - 3/23/2012 9:28:52 AM | Computer Name = b-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 3668    Startzeit: 01cd08f16645343d    Endzeit: 47    Anwendungspfad:
 C:\Program Files (x86)\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 4/1/2012 8:05:46 AM | Computer Name = b-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/5/2012 2:23:31 AM | Computer Name = b-PC | Source = Application Hang | ID = 1002
Description = Programm avscan.exe, Version 12.1.0.20 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1338    Startzeit:
 01cd102d62fdf783    Endzeit: 9444    Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir
 Desktop\avscan.exe    Berichts-ID: d39092f0-7ee7-11e1-8afb-00262dc6dc9a  
 
Error - 4/5/2012 3:49:46 AM | Computer Name = b-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/5/2012 4:28:50 AM | Computer Name = b-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/5/2012 6:53:33 AM | Computer Name = b-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 4/5/2012 8:31:42 AM | Computer Name = b-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.60.0.61 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1524    Startzeit:
 01cd131b73729d2e    Endzeit: 12    Anwendungspfad: C:\Program Files (x86)\Malwarebytes'
 Anti-Malware\mbam.exe    Berichts-ID: 437f4e6f-7f1b-11e1-a52e-00262dc6dc9a  
 
Error - 4/5/2012 10:13:54 AM | Computer Name = b-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 6/28/2011 11:37:07 AM | Computer Name = b-PC | Source = MCUpdate | ID = 0
Description = 17:37:07 - Fehler beim Herstellen der Internetverbindung.  17:37:07 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10/9/2011 1:02:42 PM | Computer Name = b-PC | Source = MCUpdate | ID = 0
Description = 19:02:42 - MCESpotlight konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
[ System Events ]
Error - 4/5/2012 10:12:35 AM | Computer Name = b-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 4/5/2012 10:12:34 AM | Computer Name = b-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\System32\IWMSSvc.dll  Fehlercode: 21  
 
Error - 4/5/2012 10:12:36 AM | Computer Name = b-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 4/5/2012 10:12:36 AM | Computer Name = b-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 4/5/2012 10:12:36 AM | Computer Name = b-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 4/5/2012 10:12:40 AM | Computer Name = b-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 4/5/2012 10:12:40 AM | Computer Name = b-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 4/5/2012 10:12:42 AM | Computer Name = b-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 4/5/2012 10:12:42 AM | Computer Name = b-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 4/5/2012 10:12:42 AM | Computer Name = b-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
--- --- ---

Bei dem verseuchten Userkonto habe ich jetzt noch nicht das Malwareprogramm laufen lassen, das ist doch richtig oder?
__________________

Alt 06.04.2012, 20:09   #4
Chris4You
 
100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop - Standard

100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop



Hi,

ja... das OTL-Log stammt aber vom verseuchten Konto?

Wieder in den abgesicherten Modus des verseuchten Kontos booten und:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = dword:0x00

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Danach MAM updaten und im verseuchten Konto laufen lassen...

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 06.04.2012, 21:56   #5
oOROo
 
100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop - Standard

100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop



Hi,

also habe den code kopiert und das gemacht was du gesagt hast. Es kam dann ein Fenster, das zum entgültig Löschen der Dateien der Laptop neu gestartet werden sollte. Ich habe das bestätigt und mich dann wieder im abgesicherten Modus im verseuchten Account angemeldet.

Das ist die Textdatei die OTL für mich gespeichert hat:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\"DisableMonitoring" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: b
->Temp folder emptied: 137495502 bytes
->Temporary Internet Files folder emptied: 1782245561 bytes
->Java cache emptied: 15317 bytes
->FireFox cache emptied: 217169990 bytes
->Google Chrome cache emptied: 270524195 bytes
->Flash cache emptied: 3220276 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: zoe
->Temp folder emptied: 6343521 bytes
->Temporary Internet Files folder emptied: 2886895799 bytes
->Java cache emptied: 25792 bytes
->FireFox cache emptied: 48883101 bytes
->Flash cache emptied: 72560 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 178228646 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 176314124 bytes

Total Files Cleaned = 5,443.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.39.2 log created on 04062012_224052

Malwarebytes Anti-Malware (Test) 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.04.06.07

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
b :: B-PC [Administrator]

Schutz: Deaktiviert

06.04.2012 23:00:12
mbam-log-2012-04-06 (23-00-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 418376
Laufzeit: 42 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

so, nun auch der letzte Report vom TDSSKiller:

23:48:45.0432 1332 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
23:48:45.0650 1332 ============================================================
23:48:45.0650 1332 Current date / time: 2012/04/06 23:48:45.0650
23:48:45.0650 1332 SystemInfo:
23:48:45.0650 1332
23:48:45.0650 1332 OS Version: 6.1.7601 ServicePack: 1.0
23:48:45.0650 1332 Product type: Workstation
23:48:45.0650 1332 ComputerName: B-PC
23:48:45.0650 1332 UserName: b
23:48:45.0650 1332 Windows directory: C:\Windows
23:48:45.0650 1332 System windows directory: C:\Windows
23:48:45.0650 1332 Running under WOW64
23:48:45.0650 1332 Processor architecture: Intel x64
23:48:45.0650 1332 Number of processors: 4
23:48:45.0650 1332 Page size: 0x1000
23:48:45.0650 1332 Boot type: Safe boot with network
23:48:45.0650 1332 ============================================================
23:48:46.0352 1332 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:48:46.0368 1332 \Device\Harddisk0\DR0:
23:48:46.0368 1332 MBR used
23:48:46.0368 1332 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32800
23:48:46.0368 1332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x52313000
23:48:46.0399 1332 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x52346800, BlocksNum 0x4BFD000
23:48:46.0524 1332 Initialize success
23:48:46.0524 1332 ============================================================
23:49:06.0243 0732 ============================================================
23:49:06.0243 0732 Scan started
23:49:06.0243 0732 Mode: Manual; SigCheck; TDLFS;
23:49:06.0243 0732 ============================================================
23:49:07.0600 0732 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:49:07.0756 0732 1394ohci - ok
23:49:07.0849 0732 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:49:07.0865 0732 ACPI - ok
23:49:07.0959 0732 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:49:08.0068 0732 AcpiPmi - ok
23:49:08.0208 0732 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:49:08.0224 0732 adp94xx - ok
23:49:08.0505 0732 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:49:08.0520 0732 adpahci - ok
23:49:08.0661 0732 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:49:08.0676 0732 adpu320 - ok
23:49:08.0723 0732 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:49:08.0910 0732 AeLookupSvc - ok
23:49:09.0004 0732 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:49:09.0097 0732 AFD - ok
23:49:09.0191 0732 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:49:09.0207 0732 agp440 - ok
23:49:09.0300 0732 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:49:09.0347 0732 ALG - ok
23:49:09.0456 0732 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:49:09.0456 0732 aliide - ok
23:49:09.0550 0732 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:49:09.0565 0732 amdide - ok
23:49:09.0659 0732 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:49:09.0706 0732 AmdK8 - ok
23:49:09.0784 0732 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
23:49:09.0815 0732 AmdPPM - ok
23:49:09.0893 0732 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:49:09.0909 0732 amdsata - ok
23:49:10.0002 0732 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:49:10.0018 0732 amdsbs - ok
23:49:10.0111 0732 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:49:10.0111 0732 amdxata - ok
23:49:10.0314 0732 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:49:10.0423 0732 AntiVirSchedulerService - ok
23:49:10.0579 0732 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:49:10.0595 0732 AntiVirService - ok
23:49:10.0704 0732 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:49:10.0860 0732 AppID - ok
23:49:10.0923 0732 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:49:10.0985 0732 AppIDSvc - ok
23:49:11.0063 0732 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:49:11.0125 0732 Appinfo - ok
23:49:11.0203 0732 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:49:11.0203 0732 arc - ok
23:49:11.0313 0732 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:49:11.0313 0732 arcsas - ok
23:49:11.0422 0732 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:49:11.0469 0732 AsyncMac - ok
23:49:11.0578 0732 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:49:11.0578 0732 atapi - ok
23:49:11.0671 0732 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:49:11.0734 0732 AudioEndpointBuilder - ok
23:49:11.0781 0732 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:49:11.0812 0732 AudioSrv - ok
23:49:11.0905 0732 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
23:49:12.0030 0732 avgntflt - ok
23:49:12.0139 0732 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
23:49:12.0139 0732 avipbb - ok
23:49:12.0233 0732 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
23:49:12.0249 0732 avkmgr - ok
23:49:12.0436 0732 AVP (b2b3fcba37671c853879df7dde8a839a) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
23:49:12.0467 0732 AVP - ok
23:49:12.0561 0732 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:49:12.0639 0732 AxInstSV - ok
23:49:12.0779 0732 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:49:12.0873 0732 b06bdrv - ok
23:49:12.0966 0732 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:49:13.0029 0732 b57nd60a - ok
23:49:13.0122 0732 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:49:13.0216 0732 BDESVC - ok
23:49:13.0325 0732 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:49:13.0387 0732 Beep - ok
23:49:13.0465 0732 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:49:13.0543 0732 BFE - ok
23:49:13.0621 0732 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
23:49:13.0746 0732 BITS - ok
23:49:13.0840 0732 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
23:49:13.0871 0732 blbdrive - ok
23:49:13.0980 0732 Bluetooth Device Monitor (832314a5ac804dee429a009a3d41b99b) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
23:49:13.0996 0732 Bluetooth Device Monitor - ok
23:49:14.0121 0732 Bluetooth Media Service (35c701c5a286543973f0fc8bc195515e) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
23:49:14.0152 0732 Bluetooth Media Service - ok
23:49:14.0339 0732 Bluetooth OBEX Service (a475d68b03febf6c371f0d9644c2e12d) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
23:49:14.0370 0732 Bluetooth OBEX Service - ok
23:49:14.0464 0732 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:49:14.0526 0732 bowser - ok
23:49:14.0620 0732 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:49:14.0667 0732 BrFiltLo - ok
23:49:14.0729 0732 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:49:14.0760 0732 BrFiltUp - ok
23:49:14.0838 0732 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:49:14.0901 0732 Browser - ok
23:49:15.0041 0732 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:49:15.0150 0732 Brserid - ok
23:49:15.0228 0732 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:49:15.0259 0732 BrSerWdm - ok
23:49:15.0353 0732 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:49:15.0384 0732 BrUsbMdm - ok
23:49:15.0478 0732 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:49:15.0493 0732 BrUsbSer - ok
23:49:15.0603 0732 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:49:15.0665 0732 BthEnum - ok
23:49:15.0759 0732 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:49:15.0790 0732 BTHMODEM - ok
23:49:15.0868 0732 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:49:15.0915 0732 BthPan - ok
23:49:16.0024 0732 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
23:49:16.0055 0732 BTHPORT - ok
23:49:16.0164 0732 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:49:16.0227 0732 bthserv - ok
23:49:16.0320 0732 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
23:49:16.0351 0732 BTHUSB - ok
23:49:16.0445 0732 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys
23:49:16.0461 0732 btmaux - ok
23:49:16.0570 0732 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\Windows\system32\DRIVERS\btmhsf.sys
23:49:16.0632 0732 btmhsf - ok
23:49:16.0741 0732 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:49:16.0788 0732 cdfs - ok
23:49:16.0897 0732 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:49:16.0944 0732 cdrom - ok
23:49:17.0022 0732 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:49:17.0085 0732 CertPropSvc - ok
23:49:17.0178 0732 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
23:49:17.0209 0732 circlass - ok
23:49:17.0272 0732 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:49:17.0287 0732 CLFS - ok
23:49:17.0350 0732 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:49:17.0365 0732 clr_optimization_v2.0.50727_32 - ok
23:49:17.0459 0732 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:49:17.0459 0732 clr_optimization_v2.0.50727_64 - ok
23:49:17.0599 0732 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:49:17.0631 0732 clr_optimization_v4.0.30319_32 - ok
23:49:17.0709 0732 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:49:17.0724 0732 clr_optimization_v4.0.30319_64 - ok
23:49:17.0833 0732 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
23:49:17.0849 0732 clwvd - ok
23:49:17.0943 0732 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:49:17.0974 0732 CmBatt - ok
23:49:18.0052 0732 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:49:18.0052 0732 cmdide - ok
23:49:18.0145 0732 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:49:18.0208 0732 CNG - ok
23:49:18.0317 0732 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:49:18.0317 0732 Compbatt - ok
23:49:18.0426 0732 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:49:18.0473 0732 CompositeBus - ok
23:49:18.0520 0732 COMSysApp - ok
23:49:18.0567 0732 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:49:18.0567 0732 crcdisk - ok
23:49:18.0676 0732 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:49:18.0738 0732 CryptSvc - ok
23:49:18.0863 0732 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:49:18.0894 0732 cvhsvc - ok
23:49:18.0988 0732 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:49:19.0050 0732 DcomLaunch - ok
23:49:19.0144 0732 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:49:19.0191 0732 defragsvc - ok
23:49:19.0284 0732 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:49:19.0347 0732 DfsC - ok
23:49:19.0440 0732 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:49:19.0503 0732 Dhcp - ok
23:49:19.0596 0732 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:49:19.0643 0732 discache - ok
23:49:19.0752 0732 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:49:19.0752 0732 Disk - ok
23:49:19.0830 0732 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:49:19.0877 0732 Dnscache - ok
23:49:19.0971 0732 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:49:20.0017 0732 dot3svc - ok
23:49:20.0095 0732 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:49:20.0158 0732 DPS - ok
23:49:20.0251 0732 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:49:20.0283 0732 drmkaud - ok
23:49:20.0392 0732 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:49:20.0423 0732 DXGKrnl - ok
23:49:20.0501 0732 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:49:20.0548 0732 EapHost - ok
23:49:20.0688 0732 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:49:20.0797 0732 ebdrv - ok
23:49:20.0860 0732 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:49:20.0922 0732 EFS - ok
23:49:21.0000 0732 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:49:21.0078 0732 ehRecvr - ok
23:49:21.0187 0732 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:49:21.0219 0732 ehSched - ok
23:49:21.0312 0732 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:49:21.0343 0732 elxstor - ok
23:49:21.0406 0732 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:49:21.0437 0732 ErrDev - ok
23:49:21.0531 0732 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:49:21.0593 0732 EventSystem - ok
23:49:21.0718 0732 EvtEng (23e539016fb73c9a095270cdb9451bed) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:49:21.0749 0732 EvtEng - ok
23:49:21.0874 0732 ewusbnet (8adacffad67394c711698ea074ce3bab) C:\Windows\system32\DRIVERS\ewusbnet.sys
23:49:21.0952 0732 ewusbnet - ok
23:49:22.0030 0732 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:49:22.0092 0732 exfat - ok
23:49:22.0170 0732 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:49:22.0233 0732 fastfat - ok
23:49:22.0326 0732 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:49:22.0389 0732 Fax - ok
23:49:22.0482 0732 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:49:22.0529 0732 fdc - ok
23:49:22.0591 0732 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:49:22.0654 0732 fdPHost - ok
23:49:22.0716 0732 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:49:22.0779 0732 FDResPub - ok
23:49:22.0857 0732 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:49:22.0872 0732 FileInfo - ok
23:49:22.0966 0732 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:49:23.0028 0732 Filetrace - ok
23:49:23.0091 0732 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:49:23.0106 0732 flpydisk - ok
23:49:23.0200 0732 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:49:23.0215 0732 FltMgr - ok
23:49:23.0293 0732 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:49:23.0371 0732 FontCache - ok
23:49:23.0449 0732 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:49:23.0449 0732 FontCache3.0.0.0 - ok
23:49:23.0512 0732 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:49:23.0527 0732 FsDepends - ok
23:49:23.0605 0732 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:49:23.0605 0732 Fs_Rec - ok
23:49:23.0730 0732 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:49:23.0746 0732 fvevol - ok
23:49:23.0839 0732 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:49:23.0855 0732 gagp30kx - ok
23:49:23.0917 0732 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:49:23.0980 0732 gpsvc - ok
23:49:24.0105 0732 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:49:24.0105 0732 gupdate - ok
23:49:24.0151 0732 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:49:24.0151 0732 gupdatem - ok
23:49:24.0229 0732 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:49:24.0245 0732 gusvc - ok
23:49:24.0323 0732 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:49:24.0385 0732 hcw85cir - ok
23:49:24.0495 0732 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:49:24.0541 0732 HdAudAddService - ok
23:49:24.0635 0732 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:49:24.0666 0732 HDAudBus - ok
23:49:24.0744 0732 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:49:24.0775 0732 HidBatt - ok
23:49:24.0853 0732 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:49:24.0900 0732 HidBth - ok
23:49:24.0978 0732 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:49:24.0978 0732 HidIr - ok
23:49:25.0041 0732 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:49:25.0103 0732 hidserv - ok
23:49:25.0212 0732 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:49:25.0228 0732 HidUsb - ok
23:49:25.0290 0732 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:49:25.0353 0732 hkmsvc - ok
23:49:25.0431 0732 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:49:25.0493 0732 HomeGroupListener - ok
23:49:25.0555 0732 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:49:25.0587 0732 HomeGroupProvider - ok
23:49:25.0696 0732 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:49:25.0696 0732 HpSAMD - ok
23:49:25.0805 0732 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:49:25.0867 0732 HTTP - ok
23:49:25.0977 0732 hwdatacard (d969d0e26c5b1e813b17066a8318d5d4) C:\Windows\system32\DRIVERS\ewusbmdm.sys
23:49:26.0023 0732 hwdatacard - ok
23:49:26.0086 0732 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:49:26.0101 0732 hwpolicy - ok
23:49:26.0242 0732 hwusbdev (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
23:49:26.0289 0732 hwusbdev - ok
23:49:26.0398 0732 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:49:26.0398 0732 i8042prt - ok
23:49:26.0491 0732 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
23:49:26.0507 0732 iaStor - ok
23:49:26.0601 0732 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:49:26.0601 0732 IAStorDataMgrSvc - ok
23:49:26.0694 0732 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:49:26.0710 0732 iaStorV - ok
23:49:26.0819 0732 iBtFltCoex (50b8ab6013ef9970ac85fdba0f622300) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
23:49:26.0835 0732 iBtFltCoex - ok
23:49:26.0959 0732 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:49:26.0975 0732 idsvc - ok
23:49:27.0256 0732 igfx (370c2a8629b30f910f740387795ddc6f) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:49:27.0599 0732 igfx - ok
23:49:27.0693 0732 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:49:27.0708 0732 iirsp - ok
23:49:27.0786 0732 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:49:27.0849 0732 IKEEXT - ok
23:49:27.0973 0732 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\Windows\system32\drivers\intelaud.sys
23:49:27.0973 0732 intaud_WaveExtensible - ok
23:49:28.0098 0732 IntcAzAudAddService (177b4e48c7a288e70779b42ab81d2d06) C:\Windows\system32\drivers\RTKVHD64.sys
23:49:28.0161 0732 IntcAzAudAddService - ok
23:49:28.0270 0732 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:49:28.0317 0732 IntcDAud - ok
23:49:28.0379 0732 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:49:28.0395 0732 intelide - ok
23:49:28.0473 0732 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:49:28.0504 0732 intelppm - ok
23:49:28.0582 0732 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:49:28.0629 0732 IPBusEnum - ok
23:49:28.0722 0732 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:49:28.0785 0732 IpFilterDriver - ok
23:49:28.0863 0732 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:49:28.0925 0732 iphlpsvc - ok
23:49:28.0987 0732 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:49:29.0019 0732 IPMIDRV - ok
23:49:29.0112 0732 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:49:29.0159 0732 IPNAT - ok
23:49:29.0237 0732 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:49:29.0268 0732 IRENUM - ok
23:49:29.0362 0732 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:49:29.0362 0732 isapnp - ok
23:49:29.0440 0732 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:49:29.0455 0732 iScsiPrt - ok
23:49:29.0565 0732 iwdbus (716f66336f10885d935b08174dc54242) C:\Windows\system32\drivers\iwdbus.sys
23:49:29.0580 0732 iwdbus - ok
23:49:29.0674 0732 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:49:29.0689 0732 kbdclass - ok
23:49:29.0799 0732 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:49:29.0830 0732 kbdhid - ok
23:49:29.0908 0732 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:49:29.0908 0732 KeyIso - ok
23:49:30.0048 0732 KL1 (8d7120743a0973ceab548b475c9d4289) C:\Windows\system32\DRIVERS\kl1.sys
23:49:30.0064 0732 KL1 - ok
23:49:30.0189 0732 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\Windows\system32\DRIVERS\kl2.sys
23:49:30.0189 0732 kl2 - ok
23:49:30.0282 0732 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\Windows\system32\DRIVERS\klif.sys
23:49:30.0298 0732 KLIF - ok
23:49:30.0423 0732 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\Windows\system32\DRIVERS\klim6.sys
23:49:30.0423 0732 KLIM6 - ok
23:49:30.0532 0732 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
23:49:30.0532 0732 klmouflt - ok
23:49:30.0610 0732 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:49:30.0625 0732 KSecDD - ok
23:49:30.0703 0732 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:49:30.0719 0732 KSecPkg - ok
23:49:30.0813 0732 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:49:30.0859 0732 ksthunk - ok
23:49:30.0937 0732 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:49:31.0000 0732 KtmRm - ok
23:49:31.0093 0732 L1C (6dd5383c9413aae3113faf89e345663d) C:\Windows\system32\DRIVERS\L1C62x64.sys
23:49:31.0093 0732 L1C - ok
23:49:31.0187 0732 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:49:31.0249 0732 LanmanServer - ok
23:49:31.0327 0732 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:49:31.0390 0732 LanmanWorkstation - ok
23:49:31.0483 0732 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:49:31.0530 0732 lltdio - ok
23:49:31.0608 0732 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:49:31.0655 0732 lltdsvc - ok
23:49:31.0717 0732 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:49:31.0749 0732 lmhosts - ok
23:49:31.0842 0732 LMS (a63b719f4f8657f3fcd84436d09378c8) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:49:31.0858 0732 LMS - ok
23:49:31.0951 0732 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:49:31.0967 0732 LSI_FC - ok
23:49:32.0076 0732 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:49:32.0076 0732 LSI_SAS - ok
23:49:32.0185 0732 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:49:32.0201 0732 LSI_SAS2 - ok
23:49:32.0295 0732 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:49:32.0310 0732 LSI_SCSI - ok
23:49:32.0404 0732 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:49:32.0466 0732 luafv - ok
23:49:32.0575 0732 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
23:49:32.0575 0732 MBAMProtector - ok
23:49:32.0685 0732 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:49:32.0700 0732 MBAMService - ok
23:49:32.0763 0732 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:49:32.0794 0732 Mcx2Svc - ok
23:49:32.0872 0732 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:49:32.0872 0732 megasas - ok
23:49:32.0950 0732 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:49:32.0965 0732 MegaSR - ok
23:49:33.0043 0732 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
23:49:33.0043 0732 MEIx64 - ok
23:49:33.0121 0732 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:49:33.0184 0732 MMCSS - ok
23:49:33.0293 0732 mod7764 (97b041bb78636edc0a7b0ab68c98eb9b) C:\Windows\system32\DRIVERS\mod77-64.sys
23:49:33.0324 0732 mod7764 - ok
23:49:33.0402 0732 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:49:33.0449 0732 Modem - ok
23:49:33.0543 0732 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:49:33.0574 0732 monitor - ok
23:49:33.0667 0732 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:49:33.0667 0732 mouclass - ok
23:49:33.0777 0732 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
23:49:33.0808 0732 mouhid - ok
23:49:33.0870 0732 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:49:33.0886 0732 mountmgr - ok
23:49:33.0964 0732 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:49:33.0964 0732 mpio - ok
23:49:34.0042 0732 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:49:34.0089 0732 mpsdrv - ok
23:49:34.0167 0732 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:49:34.0229 0732 MpsSvc - ok
23:49:34.0307 0732 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:49:34.0354 0732 MRxDAV - ok
23:49:34.0432 0732 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:49:34.0494 0732 mrxsmb - ok
23:49:34.0588 0732 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:49:34.0588 0732 mrxsmb10 - ok
23:49:34.0666 0732 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:49:34.0713 0732 mrxsmb20 - ok
23:49:34.0791 0732 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:49:34.0791 0732 msahci - ok
23:49:34.0869 0732 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:49:34.0869 0732 msdsm - ok
23:49:34.0915 0732 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:49:34.0962 0732 MSDTC - ok
23:49:35.0040 0732 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:49:35.0087 0732 Msfs - ok
23:49:35.0165 0732 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:49:35.0212 0732 mshidkmdf - ok
23:49:35.0290 0732 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:49:35.0290 0732 msisadrv - ok
23:49:35.0383 0732 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:49:35.0446 0732 MSiSCSI - ok
23:49:35.0493 0732 msiserver - ok
23:49:35.0571 0732 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:49:35.0617 0732 MSKSSRV - ok
23:49:35.0695 0732 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:49:35.0758 0732 MSPCLOCK - ok
23:49:35.0836 0732 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:49:35.0883 0732 MSPQM - ok
23:49:35.0961 0732 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:49:35.0976 0732 MsRPC - ok
23:49:36.0054 0732 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:49:36.0054 0732 mssmbios - ok
23:49:36.0148 0732 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:49:36.0195 0732 MSTEE - ok
23:49:36.0273 0732 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:49:36.0304 0732 MTConfig - ok
23:49:36.0366 0732 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:49:36.0382 0732 Mup - ok
23:49:36.0475 0732 MyWiFiDHCPDNS (1571e40ee767b28df9a94b68d69c9605) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
23:49:36.0491 0732 MyWiFiDHCPDNS - ok
23:49:36.0569 0732 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:49:36.0631 0732 napagent - ok
23:49:36.0725 0732 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:49:36.0756 0732 NativeWifiP - ok
23:49:36.0865 0732 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:49:36.0897 0732 NDIS - ok
23:49:36.0975 0732 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:49:37.0037 0732 NdisCap - ok
23:49:37.0131 0732 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:49:37.0162 0732 NdisTapi - ok
23:49:37.0271 0732 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:49:37.0318 0732 Ndisuio - ok
23:49:37.0396 0732 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:49:37.0443 0732 NdisWan - ok
23:49:37.0536 0732 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:49:37.0583 0732 NDProxy - ok
23:49:37.0661 0732 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:49:37.0723 0732 NetBIOS - ok
23:49:37.0801 0732 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:49:37.0848 0732 NetBT - ok
23:49:37.0926 0732 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:49:37.0942 0732 Netlogon - ok
23:49:38.0020 0732 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:49:38.0067 0732 Netman - ok
23:49:38.0145 0732 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:49:38.0207 0732 netprofm - ok
23:49:38.0316 0732 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:49:38.0332 0732 NetTcpPortSharing - ok
23:49:38.0550 0732 NETwNs64 (2b26c8a6b4fb519e1849101a10e6c68d) C:\Windows\system32\DRIVERS\NETwNs64.sys
23:49:38.0800 0732 NETwNs64 - ok
23:49:38.0909 0732 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:49:38.0909 0732 nfrd960 - ok
23:49:39.0018 0732 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:49:39.0065 0732 NlaSvc - ok
23:49:39.0127 0732 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:49:39.0159 0732 Npfs - ok
23:49:39.0221 0732 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:49:39.0252 0732 nsi - ok
23:49:39.0315 0732 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:49:39.0361 0732 nsiproxy - ok
23:49:39.0471 0732 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:49:39.0502 0732 Ntfs - ok
23:49:39.0564 0732 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:49:39.0611 0732 Null - ok
23:49:39.0689 0732 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\drivers\nusb3hub.sys
23:49:39.0736 0732 nusb3hub - ok
23:49:39.0861 0732 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\drivers\nusb3xhc.sys
23:49:39.0907 0732 nusb3xhc - ok
23:49:40.0017 0732 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:49:40.0017 0732 nvraid - ok
23:49:40.0110 0732 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:49:40.0110 0732 nvstor - ok
23:49:40.0204 0732 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:49:40.0219 0732 nv_agp - ok
23:49:40.0282 0732 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:49:40.0313 0732 ohci1394 - ok
23:49:40.0391 0732 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:49:40.0407 0732 ose - ok
23:49:40.0594 0732 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:49:40.0750 0732 osppsvc - ok
23:49:40.0828 0732 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:49:40.0906 0732 p2pimsvc - ok
23:49:40.0968 0732 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:49:40.0999 0732 p2psvc - ok
23:49:41.0077 0732 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:49:41.0093 0732 Parport - ok
23:49:41.0155 0732 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:49:41.0171 0732 partmgr - ok
23:49:41.0233 0732 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:49:41.0265 0732 PcaSvc - ok
23:49:41.0343 0732 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:49:41.0343 0732 pci - ok
23:49:41.0421 0732 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:49:41.0421 0732 pciide - ok
23:49:41.0499 0732 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:49:41.0514 0732 pcmcia - ok
23:49:41.0577 0732 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:49:41.0577 0732 pcw - ok
23:49:41.0655 0732 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:49:41.0717 0732 PEAUTH - ok
23:49:41.0795 0732 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:49:41.0826 0732 PerfHost - ok
23:49:41.0920 0732 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:49:41.0998 0732 pla - ok
23:49:42.0076 0732 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:49:42.0138 0732 PlugPlay - ok
23:49:42.0201 0732 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:49:42.0216 0732 PNRPAutoReg - ok
23:49:42.0294 0732 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:49:42.0294 0732 PNRPsvc - ok
23:49:42.0357 0732 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:49:42.0403 0732 PolicyAgent - ok
23:49:42.0466 0732 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:49:42.0513 0732 Power - ok
23:49:42.0591 0732 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:49:42.0637 0732 PptpMiniport - ok
23:49:42.0731 0732 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:49:42.0747 0732 Processor - ok
23:49:42.0825 0732 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:49:42.0871 0732 ProfSvc - ok
23:49:42.0949 0732 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:49:42.0949 0732 ProtectedStorage - ok
23:49:43.0059 0732 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:49:43.0105 0732 Psched - ok
23:49:43.0168 0732 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
23:49:43.0183 0732 PSI_SVC_2 - ok
23:49:43.0308 0732 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:49:43.0339 0732 ql2300 - ok
23:49:43.0433 0732 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:49:43.0449 0732 ql40xx - ok
23:49:43.0511 0732 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:49:43.0527 0732 QWAVE - ok
23:49:43.0589 0732 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:49:43.0620 0732 QWAVEdrv - ok
23:49:43.0698 0732 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:49:43.0761 0732 RasAcd - ok
23:49:43.0839 0732 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:49:43.0901 0732 RasAgileVpn - ok
23:49:43.0979 0732 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:49:44.0026 0732 RasAuto - ok
23:49:44.0119 0732 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:49:44.0166 0732 Rasl2tp - ok
23:49:44.0244 0732 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:49:44.0307 0732 RasMan - ok
23:49:44.0385 0732 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:49:44.0431 0732 RasPppoe - ok
23:49:44.0509 0732 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:49:44.0572 0732 RasSstp - ok
23:49:44.0650 0732 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:49:44.0712 0732 rdbss - ok
23:49:44.0806 0732 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:49:44.0821 0732 rdpbus - ok
23:49:44.0899 0732 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:49:44.0946 0732 RDPCDD - ok
23:49:45.0040 0732 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:49:45.0087 0732 RDPENCDD - ok
23:49:45.0149 0732 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:49:45.0180 0732 RDPREFMP - ok
23:49:45.0274 0732 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:49:45.0336 0732 RDPWD - ok
23:49:45.0414 0732 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:49:45.0430 0732 rdyboost - ok
23:49:45.0508 0732 RegSrvc (156757a092b9350f475d24353239e78e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:49:45.0523 0732 RegSrvc - ok
23:49:45.0586 0732 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:49:45.0633 0732 RemoteAccess - ok
23:49:45.0742 0732 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:49:45.0804 0732 RemoteRegistry - ok
23:49:45.0898 0732 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:49:45.0929 0732 RFCOMM - ok
23:49:46.0069 0732 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:49:46.0085 0732 RichVideo - ok
23:49:46.0194 0732 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:49:46.0241 0732 RpcEptMapper - ok
23:49:46.0303 0732 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:49:46.0350 0732 RpcLocator - ok
23:49:46.0381 0732 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:49:46.0413 0732 RpcSs - ok
23:49:46.0522 0732 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:49:46.0569 0732 rspndr - ok
23:49:46.0678 0732 RSUSBVSTOR (ce0a1d8a59410e698140821e4e69da0d) C:\Windows\System32\Drivers\RtsUVStor.sys
23:49:46.0693 0732 RSUSBVSTOR - ok
23:49:46.0756 0732 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:49:46.0771 0732 SamSs - ok
23:49:46.0849 0732 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:49:46.0865 0732 sbp2port - ok
23:49:46.0927 0732 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:49:46.0974 0732 SCardSvr - ok
23:49:47.0052 0732 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:49:47.0099 0732 scfilter - ok
23:49:47.0177 0732 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:49:47.0255 0732 Schedule - ok
23:49:47.0317 0732 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:49:47.0349 0732 SCPolicySvc - ok
23:49:47.0427 0732 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:49:47.0489 0732 SDRSVC - ok
23:49:47.0583 0732 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:49:47.0629 0732 secdrv - ok
23:49:47.0707 0732 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:49:47.0754 0732 seclogon - ok
23:49:47.0848 0732 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:49:47.0895 0732 SENS - ok
23:49:47.0973 0732 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:49:48.0035 0732 SensrSvc - ok
23:49:48.0129 0732 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:49:48.0160 0732 Serenum - ok
23:49:48.0238 0732 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:49:48.0269 0732 Serial - ok
23:49:48.0347 0732 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:49:48.0378 0732 sermouse - ok
23:49:48.0472 0732 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:49:48.0534 0732 SessionEnv - ok
23:49:48.0628 0732 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:49:48.0659 0732 sffdisk - ok
23:49:48.0737 0732 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:49:48.0768 0732 sffp_mmc - ok
23:49:48.0846 0732 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:49:48.0893 0732 sffp_sd - ok
23:49:48.0971 0732 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:49:49.0002 0732 sfloppy - ok
23:49:49.0096 0732 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
23:49:49.0127 0732 Sftfs - ok
23:49:49.0221 0732 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:49:49.0236 0732 sftlist - ok
23:49:49.0345 0732 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:49:49.0361 0732 Sftplay - ok
23:49:49.0455 0732 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:49:49.0470 0732 Sftredir - ok
23:49:49.0564 0732 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
23:49:49.0579 0732 Sftvol - ok
23:49:49.0673 0732 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:49:49.0673 0732 sftvsa - ok
23:49:49.0751 0732 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:49:49.0798 0732 SharedAccess - ok
23:49:49.0891 0732 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:49:49.0938 0732 ShellHWDetection - ok
23:49:50.0032 0732 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:49:50.0032 0732 SiSRaid2 - ok
23:49:50.0110 0732 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:49:50.0125 0732 SiSRaid4 - ok
23:49:50.0219 0732 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:49:50.0250 0732 Smb - ok
23:49:50.0344 0732 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:49:50.0375 0732 SNMPTRAP - ok
23:49:50.0453 0732 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:49:50.0469 0732 spldr - ok
23:49:50.0531 0732 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:49:50.0593 0732 Spooler - ok
23:49:50.0781 0732 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:49:50.0937 0732 sppsvc - ok
23:49:51.0093 0732 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:49:51.0139 0732 sppuinotify - ok
23:49:51.0217 0732 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:49:51.0327 0732 srv - ok
23:49:51.0483 0732 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:49:51.0514 0732 srv2 - ok
23:49:51.0654 0732 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:49:51.0701 0732 srvnet - ok
23:49:51.0857 0732 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:49:51.0919 0732 SSDPSRV - ok
23:49:52.0060 0732 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:49:52.0107 0732 SstpSvc - ok
23:49:52.0216 0732 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:49:52.0216 0732 stexstor - ok
23:49:52.0341 0732 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:49:52.0403 0732 stisvc - ok
23:49:52.0497 0732 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:49:52.0497 0732 swenum - ok
23:49:52.0590 0732 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:49:52.0653 0732 swprv - ok
23:49:52.0762 0732 SynTP (b3ad15fa10ebeafc1275f34050e4e230) C:\Windows\system32\drivers\SynTP.sys
23:49:52.0793 0732 SynTP - ok
23:49:52.0902 0732 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:49:52.0949 0732 SysMain - ok
23:49:53.0027 0732 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:49:53.0043 0732 TabletInputService - ok
23:49:53.0105 0732 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:49:53.0152 0732 TapiSrv - ok
23:49:53.0214 0732 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:49:53.0245 0732 TBS - ok
23:49:53.0355 0732 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:49:53.0401 0732 Tcpip - ok
23:49:53.0526 0732 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:49:53.0557 0732 TCPIP6 - ok
23:49:53.0651 0732 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:49:53.0713 0732 tcpipreg - ok
23:49:53.0776 0732 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:49:53.0807 0732 TDPIPE - ok
23:49:53.0885 0732 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:49:53.0916 0732 TDTCP - ok
23:49:53.0994 0732 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:49:54.0041 0732 tdx - ok
23:49:54.0119 0732 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:49:54.0135 0732 TermDD - ok
23:49:54.0197 0732 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:49:54.0259 0732 TermService - ok
23:49:54.0337 0732 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:49:54.0369 0732 Themes - ok
23:49:54.0431 0732 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:49:54.0462 0732 THREADORDER - ok
23:49:54.0540 0732 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:49:54.0603 0732 TrkWks - ok
23:49:54.0665 0732 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:49:54.0712 0732 TrustedInstaller - ok
23:49:54.0790 0732 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:49:54.0837 0732 tssecsrv - ok
23:49:54.0946 0732 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:49:55.0008 0732 TsUsbFlt - ok
23:49:55.0086 0732 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:49:55.0102 0732 TsUsbGD - ok
23:49:55.0195 0732 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:49:55.0242 0732 tunnel - ok
23:49:55.0336 0732 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:49:55.0336 0732 uagp35 - ok
23:49:55.0414 0732 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:49:55.0476 0732 udfs - ok
23:49:55.0539 0732 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:49:55.0539 0732 UI0Detect - ok
23:49:55.0648 0732 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:49:55.0648 0732 uliagpkx - ok
23:49:55.0757 0732 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:49:55.0757 0732 umbus - ok
23:49:55.0835 0732 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:49:55.0866 0732 UmPass - ok
23:49:55.0975 0732 UNS (e419566c7918a4c8e9497afbd502fb2a) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:49:56.0069 0732 UNS - ok
23:49:56.0131 0732 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:49:56.0194 0732 upnphost - ok
23:49:56.0272 0732 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:49:56.0334 0732 usbccgp - ok
23:49:56.0443 0732 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:49:56.0475 0732 usbcir - ok
23:49:56.0553 0732 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:49:56.0584 0732 usbehci - ok
23:49:56.0662 0732 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:49:56.0693 0732 usbhub - ok
23:49:56.0771 0732 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:49:56.0802 0732 usbohci - ok
23:49:56.0880 0732 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
23:49:56.0896 0732 usbprint - ok
23:49:56.0974 0732 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:49:57.0021 0732 USBSTOR - ok
23:49:57.0083 0732 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:49:57.0114 0732 usbuhci - ok
23:49:57.0208 0732 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:49:57.0255 0732 usbvideo - ok
23:49:57.0317 0732 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:49:57.0364 0732 UxSms - ok
23:49:57.0442 0732 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:49:57.0442 0732 VaultSvc - ok
23:49:57.0535 0732 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:49:57.0551 0732 vdrvroot - ok
23:49:57.0645 0732 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:49:57.0691 0732 vds - ok
23:49:57.0785 0732 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:49:57.0801 0732 vga - ok
23:49:57.0863 0732 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:49:57.0910 0732 VgaSave - ok
23:49:57.0988 0732 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:49:57.0988 0732 vhdmp - ok
23:49:58.0066 0732 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:49:58.0066 0732 viaide - ok
23:49:58.0144 0732 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:49:58.0159 0732 volmgr - ok
23:49:58.0237 0732 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:49:58.0253 0732 volmgrx - ok
23:49:58.0331 0732 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:49:58.0347 0732 volsnap - ok
23:49:58.0440 0732 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:49:58.0456 0732 vsmraid - ok
23:49:58.0534 0732 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:49:58.0612 0732 VSS - ok
23:49:58.0674 0732 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:49:58.0721 0732 vwifibus - ok
23:49:58.0846 0732 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:49:58.0861 0732 vwififlt - ok
23:49:58.0955 0732 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:49:58.0986 0732 vwifimp - ok
23:49:59.0064 0732 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:49:59.0095 0732 W32Time - ok
23:49:59.0173 0732 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:49:59.0205 0732 WacomPen - ok
23:49:59.0298 0732 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:49:59.0345 0732 WANARP - ok
23:49:59.0392 0732 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:49:59.0423 0732 Wanarpv6 - ok
23:49:59.0501 0732 watchmi (878c947c69ee89e4dbff9dbd6155c15d) C:\Program Files (x86)\watchmi\TvdService.exe
23:49:59.0517 0732 watchmi ( UnsignedFile.Multi.Generic ) - warning
23:49:59.0517 0732 watchmi - detected UnsignedFile.Multi.Generic (1)
23:49:59.0610 0732 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:49:59.0688 0732 wbengine - ok
23:49:59.0751 0732 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:49:59.0766 0732 WbioSrvc - ok
23:49:59.0829 0732 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:49:59.0860 0732 wcncsvc - ok
23:49:59.0922 0732 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:49:59.0969 0732 WcsPlugInService - ok
23:50:00.0031 0732 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:50:00.0047 0732 Wd - ok
23:50:00.0125 0732 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:50:00.0141 0732 Wdf01000 - ok
23:50:00.0203 0732 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:50:00.0265 0732 WdiServiceHost - ok
23:50:00.0265 0732 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:50:00.0281 0732 WdiSystemHost - ok
23:50:00.0390 0732 wdkmd (63ce387483e74a0bd79ee4e5eba1fd2e) C:\Windows\system32\DRIVERS\WDKMD.sys
23:50:00.0390 0732 wdkmd - ok
23:50:00.0453 0732 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:50:00.0499 0732 WebClient - ok
23:50:00.0562 0732 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:50:00.0593 0732 Wecsvc - ok
23:50:00.0655 0732 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:50:00.0687 0732 wercplsupport - ok
23:50:00.0765 0732 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:50:00.0811 0732 WerSvc - ok
23:50:00.0905 0732 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:50:00.0936 0732 WfpLwf - ok
23:50:01.0045 0732 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:50:01.0061 0732 WIMMount - ok
23:50:01.0077 0732 WinDefend - ok
23:50:01.0077 0732 WinHttpAutoProxySvc - ok
23:50:01.0201 0732 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:50:01.0295 0732 Winmgmt - ok
23:50:01.0467 0732 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:50:01.0545 0732 WinRM - ok
23:50:01.0669 0732 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:50:01.0701 0732 WinUsb - ok
23:50:01.0763 0732 WisLMSvc (4c69a8e2e159c1c59bc4b688e9dd7f8c) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe
23:50:01.0779 0732 WisLMSvc - ok
23:50:01.0841 0732 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:50:01.0888 0732 Wlansvc - ok
23:50:01.0966 0732 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:50:01.0966 0732 wlcrasvc - ok
23:50:02.0075 0732 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:50:02.0122 0732 wlidsvc - ok
23:50:02.0371 0732 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:50:02.0371 0732 WmiAcpi - ok
23:50:02.0434 0732 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:50:02.0481 0732 wmiApSrv - ok
23:50:02.0496 0732 WMPNetworkSvc - ok
23:50:02.0559 0732 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:50:02.0590 0732 WPCSvc - ok
23:50:02.0652 0732 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:50:02.0668 0732 WPDBusEnum - ok
23:50:02.0746 0732 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:50:02.0777 0732 ws2ifsl - ok
23:50:02.0824 0732 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
23:50:02.0871 0732 wscsvc - ok
23:50:02.0917 0732 WSearch - ok
23:50:02.0980 0732 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:50:03.0105 0732 wuauserv - ok
23:50:03.0167 0732 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:50:03.0229 0732 WudfPf - ok
23:50:03.0323 0732 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:50:03.0370 0732 WUDFRd - ok
23:50:03.0448 0732 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:50:03.0495 0732 wudfsvc - ok
23:50:03.0573 0732 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:50:03.0619 0732 WwanSvc - ok
23:50:03.0713 0732 X10Hid (baa813a76f5db6cc3c2ceab7d82b6972) C:\Windows\System32\Drivers\x10hid.sys
23:50:03.0713 0732 X10Hid - ok
23:50:03.0791 0732 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
23:50:03.0807 0732 x10nets ( UnsignedFile.Multi.Generic ) - warning
23:50:03.0807 0732 x10nets - detected UnsignedFile.Multi.Generic (1)
23:50:03.0947 0732 XUIF (a4b2a8751a8f96134be6063b8a759116) C:\Windows\system32\Drivers\x10ufx2.sys
23:50:03.0947 0732 XUIF - ok
23:50:04.0009 0732 MBR (0x1B8) (4624822e540ec83cd0819525c65846ba) \Device\Harddisk0\DR0
23:50:06.0521 0732 \Device\Harddisk0\DR0 - ok
23:50:06.0552 0732 Boot (0x1200) (7b38188a02d875d135076ba59c9e28a1) \Device\Harddisk0\DR0\Partition0
23:50:06.0568 0732 \Device\Harddisk0\DR0\Partition0 - ok
23:50:06.0568 0732 Boot (0x1200) (8355ccfc0fce348db47f1631e1ed6edb) \Device\Harddisk0\DR0\Partition1
23:50:06.0568 0732 \Device\Harddisk0\DR0\Partition1 - ok
23:50:06.0599 0732 Boot (0x1200) (f84ed768f667f4132ca772cce9733d13) \Device\Harddisk0\DR0\Partition2
23:50:06.0599 0732 \Device\Harddisk0\DR0\Partition2 - ok
23:50:06.0599 0732 ============================================================
23:50:06.0599 0732 Scan finished
23:50:06.0599 0732 ============================================================
23:50:06.0615 0968 Detected object count: 2
23:50:06.0615 0968 Actual detected object count: 2
23:50:54.0585 0968 watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
23:50:54.0585 0968 watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:50:54.0600 0968 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
23:50:54.0600 0968 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

Danke für die so präzise Hilfestellung bzw Vorgehensbeschreibungen!


Alt 07.04.2012, 12:49   #6
Chris4You
 
100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop - Standard

100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop



Hi,

sieht soweit gut aus, wie verhält sich der Rechner? Sind Umleitung bei Suchergebnissen von Goggle vorhanden?

Dazu "normal" in das verseuchte Konto booten...

chris
__________________
--> 100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop

Alt 07.04.2012, 19:08   #7
oOROo
 
100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop - Standard

100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop



HI,

also ich weiß jetzt nicht 100% was du mit Umleitungen bei Google meinst. Ich bekomme unter dem "verseuchten" und normalbeootet Konto jedenfalls keinerlei Fehlermeldungen und kann bei Google ganz normal suchen und dann die Ergebnisse anklicken.

Super, dass so schnell wieder alles läuft.
Vielen Dank für die Hilfe!!!

Antwort

Themen zu 100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop
ahnung, befallen, benutzerkonto, festplatte, hoffe, laptop, laufe, laufen, mehrfach, nichts, platte, probleme, tan, tante, windows, windows 7, zugang




Ähnliche Themen: 100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop


  1. Windows XP mit Adware befallen, eventuell auch mit Virus
    Plagegeister aller Art und deren Bekämpfung - 25.05.2015 (15)
  2. Fremdes benutzerkonto auf Win8 Laptop
    Plagegeister aller Art und deren Bekämpfung - 07.01.2015 (6)
  3. Tastatur spinnt - Hilfe - Laptop und Desktop befallen - Virus?
    Plagegeister aller Art und deren Bekämpfung - 24.11.2014 (5)
  4. Laptop von tlb-Search befallen
    Log-Analyse und Auswertung - 03.11.2014 (9)
  5. Tubesaver - Windows 7 vom gefährlichen Virus befallen
    Plagegeister aller Art und deren Bekämpfung - 04.11.2013 (4)
  6. Laptop und externe Festplatte befallen
    Plagegeister aller Art und deren Bekämpfung - 11.09.2013 (13)
  7. Windows XP Pc mit AVASoft Virus befallen
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (7)
  8. Laptop wurde vom GVU Virus/Trojaner befallen
    Plagegeister aller Art und deren Bekämpfung - 19.02.2013 (73)
  9. Laptop mit GVU/BSI-Virus befallen
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (22)
  10. GVU-Trojaner mit Kamera - Laptop befallen
    Log-Analyse und Auswertung - 03.01.2013 (14)
  11. Laptop von Trojaner Virus atraps.gen 2 / TR/Small.FI befallen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (18)
  12. Laptop von Anti Maleware Doctor/Windows security alert befallen
    Plagegeister aller Art und deren Bekämpfung - 30.01.2011 (1)
  13. Laptop mit Viren befalLen. was tun?
    Plagegeister aller Art und deren Bekämpfung - 14.12.2010 (4)
  14. Laptop ist von Viren und Trojanern Befallen was nun ?
    Plagegeister aller Art und deren Bekämpfung - 27.02.2010 (6)
  15. Bootsektor Virus hat meinen Laptop befallen
    Plagegeister aller Art und deren Bekämpfung - 09.10.2009 (23)

Zum Thema 100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop - Hallo liebes Team, ich habe den Laptop von meiner Tante der befallen ist. (Sie hat mich gebeten darum zu kümmern, da sie selber leider kaum Zeit und Ahnung hat) Bzw - 100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop...
Archiv
Du betrachtest: 100-Virus, Windows 7,nur ein Benutzerkonto befallen, Laptop auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.