|
Plagegeister aller Art und deren Bekämpfung: Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten reinWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.05.2012, 11:35 | #1 |
| Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Hallo zusammen, habe nun Google mehrfach herangezogen und auch bei euch gesucht, allerdings noch mit keinem Mittel ans Ziel gekommen. Vielleicht erst einmal zu meinem Problem: Seit ein paar Tagen habe ich im Firefox wie auch IE Werbung die sich unten rechts öffnet. Diese schiebt sich von unten in den Browser. Ich kann auf das x klicken dann verschwindet sie, kommt aber bei jedem neuen Tab oder Fenster wieder. Manchmal ist es auch eine Flashanimation (zum besseren Verstänbdnis habe ich mal 2 Screenshots beigefügt). Das komische ist, auf vielen Seiten kommt diese Werbung, aber auf einigen eben nicht (in 70% der Fälle ist sie aber da). Abunzu gibt es auch eine falshe Link weiterleitung auf Werbepages wie z.B. Dailydeal. Ich habe schon einiges versucht. Virenscanner (hat auch mal was gefunden und angeblich behoben), aber immer noch das Problem da. 1. Microsoft Security Essentials - vollständiger Scan - Viern Fund auch mal als Sceenshot beigefügt 2. Antivir - vollständiger Scan 3. Spybot Serach and Detroy - vollständiger Scan 4. Malwarebytes - vollständiger Scan (gerade erst durchgelaufen). 5. OTL Logs sahen wie folgt aus: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.29.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 rlucas :: BLN-WNB-02 [Administrator] Schutz: Aktiviert 29.05.2012 09:42:56 mbam-log-2012-05-29 (11-29-56).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 452049 Laufzeit: 58 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Windows\System32\regedit.exe (Trojan.Agent) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 29.05.2012 12:25:48 - Run 1 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\rlucas\Downloads 64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 5,78 Gb Available Physical Memory | 73,37% Memory free 15,77 Gb Paging File | 13,57 Gb Available in Paging File | 86,05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 13,36 Gb Free Space | 13,70% Space Free | Partition Type: NTFS Drive D: | 200,43 Gb Total Space | 22,99 Gb Free Space | 11,47% Space Free | Partition Type: NTFS Computer Name: BLN-WNB-02 | User Name: rlucas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.05.29 12:23:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\rlucas\Downloads\OTL.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.04.18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.02.20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2011.12.28 13:40:48 | 006,148,096 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.12.02 12:53:24 | 000,353,744 | ---- | M] (Plantronics, Inc.) -- C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe PRC - [2011.12.02 12:45:18 | 000,622,544 | ---- | M] (Plantronics, Inc.) -- C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe PRC - [2011.08.22 08:36:20 | 000,640,512 | ---- | M] (Socialbit UG) -- C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.04.19 14:50:38 | 001,710,664 | ---- | M] (Elgato Systems) -- C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe PRC - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe PRC - [2011.01.06 12:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe PRC - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2010.11.11 13:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe PRC - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010.05.21 14:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.03.29 16:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe ========== Modules (No Company Name) ========== MOD - [2012.05.16 09:31:54 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll MOD - [2012.05.16 09:31:11 | 000,342,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsURE\312e23deb529c2b6fb41935b2afba9b0\PlantronicsURE.ni.exe MOD - [2012.05.16 09:31:10 | 000,128,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsBatteryS#\63fd0f5cc88e2f5aebbe35b5ee43f23f\PlantronicsBatteryStatus.ni.exe MOD - [2012.05.16 09:31:09 | 000,041,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Webe#\bc979207d3b5b1ea0511636718a90ce7\Plantronics.UC.WebexConnect.ni.dll MOD - [2012.05.16 09:31:09 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Wind#\ecfa8b400750f83443c404e205299a94\Plantronics.UC.WindowsMediaPlayer.ni.dll MOD - [2012.05.16 09:31:08 | 000,127,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Skype\2b98bb96300e389e9eaeee35239594a1\Plantronics.UC.Skype.ni.dll MOD - [2012.05.16 09:31:08 | 000,111,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Sess#\325141408c6dd33c6ffbd7320c7ffce2\Plantronics.UC.SessionService.ni.dll MOD - [2012.05.16 09:31:08 | 000,018,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Shor#\d1e500c50a270df57c69d96400bc9725\Plantronics.UC.ShoreTel.ni.dll MOD - [2012.05.16 09:31:07 | 000,154,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Offi#\78f719167e34cf34abb56362df448095\Plantronics.UC.OfficeCommunicator.ni.dll MOD - [2012.05.16 09:31:07 | 000,037,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.iTun#\de988d029762f7a176f1eea0f81f40ac\Plantronics.UC.iTunes.ni.dll MOD - [2012.05.16 09:30:51 | 000,731,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSFC#\cf287130b24c4b3346652766b6c87ac4\Plantronics.UC.CSFClient.ni.dll MOD - [2012.05.16 09:30:51 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSF\2c8dd947326f5d780af15c6c9b2ffa4f\Plantronics.UC.CSF.ni.dll MOD - [2012.05.16 09:30:50 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.TAPI\172886c0fc7603d8421d1fd5a8f2650d\Plantronics.UC.TAPI.ni.dll MOD - [2012.05.16 09:30:50 | 000,056,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Cisco\7ce0d8046fad3303e7d7f1f8ac267187\Plantronics.UC.Cisco.ni.dll MOD - [2012.05.16 09:30:50 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\1a7494fabd697a457622bd3ec27c9c98\Plantronics.UC.AvayaSoftphone.ni.dll MOD - [2012.05.16 09:30:50 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\f35491b4b89ca404b55906e2b0f82558\Plantronics.UC.AvayaIPAgent.ni.dll MOD - [2012.05.16 09:30:48 | 000,329,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Comm#\b4d0616056ac4d2663ea5bb2329197f6\Plantronics.UC.Common.ni.dll MOD - [2012.05.16 09:30:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avaya\357fa9a8ed8ac719cea68bee9b586520\Plantronics.UC.Avaya.ni.dll MOD - [2012.05.16 09:30:47 | 000,111,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\3ef4ac9a717349ebb567d59be738ed2c\Plantronics.License.Manager.ni.dll MOD - [2012.05.16 09:30:47 | 000,076,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.FlexNet#\e0d3659b05e463b586806734da3ccd7a\Plantronics.FlexNet.Adapter.ni.dll MOD - [2012.05.16 09:30:47 | 000,056,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\fb8be9a10ba1c8b60e12c81b5dd6d191\Plantronics.License.Common.ni.dll MOD - [2012.05.16 09:30:46 | 000,488,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\ce19c3c9209479f0d31e9d4559cc1205\Plantronics.Globalization.ni.dll MOD - [2012.05.16 09:30:46 | 000,111,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\5817b51860e6daf4e86732185bddba71\Plantronics.Device.Hid.ni.dll MOD - [2012.05.16 09:30:45 | 000,558,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\d7d385336e1f5c09d0a0936a0a1ee9e7\Plantronics.Device.Common.ni.dll MOD - [2012.05.16 09:30:44 | 000,521,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Utility\a73af6f1ec8830aa380fd925e31644c9\Plantronics.Utility.ni.dll MOD - [2012.05.16 09:30:43 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012.05.16 09:30:42 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\0a775a09b5828533e63fd9b7d94167d9\log4net.ni.dll MOD - [2012.05.16 09:30:42 | 000,035,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Config\cc196aeb7ade0d9d980a93c6221222b1\Plantronics.Config.ni.dll MOD - [2012.05.16 09:30:40 | 000,414,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.SKYPE4COMLib\b0ce5b6a51de584cb69af311a50ad654\Interop.SKYPE4COMLib.ni.dll MOD - [2012.05.16 09:30:40 | 000,214,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\10af7f1bdd86222ae7779bf1092a6cda\Interop.FNCClient11Lib.ni.dll MOD - [2012.05.16 09:30:40 | 000,144,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Communicato#\a4ed99a072e3e58346df9dcff7e672be\Interop.CommunicatorAPI.ni.dll MOD - [2012.05.16 09:30:39 | 000,056,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CiscoInterf#\8513c39ee5a5642bde30a92e5e2d5e1a\Interop.CiscoInterface.ni.dll MOD - [2012.05.16 09:30:38 | 000,050,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\04893a3420e3d650aa361592f1aac3a2\Plantronics.Globalization.resources.ni.dll MOD - [2012.05.16 09:30:37 | 000,440,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Atapi\60187c40d85d22ea02ca02d666d3283e\Atapi.ni.dll MOD - [2012.05.16 09:28:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012.05.16 09:28:30 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012.05.16 09:28:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.16 09:28:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.16 09:28:15 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.16 09:28:12 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.12.28 14:13:24 | 003,522,048 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll MOD - [2011.12.28 12:48:54 | 000,230,400 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.11 13:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll MOD - [2010.11.11 13:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.02.21 20:14:02 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.03.09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC) SRV - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2011.03.09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2011.02.21 20:14:00 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.02.21 20:13:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2011.01.06 12:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe -- (EMP_UDSA) SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010.10.26 23:24:36 | 000,403,536 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Programme\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar) SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.11.07 14:23:13 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.04.30 13:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.04.30 13:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2011.04.30 13:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.04.13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2011.03.26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.21 20:14:24 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2011.02.21 20:14:12 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2011.02.21 20:14:10 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R) DRV:64bit: - [2011.02.21 20:14:08 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.02.21 20:14:08 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv) DRV:64bit: - [2011.02.21 20:14:06 | 000,276,008 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ) DRV:64bit: - [2011.02.21 20:14:06 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr) DRV:64bit: - [2011.02.21 20:14:06 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis) DRV:64bit: - [2011.02.21 20:14:04 | 000,472,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV:64bit: - [2011.02.21 20:14:04 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Dell Wireless HSPA Mini-Card Device Management Driver (WDM) DRV:64bit: - [2011.02.21 20:14:04 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) Dell Wireless 5550 HSPA+ Mini-Card Device (WDM) DRV:64bit: - [2011.02.21 20:14:04 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps) DRV:64bit: - [2011.02.21 20:14:04 | 000,061,992 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard) DRV:64bit: - [2011.02.21 20:14:04 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV:64bit: - [2011.02.21 20:14:02 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.02.21 20:14:02 | 000,075,240 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR) DRV:64bit: - [2011.02.21 20:14:02 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR) DRV:64bit: - [2011.02.21 20:14:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2011.02.21 20:13:58 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2011.02.16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2011.01.06 12:37:26 | 000,023,040 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EMP_UDAU.sys -- (eppvad_simple) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.11.11 13:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2010.11.11 13:32:32 | 000,030,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport) DRV:64bit: - [2010.11.11 13:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2010.11.11 13:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2010.11.11 13:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2010.08.20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007.07.12 21:38:10 | 000,042,016 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TTCinergyT2BDA.sys -- (TTCinergyT2) TerraTec Cinergy T² (BDA) DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/417 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 C1 47 E6 A4 35 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=fcbe7d08-3269-4963-be8a-04ac57386f01&apn_sauid=030B9408-5E39-4D79-862B-998365B74C7A IE - HKCU\..\SearchScopes\{3E636E19-1CCB-4E5C-A688-310FF3574B77}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=fcbe7d08-3269-4963-be8a-04ac57386f01&apn_ptnrs=%5EABT&apn_sauid=030B9408-5E39-4D79-862B-998365B74C7A&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.23 18:28:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Users\rlucas\AppData\Local\Mozilla Firefox\components [2012.04.26 20:50:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Users\rlucas\AppData\Local\Mozilla Firefox\plugins [2012.05.24 11:31:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\rlucas\AppData\Local\Mozilla Firefox\components [2012.04.26 20:50:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\rlucas\AppData\Local\Mozilla Firefox\plugins [2012.05.24 11:31:16 | 000,000,000 | ---D | M] [2012.03.28 10:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rlucas\AppData\Roaming\mozilla\Extensions [2012.05.25 15:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rlucas\AppData\Roaming\mozilla\Firefox\Profiles\i9vsafrd.default\extensions [2012.05.25 09:58:45 | 000,002,344 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\askcom.xml [2012.05.22 09:39:04 | 000,001,210 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\search.xml [2012.03.27 09:50:29 | 000,002,520 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\SearchResults.xml [2011.08.16 19:57:07 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\RLUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I9VSAFRD.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI O1 HOSTS File: ([2012.05.23 09:44:10 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 69.10.57.36 www.google-analytics.com. O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net. O1 - Hosts: 69.10.57.36 www.statcounter.com. O1 - Hosts: 108.163.215.51 www.google-analytics.com. O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net. O1 - Hosts: 108.163.215.51 www.statcounter.com. O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PlantronicsBatteryStatus.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe (Plantronics, Inc.) O4 - HKLM..\Run: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe (Plantronics, Inc.) O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems) O4 - HKCU..\Run: [Socialbit_Winamp_Server] C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe (Socialbit UG) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\rlucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.30.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hansalog.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95E96912-D8FD-4B02-8A1D-32D1ED46DB7F}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6CA5BA3-89CB-48C5-8A5E-9EA0B75F4646}: DhcpNameServer = 192.168.30.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFD0A5B9-2307-454B-B15B-16AD85229DA4}: NameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB2B7E7A-4CBC-48CF-9F4B-DC2C9752F7EC}: DhcpNameServer = 10.2.10.221 10.2.10.222 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell - "" = AutoRun O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell\AutoRun\command - "" = F:\EMP_UDSe.exe /autorun O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell - "" = AutoRun O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell - "" = AutoRun O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.05.29 09:41:30 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Malwarebytes [2012.05.29 09:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.29 09:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.29 09:41:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.29 09:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.25 15:42:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.05.25 13:35:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.25 13:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.05.25 13:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.05.25 13:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.05.25 10:04:03 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Avira [2012.05.25 09:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.05.25 09:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.05.25 09:58:07 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.25 09:58:07 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.25 09:58:07 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.05.25 09:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.25 09:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.05.24 15:06:32 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Local\ElevatedDiagnostics [2012.05.20 12:56:59 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Simfy [2012.05.16 22:13:40 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\XnView [2012.05.16 22:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView [2012.05.16 22:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView [2012.05.16 09:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.16 09:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.03 19:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins [2012.05.03 09:57:39 | 000,000,000 | ---D | C] -- C:\Users\rlucas\Desktop\Emails [2012.04.30 09:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.04.30 09:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ========== Files - Modified Within 30 Days ========== [2012.05.29 12:12:27 | 000,398,310 | ---- | M] () -- C:\Users\rlucas\Desktop\Unbenannt1.jpg [2012.05.29 12:10:32 | 000,393,723 | ---- | M] () -- C:\Users\rlucas\Desktop\Unbenannt.jpg [2012.05.29 11:39:08 | 000,017,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.29 11:39:08 | 000,017,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.29 11:36:02 | 001,522,268 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.05.29 11:36:02 | 000,662,760 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.05.29 11:36:02 | 000,623,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.05.29 11:36:02 | 000,133,526 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.05.29 11:36:02 | 000,109,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.05.29 11:31:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.29 11:31:07 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys [2012.05.29 09:41:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.29 09:18:59 | 000,001,012 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.05.29 09:18:42 | 000,000,982 | ---- | M] () -- C:\Users\rlucas\Desktop\Dropbox.lnk [2012.05.25 15:43:31 | 000,000,818 | ---- | M] () -- C:\Users\rlucas\webtopcookie.properties [2012.05.25 13:25:15 | 000,001,262 | ---- | M] () -- C:\Users\rlucas\Desktop\Spybot - Search & Destroy.lnk [2012.05.25 09:59:10 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.24 11:47:36 | 005,923,951 | ---- | M] () -- C:\Users\rlucas\Desktop\XC60 Robin Lucas.pdf [2012.05.23 09:44:10 | 000,001,392 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.05.22 09:39:04 | 000,000,288 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\C7449C3C.reg [2012.05.20 12:57:00 | 000,000,032 | ---- | M] () -- C:\Users\rlucas\.simfy [2012.05.16 22:14:33 | 000,000,923 | ---- | M] () -- C:\Users\rlucas\Desktop\XnView.lnk [2012.05.16 09:24:23 | 000,346,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.08 10:19:28 | 000,003,314 | ---- | M] () -- C:\Users\rlucas\Desktop\Konfektion E Kosten Beispiel.csv [2012.05.03 09:09:34 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.05.03 09:09:26 | 001,544,790 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2012.05.29 12:12:25 | 000,398,310 | ---- | C] () -- C:\Users\rlucas\Desktop\Unbenannt1.jpg [2012.05.29 12:10:26 | 000,393,723 | ---- | C] () -- C:\Users\rlucas\Desktop\Unbenannt.jpg [2012.05.29 09:41:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.25 13:25:15 | 000,001,262 | ---- | C] () -- C:\Users\rlucas\Desktop\Spybot - Search & Destroy.lnk [2012.05.25 09:59:10 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.05.24 11:47:05 | 005,923,951 | ---- | C] () -- C:\Users\rlucas\Desktop\XC60 Robin Lucas.pdf [2012.05.22 09:39:04 | 000,000,288 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\C7449C3C.reg [2012.05.20 12:57:00 | 000,000,032 | ---- | C] () -- C:\Users\rlucas\.simfy [2012.05.16 22:13:25 | 000,000,923 | ---- | C] () -- C:\Users\rlucas\Desktop\XnView.lnk [2012.05.08 10:19:27 | 000,003,314 | ---- | C] () -- C:\Users\rlucas\Desktop\Konfektion E Kosten Beispiel.csv [2011.12.19 11:46:24 | 000,000,600 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\winscp.rnd [2011.11.04 21:41:47 | 000,000,336 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\burnaware.ini [2011.10.18 09:49:05 | 000,023,388 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.08.27 13:36:23 | 000,007,168 | ---- | C] () -- C:\Users\rlucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.04 10:01:41 | 000,007,059 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\e182323573.prf [2011.07.04 10:01:37 | 000,000,417 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\redirect.xml [2011.06.22 19:34:09 | 000,011,754 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.06.22 10:07:18 | 001,544,790 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.26 01:16:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.03.26 01:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.03.26 01:16:10 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin ========== LOP Check ========== [2012.01.02 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Bitmart [2012.03.15 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\calibre [2011.11.07 14:24:06 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\DAEMON Tools Lite [2012.05.29 11:33:31 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Dropbox [2012.05.29 12:27:11 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Free Download Manager [2012.03.27 10:56:26 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\FreeScreenToVideo [2011.12.25 23:33:45 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant [2012.05.02 10:32:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Hiyc [2012.04.10 10:50:56 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\ingentis [2011.06.29 16:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\IrfanView [2011.07.05 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Leadertech [2012.05.25 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\loadtbs [2012.04.21 20:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Luvei [2011.11.26 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Mp3tag [2011.09.15 13:18:51 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Notepad++ [2012.01.27 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\pdfforge [2012.05.20 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Simfy [2012.04.10 13:43:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TeamViewer [2011.07.03 16:13:30 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TerraTec [2011.11.07 14:30:04 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Vorlagen für Office 2010 [2012.03.27 10:02:05 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\webex [2011.11.04 21:31:49 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XMedia Recode [2012.05.24 11:50:36 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XnView [2011.11.16 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Zoner [2009.07.14 07:08:49 | 000,026,334 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > kann jemand von euch was damit anfangen oder mir weiterhelfen...ist super nervig und ich würde ungern neuinstallieren müssen Geändert von mirres (29.05.2012 um 11:40 Uhr) Grund: nachtrag Screenshot |
30.05.2012, 21:19 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten reinZitat:
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
31.05.2012, 10:03 | #3 |
| Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Hallo cosinus,
__________________vielen Dank für deine Antwort. Ich glaube das ich die Funde auch direkt entfernt hatte (sie stehen zumindest nun in der Quarantäne Liste). Soll ich sie dort nochmals löschen? Ich hatte Maleware vorher nicht auf dem Rechner. Ich hab es im Nachgang noch laufen lassen, dann kamen keine Funde. Bruchst du das Log? Leider ist die Werbung immer noch da. |
31.05.2012, 10:22 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Nien, lass die Quarantäne in Ruhe! Voreilig endgültig entfernen ist immer eine schlechte Idee! Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
31.05.2012, 18:38 | #5 |
| Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Hallo Arne, hat lange gedauert aber nun das Log (sind auch 2 Sachen gefunden worden ) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=60294abe6b497d4f9a633fcc16781d37 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-05-31 11:16:11 # local_time=2012-05-31 01:16:11 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1792 16777215 100 0 526501 526501 0 0 # compatibility_mode=5893 16776574 100 94 26187337 90089037 0 0 # compatibility_mode=8192 67108863 100 0 128 128 0 0 # scanned=218727 # found=2 # cleaned=0 # scan_time=3784 C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I C:\Users\operating\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H8Y9JEG7\pdfforgeToolbar[1].msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I |
31.05.2012, 19:40 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Das nur Toolbar-Müll Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein |
01.06.2012, 09:22 | #7 |
| Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Guten Morgen Arne, soweit ich das beurteilen kann, läuft Windows ganz normal. Einträge sind auch nicht verschwunden. Im übrigen nochmals danke das du dir hier die Zeit nmimmst, ist nicht selbstverständlich! Viele Grüße Robin |
01.06.2012, 13:54 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
01.06.2012, 14:37 | #9 |
| Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Hallo Arne, meinst du wirklich alles im Code, oder nur die Logs: Hier der von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.06.2012 15:26:01 - Run 2 OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\rlucas\Downloads 64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,88 Gb Total Physical Memory | 5,55 Gb Available Physical Memory | 70,43% Memory free 15,77 Gb Paging File | 13,40 Gb Available in Paging File | 84,97% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 13,50 Gb Free Space | 13,84% Space Free | Partition Type: NTFS Drive D: | 200,43 Gb Total Space | 22,91 Gb Free Space | 11,43% Space Free | Partition Type: NTFS Computer Name: BLN-WNB-02 | User Name: rlucas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2012.05.29 12:23:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\rlucas\Downloads\OTL.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.02.15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2011.12.28 13:40:48 | 006,148,096 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.12.02 12:53:24 | 000,353,744 | ---- | M] (Plantronics, Inc.) -- C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe PRC - [2011.12.02 12:45:18 | 000,622,544 | ---- | M] (Plantronics, Inc.) -- C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe PRC - [2011.01.06 12:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe PRC - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2010.11.11 13:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe PRC - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010.05.21 14:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.03.29 16:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe ========== Modules (No Company Name) ========== MOD - [2012.05.16 09:31:11 | 000,342,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsURE\312e23deb529c2b6fb41935b2afba9b0\PlantronicsURE.ni.exe MOD - [2012.05.16 09:31:10 | 000,128,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsBatteryS#\63fd0f5cc88e2f5aebbe35b5ee43f23f\PlantronicsBatteryStatus.ni.exe MOD - [2012.05.16 09:31:09 | 000,041,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Webe#\bc979207d3b5b1ea0511636718a90ce7\Plantronics.UC.WebexConnect.ni.dll MOD - [2012.05.16 09:31:09 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Wind#\ecfa8b400750f83443c404e205299a94\Plantronics.UC.WindowsMediaPlayer.ni.dll MOD - [2012.05.16 09:31:08 | 000,127,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Skype\2b98bb96300e389e9eaeee35239594a1\Plantronics.UC.Skype.ni.dll MOD - [2012.05.16 09:31:08 | 000,111,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Sess#\325141408c6dd33c6ffbd7320c7ffce2\Plantronics.UC.SessionService.ni.dll MOD - [2012.05.16 09:31:08 | 000,018,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Shor#\d1e500c50a270df57c69d96400bc9725\Plantronics.UC.ShoreTel.ni.dll MOD - [2012.05.16 09:31:07 | 000,154,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Offi#\78f719167e34cf34abb56362df448095\Plantronics.UC.OfficeCommunicator.ni.dll MOD - [2012.05.16 09:31:07 | 000,037,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.iTun#\de988d029762f7a176f1eea0f81f40ac\Plantronics.UC.iTunes.ni.dll MOD - [2012.05.16 09:30:51 | 000,731,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSFC#\cf287130b24c4b3346652766b6c87ac4\Plantronics.UC.CSFClient.ni.dll MOD - [2012.05.16 09:30:51 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSF\2c8dd947326f5d780af15c6c9b2ffa4f\Plantronics.UC.CSF.ni.dll MOD - [2012.05.16 09:30:50 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.TAPI\172886c0fc7603d8421d1fd5a8f2650d\Plantronics.UC.TAPI.ni.dll MOD - [2012.05.16 09:30:50 | 000,056,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Cisco\7ce0d8046fad3303e7d7f1f8ac267187\Plantronics.UC.Cisco.ni.dll MOD - [2012.05.16 09:30:50 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\1a7494fabd697a457622bd3ec27c9c98\Plantronics.UC.AvayaSoftphone.ni.dll MOD - [2012.05.16 09:30:50 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\f35491b4b89ca404b55906e2b0f82558\Plantronics.UC.AvayaIPAgent.ni.dll MOD - [2012.05.16 09:30:48 | 000,329,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Comm#\b4d0616056ac4d2663ea5bb2329197f6\Plantronics.UC.Common.ni.dll MOD - [2012.05.16 09:30:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avaya\357fa9a8ed8ac719cea68bee9b586520\Plantronics.UC.Avaya.ni.dll MOD - [2012.05.16 09:30:47 | 000,111,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\3ef4ac9a717349ebb567d59be738ed2c\Plantronics.License.Manager.ni.dll MOD - [2012.05.16 09:30:47 | 000,076,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.FlexNet#\e0d3659b05e463b586806734da3ccd7a\Plantronics.FlexNet.Adapter.ni.dll MOD - [2012.05.16 09:30:47 | 000,056,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\fb8be9a10ba1c8b60e12c81b5dd6d191\Plantronics.License.Common.ni.dll MOD - [2012.05.16 09:30:46 | 000,488,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\ce19c3c9209479f0d31e9d4559cc1205\Plantronics.Globalization.ni.dll MOD - [2012.05.16 09:30:46 | 000,111,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\5817b51860e6daf4e86732185bddba71\Plantronics.Device.Hid.ni.dll MOD - [2012.05.16 09:30:45 | 000,558,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\d7d385336e1f5c09d0a0936a0a1ee9e7\Plantronics.Device.Common.ni.dll MOD - [2012.05.16 09:30:44 | 000,521,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Utility\a73af6f1ec8830aa380fd925e31644c9\Plantronics.Utility.ni.dll MOD - [2012.05.16 09:30:43 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll MOD - [2012.05.16 09:30:42 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\0a775a09b5828533e63fd9b7d94167d9\log4net.ni.dll MOD - [2012.05.16 09:30:42 | 000,035,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Config\cc196aeb7ade0d9d980a93c6221222b1\Plantronics.Config.ni.dll MOD - [2012.05.16 09:30:40 | 000,414,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.SKYPE4COMLib\b0ce5b6a51de584cb69af311a50ad654\Interop.SKYPE4COMLib.ni.dll MOD - [2012.05.16 09:30:40 | 000,214,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\10af7f1bdd86222ae7779bf1092a6cda\Interop.FNCClient11Lib.ni.dll MOD - [2012.05.16 09:30:40 | 000,176,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.iTunesLib\2d0cc57e36cb38ed534c50240b40b9b3\Interop.iTunesLib.ni.dll MOD - [2012.05.16 09:30:40 | 000,144,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Communicato#\a4ed99a072e3e58346df9dcff7e672be\Interop.CommunicatorAPI.ni.dll MOD - [2012.05.16 09:30:39 | 000,056,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CiscoInterf#\8513c39ee5a5642bde30a92e5e2d5e1a\Interop.CiscoInterface.ni.dll MOD - [2012.05.16 09:30:38 | 000,050,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\04893a3420e3d650aa361592f1aac3a2\Plantronics.Globalization.resources.ni.dll MOD - [2012.05.16 09:30:37 | 000,440,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Atapi\60187c40d85d22ea02ca02d666d3283e\Atapi.ni.dll MOD - [2012.05.16 09:28:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012.05.16 09:28:30 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012.05.16 09:28:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.16 09:28:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.16 09:28:15 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.16 09:28:12 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.12.28 14:13:24 | 003,522,048 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll MOD - [2011.12.28 12:48:54 | 000,230,400 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.11 13:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll MOD - [2010.11.11 13:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.02.21 20:14:02 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH) SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc) SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.03.09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC) SRV - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME) SRV - [2011.03.09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService) SRV - [2011.02.21 20:14:00 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV) SRV - [2011.02.21 20:13:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2011.01.06 12:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe -- (EMP_UDSA) SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010.10.26 23:24:36 | 000,403,536 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Programme\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar) SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64) SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.11.07 14:23:13 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.04.30 13:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.04.30 13:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2011.04.30 13:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.04.13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2011.03.26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.21 20:14:24 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2011.02.21 20:14:12 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R) DRV:64bit: - [2011.02.21 20:14:10 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R) DRV:64bit: - [2011.02.21 20:14:08 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011.02.21 20:14:08 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv) DRV:64bit: - [2011.02.21 20:14:06 | 000,276,008 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ) DRV:64bit: - [2011.02.21 20:14:06 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr) DRV:64bit: - [2011.02.21 20:14:06 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis) DRV:64bit: - [2011.02.21 20:14:04 | 000,472,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV:64bit: - [2011.02.21 20:14:04 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Dell Wireless HSPA Mini-Card Device Management Driver (WDM) DRV:64bit: - [2011.02.21 20:14:04 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) Dell Wireless 5550 HSPA+ Mini-Card Device (WDM) DRV:64bit: - [2011.02.21 20:14:04 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps) DRV:64bit: - [2011.02.21 20:14:04 | 000,061,992 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard) DRV:64bit: - [2011.02.21 20:14:04 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV:64bit: - [2011.02.21 20:14:02 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011.02.21 20:14:02 | 000,075,240 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR) DRV:64bit: - [2011.02.21 20:14:02 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR) DRV:64bit: - [2011.02.21 20:14:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2011.02.21 20:13:58 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler) DRV:64bit: - [2011.02.16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2011.01.06 12:37:26 | 000,023,040 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EMP_UDAU.sys -- (eppvad_simple) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs) DRV:64bit: - [2010.11.11 13:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2010.11.11 13:32:32 | 000,030,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport) DRV:64bit: - [2010.11.11 13:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2010.11.11 13:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2010.11.11 13:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2010.08.20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007.07.12 21:38:10 | 000,042,016 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TTCinergyT2BDA.sys -- (TTCinergyT2) TerraTec Cinergy T² (BDA) DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/417 IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 C1 47 E6 A4 35 CC 01 [binary data] IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=fcbe7d08-3269-4963-be8a-04ac57386f01&apn_sauid=030B9408-5E39-4D79-862B-998365B74C7A IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{3E636E19-1CCB-4E5C-A688-310FF3574B77}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=417&sr=0&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.23 18:28:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Users\rlucas\AppData\Local\Mozilla Firefox\components [2012.04.26 20:50:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Users\rlucas\AppData\Local\Mozilla Firefox\plugins [2012.05.24 11:31:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\rlucas\AppData\Local\Mozilla Firefox\components [2012.04.26 20:50:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\rlucas\AppData\Local\Mozilla Firefox\plugins [2012.05.24 11:31:16 | 000,000,000 | ---D | M] [2012.03.28 10:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rlucas\AppData\Roaming\mozilla\Extensions [2012.05.25 15:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rlucas\AppData\Roaming\mozilla\Firefox\Profiles\i9vsafrd.default\extensions [2012.05.25 09:58:45 | 000,002,344 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\askcom.xml [2012.05.22 09:39:04 | 000,001,210 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\search.xml [2012.03.27 09:50:29 | 000,002,520 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\SearchResults.xml [2011.08.16 19:57:07 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\RLUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I9VSAFRD.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI O1 HOSTS File: ([2012.05.23 09:44:10 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 69.10.57.36 www.google-analytics.com. O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net. O1 - Hosts: 69.10.57.36 www.statcounter.com. O1 - Hosts: 108.163.215.51 www.google-analytics.com. O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net. O1 - Hosts: 108.163.215.51 www.statcounter.com. O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PlantronicsBatteryStatus.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe (Plantronics, Inc.) O4 - HKLM..\Run: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe (Plantronics, Inc.) O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems) O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [Socialbit_Winamp_Server] C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe (Socialbit UG) O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\operating\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann) O4 - Startup: C:\Users\rlucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.30.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hansalog.de O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95E96912-D8FD-4B02-8A1D-32D1ED46DB7F}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6CA5BA3-89CB-48C5-8A5E-9EA0B75F4646}: DhcpNameServer = 192.168.30.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFD0A5B9-2307-454B-B15B-16AD85229DA4}: NameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB2B7E7A-4CBC-48CF-9F4B-DC2C9752F7EC}: DhcpNameServer = 10.2.10.221 10.2.10.222 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell - "" = AutoRun O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell\AutoRun\command - "" = F:\EMP_UDSe.exe /autorun O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell - "" = AutoRun O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell - "" = AutoRun O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi5 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: mixer5 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wave5 - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation) Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - wdmaud.drv (Microsoft Corporation) Drivers32: aux3 - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - wdmaud.drv (Microsoft Corporation) Drivers32: midi5 - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer5 - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation) Drivers32: VIDC.VMnc - vmnc.dll (VMware, Inc.) Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.) Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - wdmaud.drv (Microsoft Corporation) Drivers32: wave5 - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.01 14:16:01 | 000,000,000 | ---D | C] -- C:\Users\rlucas\Desktop\bilder nb 2 1 og [2012.05.31 12:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.05.29 09:41:30 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Malwarebytes [2012.05.29 09:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.29 09:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.05.29 09:41:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.05.29 09:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.05.25 15:42:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012.05.25 13:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2012.05.25 13:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012.05.25 13:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012.05.25 10:04:03 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Avira [2012.05.25 09:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.05.25 09:58:07 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.05.25 09:58:07 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.05.25 09:58:07 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.05.25 09:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.05.25 09:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.05.24 15:06:32 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Local\ElevatedDiagnostics [2012.05.20 12:56:59 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Simfy [2012.05.16 22:13:40 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\XnView [2012.05.16 22:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView [2012.05.16 22:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView [2012.05.16 09:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.16 09:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.03 19:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins [2012.05.03 09:57:39 | 000,000,000 | ---D | C] -- C:\Users\rlucas\Desktop\Emails ========== Files - Modified Within 30 Days ========== [2012.06.01 08:26:53 | 001,522,268 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.01 08:26:53 | 000,662,760 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.01 08:26:53 | 000,623,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.01 08:26:53 | 000,133,526 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.01 08:26:53 | 000,109,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.01 08:23:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.30 09:57:39 | 000,000,816 | ---- | M] () -- C:\Users\rlucas\webtopcookie.properties [2012.05.29 12:37:19 | 000,070,792 | ---- | M] () -- C:\Users\rlucas\Desktop\Unbenannt2.JPG [2012.05.29 11:39:08 | 000,017,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.29 11:39:08 | 000,017,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.29 11:31:07 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys [2012.05.29 09:41:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.29 09:18:59 | 000,001,012 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.05.29 09:18:42 | 000,000,982 | ---- | M] () -- C:\Users\rlucas\Desktop\Dropbox.lnk [2012.05.25 13:25:15 | 000,001,262 | ---- | M] () -- C:\Users\rlucas\Desktop\Spybot - Search & Destroy.lnk [2012.05.24 11:47:36 | 005,923,951 | ---- | M] () -- C:\Users\rlucas\Desktop\XC60 Robin Lucas.pdf [2012.05.23 09:44:10 | 000,001,392 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.05.22 09:39:04 | 000,000,288 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\C7449C3C.reg [2012.05.20 12:57:00 | 000,000,032 | ---- | M] () -- C:\Users\rlucas\.simfy [2012.05.16 22:14:33 | 000,000,923 | ---- | M] () -- C:\Users\rlucas\Desktop\XnView.lnk [2012.05.16 09:24:23 | 000,346,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.05.08 10:19:28 | 000,003,314 | ---- | M] () -- C:\Users\rlucas\Desktop\Konfektion E Kosten Beispiel.csv [2012.05.03 09:09:34 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.05.03 09:09:26 | 001,544,790 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2012.05.29 12:37:19 | 000,070,792 | ---- | C] () -- C:\Users\rlucas\Desktop\Unbenannt2.JPG [2012.05.29 09:41:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.25 13:25:15 | 000,001,262 | ---- | C] () -- C:\Users\rlucas\Desktop\Spybot - Search & Destroy.lnk [2012.05.24 11:47:05 | 005,923,951 | ---- | C] () -- C:\Users\rlucas\Desktop\XC60 Robin Lucas.pdf [2012.05.22 09:39:04 | 000,000,288 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\C7449C3C.reg [2012.05.20 12:57:00 | 000,000,032 | ---- | C] () -- C:\Users\rlucas\.simfy [2012.05.16 22:13:25 | 000,000,923 | ---- | C] () -- C:\Users\rlucas\Desktop\XnView.lnk [2012.05.08 10:19:27 | 000,003,314 | ---- | C] () -- C:\Users\rlucas\Desktop\Konfektion E Kosten Beispiel.csv [2011.12.19 11:46:24 | 000,000,600 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\winscp.rnd [2011.11.04 21:41:47 | 000,000,336 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\burnaware.ini [2011.10.18 09:49:05 | 000,023,388 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2011.08.27 13:36:23 | 000,007,168 | ---- | C] () -- C:\Users\rlucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.04 10:01:41 | 000,007,059 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\e182323573.prf [2011.07.04 10:01:37 | 000,000,417 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\redirect.xml [2011.06.22 19:34:09 | 000,011,754 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.06.22 10:07:18 | 001,544,790 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.03.26 01:16:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.03.26 01:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.03.26 01:16:10 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin ========== LOP Check ========== [2011.06.23 10:12:58 | 000,000,000 | ---D | M] -- C:\Users\operating\AppData\Roaming\Notepad++ [2011.06.22 10:06:25 | 000,000,000 | ---D | M] -- C:\Users\operating\AppData\Roaming\TeamViewer [2012.01.02 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Bitmart [2012.03.15 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\calibre [2011.11.07 14:24:06 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\DAEMON Tools Lite [2012.05.31 11:58:17 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Dropbox [2012.06.01 15:30:09 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Free Download Manager [2012.03.27 10:56:26 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\FreeScreenToVideo [2011.12.25 23:33:45 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant [2012.05.02 10:32:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Hiyc [2012.04.10 10:50:56 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\ingentis [2011.06.29 16:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\IrfanView [2011.07.05 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Leadertech [2012.05.25 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\loadtbs [2012.04.21 20:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Luvei [2011.11.26 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Mp3tag [2011.09.15 13:18:51 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Notepad++ [2012.01.27 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\pdfforge [2012.05.20 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Simfy [2012.04.10 13:43:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TeamViewer [2011.07.03 16:13:30 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TerraTec [2011.11.07 14:30:04 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Vorlagen für Office 2010 [2012.03.27 10:02:05 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\webex [2011.11.04 21:31:49 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XMedia Recode [2012.05.24 11:50:36 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XnView [2011.11.16 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Zoner [2009.07.14 07:08:49 | 000,026,334 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.05.20 12:56:32 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Adobe [2012.03.19 14:17:55 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Apple Computer [2012.05.25 10:04:03 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Avira [2012.01.02 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Bitmart [2012.03.15 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\calibre [2011.11.07 14:24:06 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\DAEMON Tools Lite [2011.08.27 13:36:22 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\DivX [2012.05.31 11:58:17 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Dropbox [2012.01.08 01:05:16 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\dvdcss [2012.03.12 12:06:08 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\FLEXnet [2012.06.01 15:30:09 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Free Download Manager [2012.03.27 10:56:26 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\FreeScreenToVideo [2011.12.25 23:33:45 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant [2012.05.02 10:32:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Hiyc [2011.06.24 16:45:46 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Identities [2012.04.10 10:50:56 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\ingentis [2011.10.10 14:08:31 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\InstallShield [2011.06.29 16:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\IrfanView [2011.07.05 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Leadertech [2012.05.25 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\loadtbs [2011.07.05 13:41:12 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Logishrd [2011.07.05 13:48:50 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Logitech [2012.04.21 20:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Luvei [2011.06.29 16:24:42 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Macromedia [2012.01.13 15:07:07 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Macrovision [2012.05.29 09:41:30 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Malwarebytes [2009.07.14 13:06:42 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Media Center Programs [2012.04.21 20:09:13 | 000,000,000 | --SD | M] -- C:\Users\rlucas\AppData\Roaming\Microsoft [2011.06.29 10:03:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Mozilla [2011.11.26 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Mp3tag [2011.09.15 13:18:51 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Notepad++ [2012.01.27 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\pdfforge [2012.05.20 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Simfy [2012.06.01 15:25:57 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Skype [2012.04.10 13:43:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TeamViewer [2011.07.03 16:13:30 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TerraTec [2012.02.04 21:44:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\vlc [2012.05.30 09:54:48 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\VMware [2011.11.07 14:30:04 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Vorlagen für Office 2010 [2012.03.27 10:02:05 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\webex [2011.06.30 10:13:28 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Winamp [2011.07.09 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\WinRAR [2011.11.04 21:31:49 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XMedia Recode [2012.05.24 11:50:36 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XnView [2011.11.16 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Zoner < %APPDATA%\*.exe /s > [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.02.17 02:23:04 | 000,871,664 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\DropboxPhotoUpdate.exe [2012.03.15 00:02:14 | 000,871,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.12.26 00:24:04 | 000,055,296 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\2FCA7F6D-CE82-47A5-ACFD-E138027994CE\AutoRunCE.exe [2011.12.26 00:24:04 | 000,083,456 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\2FCA7F6D-CE82-47A5-ACFD-E138027994CE\1\module.exe [2011.12.26 00:23:17 | 000,055,296 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\AD9D1FDD-07C4-44C8-A2D7-BB1ADA5CCEF0\AutoRunCE.exe [2011.12.26 00:23:57 | 000,083,456 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\AD9D1FDD-07C4-44C8-A2D7-BB1ADA5CCEF0\1\module.exe [2011.12.26 00:24:03 | 000,055,296 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\F61B692E-3F66-4859-AA1B-74791C02F677\AutoRunCE.exe [2011.12.26 00:24:03 | 000,083,456 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\F61B692E-3F66-4859-AA1B-74791C02F677\1\module.exe [2012.03.07 13:45:24 | 001,242,112 | ---- | M] (InfiniAd GmbH) -- C:\Users\rlucas\AppData\Roaming\loadtbs\uninstall.exe [2012.02.09 12:05:06 | 000,694,784 | ---- | M] (InfiniAd GmbH) -- C:\Users\rlucas\AppData\Roaming\loadtbs\ytdl.exe [2011.08.02 15:20:57 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\rlucas\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [2012.02.28 03:27:13 | 009,705,984 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll < End of report > [/CODE] |
01.06.2012, 14:57 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Selbstverständlich sollen nur die Logs in CODE-Tags! So stehst doch auch in meinem Beispiel! Wäre etwas sinnfrei auch den normalen Text bzw. das was du mit mitteilen willst in CODE-Tags postest - man will ja die Logs vom Fließtext abgrenzen
__________________ Logfiles bitte immer in CODE-Tags posten |
04.06.2012, 09:34 | #11 |
| Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Hallo Arne, hast du denn sonst noch eine Idee? Leider sind die Werbebanner immer noch da. Viele Grüße Robin |
04.06.2012, 15:25 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Sry hab deinen Strang übersehen Zitat:
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten! Gerade solche Streamingseiten sind für die aktuelle Welle der Erpresserschädlinge verantwortlich, die Windows blockieren und 50 oder 100 EUR erpressen wollen!! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/417 IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 C1 47 E6 A4 35 CC 01 [binary data] IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=fcbe7d08-3269-4963-be8a-04ac57386f01&apn_sauid=030B9408-5E39-4D79-862B-998365B74C7A IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{3E636E19-1CCB-4E5C-A688-310FF3574B77}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms} FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=0&systemid=417&sr=0&q=" O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell - "" = AutoRun O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell - "" = AutoRun O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell\AutoRun\command - "" = F:\EMP_UDSe.exe /autorun O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell - "" = AutoRun O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell - "" = AutoRun O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true :Files C:\Users\rlucas\AppData\Roaming\C7449C3C.reg :\Users\rlucas\AppData\Roaming\loadtbs C:\PROGRA~2\WIA6EB~1 :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
05.06.2012, 08:54 | #13 |
| Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Hallo Arne, es scheint wohl geklappt zu haben :-)))) hier noch das Log: Code:
ATTFilter All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found. HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully! HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully! HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully! HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}\ not found. Registry key HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3E636E19-1CCB-4E5C-A688-310FF3574B77}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E636E19-1CCB-4E5C-A688-310FF3574B77}\ not found. Registry key HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found. Prefs.js: "Ask.com" removed from browser.search.defaultengine Prefs.js: "Ask.com" removed from browser.search.defaultenginename Prefs.js: "Ask.com" removed from browser.search.order.1 Prefs.js: "hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=417&sr=0&q=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully. C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully. C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully. C:\Program Files (x86)\Free Download Manager\iefdm2.dll moved successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully. C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\ not found. File F:\StartVMCLite.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\ not found. File F:\EMP_UDSe.exe /autorun not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{704bd97e-436e-11e1-b3e9-90004eee4512}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{704bd97e-436e-11e1-b3e9-90004eee4512}\ not found. File F:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\ not found. File F:\unlock.exe autoplay=true not found. ========== FILES ========== C:\Users\rlucas\AppData\Roaming\C7449C3C.reg moved successfully. Error: Unable to interpret <:\Users\rlucas\AppData\Roaming\loadtbs> in the current context! Error: Unable to interpret <C:\PROGRA~2\WIA6EB~1> in the current context! ========== COMMANDS ========== [EMPTYTEMP] User: administrator ->Temp folder emptied: 386 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: operating ->Temp folder emptied: 52219120 bytes ->Temporary Internet Files folder emptied: 39951431 bytes User: Public User: rlucas ->Temp folder emptied: 13927342 bytes ->Temporary Internet Files folder emptied: 401393551 bytes ->Java cache emptied: 59149222 bytes ->FireFox cache emptied: 271260325 bytes ->Flash cache emptied: 89303 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 258938 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes RecycleBin emptied: 2302240901 bytes Total Files Cleaned = 2.995,00 mb [EMPTYFLASH] User: administrator User: All Users User: Default User: Default User User: operating User: Public User: rlucas ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.44.0 log created on 06052012_094612 Files\Folders moved on Reboot... C:\Users\rlucas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1276.log moved successfully. Registry entries deleted on Reboot... Vielen, vielen lieben Dank für deine tolle Hilfe! Gruß Robin |
05.06.2012, 10:26 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
06.06.2012, 15:19 | #15 |
| Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein Hallo Arne, anbei das Log: Code:
ATTFilter 16:14:01.0805 2136 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31 16:14:02.0181 2136 ============================================================ 16:14:02.0181 2136 Current date / time: 2012/06/06 16:14:02.0181 16:14:02.0181 2136 SystemInfo: 16:14:02.0181 2136 16:14:02.0181 2136 OS Version: 6.1.7601 ServicePack: 1.0 16:14:02.0181 2136 Product type: Workstation 16:14:02.0182 2136 ComputerName: BLN-WNB-02 16:14:02.0182 2136 UserName: rlucas 16:14:02.0182 2136 Windows directory: C:\Windows 16:14:02.0182 2136 System windows directory: C:\Windows 16:14:02.0182 2136 Running under WOW64 16:14:02.0182 2136 Processor architecture: Intel x64 16:14:02.0182 2136 Number of processors: 4 16:14:02.0182 2136 Page size: 0x1000 16:14:02.0182 2136 Boot type: Normal boot 16:14:02.0182 2136 ============================================================ 16:14:03.0588 2136 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:14:03.0638 2136 ============================================================ 16:14:03.0638 2136 \Device\Harddisk0\DR0: 16:14:03.0639 2136 MBR partitions: 16:14:03.0639 2136 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 16:14:03.0639 2136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000 16:14:03.0639 2136 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x190DD800 16:14:03.0639 2136 ============================================================ 16:14:03.0680 2136 C: <-> \Device\Harddisk0\DR0\Partition1 16:14:03.0761 2136 D: <-> \Device\Harddisk0\DR0\Partition2 16:14:03.0762 2136 ============================================================ 16:14:03.0762 2136 Initialize success 16:14:03.0762 2136 ============================================================ 16:14:07.0427 5276 ============================================================ 16:14:07.0427 5276 Scan started 16:14:07.0427 5276 Mode: Manual; 16:14:07.0427 5276 ============================================================ 16:14:08.0218 5276 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 16:14:08.0229 5276 1394ohci - ok 16:14:08.0264 5276 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys 16:14:08.0265 5276 Acceler - ok 16:14:08.0293 5276 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 16:14:08.0298 5276 ACPI - ok 16:14:08.0397 5276 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 16:14:08.0398 5276 AcpiPmi - ok 16:14:08.0567 5276 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 16:14:08.0573 5276 AdobeARMservice - ok 16:14:08.0644 5276 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 16:14:08.0677 5276 adp94xx - ok 16:14:08.0738 5276 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 16:14:08.0744 5276 adpahci - ok 16:14:08.0771 5276 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 16:14:08.0775 5276 adpu320 - ok 16:14:08.0805 5276 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 16:14:08.0806 5276 AeLookupSvc - ok 16:14:08.0890 5276 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe 16:14:08.0891 5276 AESTFilters - ok 16:14:08.0972 5276 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 16:14:08.0979 5276 AFD - ok 16:14:09.0027 5276 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 16:14:09.0028 5276 agp440 - ok 16:14:09.0047 5276 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 16:14:09.0049 5276 ALG - ok 16:14:09.0074 5276 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 16:14:09.0075 5276 aliide - ok 16:14:09.0079 5276 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 16:14:09.0080 5276 amdide - ok 16:14:09.0114 5276 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 16:14:09.0115 5276 AmdK8 - ok 16:14:09.0126 5276 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 16:14:09.0128 5276 AmdPPM - ok 16:14:09.0191 5276 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 16:14:09.0193 5276 amdsata - ok 16:14:09.0233 5276 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 16:14:09.0238 5276 amdsbs - ok 16:14:09.0273 5276 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 16:14:09.0274 5276 amdxata - ok 16:14:09.0409 5276 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 16:14:09.0412 5276 AntiVirSchedulerService - ok 16:14:09.0465 5276 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 16:14:09.0466 5276 AntiVirService - ok 16:14:09.0523 5276 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 16:14:09.0531 5276 AntiVirWebService - ok 16:14:09.0593 5276 ApfiltrService (ca5f1bd1261bc771d30096bbcfd625a0) C:\Windows\system32\DRIVERS\Apfiltr.sys 16:14:09.0599 5276 ApfiltrService - ok 16:14:09.0646 5276 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 16:14:09.0647 5276 AppID - ok 16:14:09.0667 5276 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 16:14:09.0669 5276 AppIDSvc - ok 16:14:09.0706 5276 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 16:14:09.0708 5276 Appinfo - ok 16:14:09.0842 5276 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 16:14:09.0843 5276 Apple Mobile Device - ok 16:14:09.0884 5276 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 16:14:09.0896 5276 AppMgmt - ok 16:14:09.0927 5276 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 16:14:09.0929 5276 arc - ok 16:14:09.0948 5276 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 16:14:09.0950 5276 arcsas - ok 16:14:09.0978 5276 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 16:14:09.0979 5276 AsyncMac - ok 16:14:10.0017 5276 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 16:14:10.0018 5276 atapi - ok 16:14:10.0113 5276 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 16:14:10.0121 5276 AudioEndpointBuilder - ok 16:14:10.0126 5276 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 16:14:10.0129 5276 AudioSrv - ok 16:14:10.0287 5276 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys 16:14:10.0303 5276 avgntflt - ok 16:14:10.0349 5276 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys 16:14:10.0357 5276 avipbb - ok 16:14:10.0394 5276 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 16:14:10.0396 5276 avkmgr - ok 16:14:10.0449 5276 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 16:14:10.0452 5276 AxInstSV - ok 16:14:10.0526 5276 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 16:14:10.0534 5276 b06bdrv - ok 16:14:10.0588 5276 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 16:14:10.0638 5276 b57nd60a - ok 16:14:10.0674 5276 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 16:14:10.0677 5276 BDESVC - ok 16:14:10.0705 5276 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 16:14:10.0706 5276 Beep - ok 16:14:10.0811 5276 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 16:14:10.0829 5276 BFE - ok 16:14:10.0892 5276 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 16:14:10.0923 5276 BITS - ok 16:14:10.0954 5276 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 16:14:10.0955 5276 blbdrive - ok 16:14:11.0079 5276 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 16:14:11.0087 5276 Bonjour Service - ok 16:14:11.0136 5276 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 16:14:11.0138 5276 bowser - ok 16:14:11.0173 5276 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:14:11.0174 5276 BrFiltLo - ok 16:14:11.0182 5276 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:14:11.0183 5276 BrFiltUp - ok 16:14:11.0219 5276 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 16:14:11.0228 5276 Browser - ok 16:14:11.0246 5276 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 16:14:11.0250 5276 Brserid - ok 16:14:11.0256 5276 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 16:14:11.0258 5276 BrSerWdm - ok 16:14:11.0260 5276 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 16:14:11.0261 5276 BrUsbMdm - ok 16:14:11.0264 5276 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 16:14:11.0265 5276 BrUsbSer - ok 16:14:11.0321 5276 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 16:14:11.0322 5276 BthEnum - ok 16:14:11.0329 5276 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 16:14:11.0331 5276 BTHMODEM - ok 16:14:11.0356 5276 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 16:14:11.0357 5276 BthPan - ok 16:14:11.0425 5276 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 16:14:11.0438 5276 BTHPORT - ok 16:14:11.0480 5276 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 16:14:11.0481 5276 bthserv - ok 16:14:11.0491 5276 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 16:14:11.0492 5276 BTHUSB - ok 16:14:11.0539 5276 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 16:14:11.0548 5276 cdfs - ok 16:14:11.0611 5276 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 16:14:11.0618 5276 cdrom - ok 16:14:11.0668 5276 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 16:14:11.0669 5276 CertPropSvc - ok 16:14:11.0689 5276 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 16:14:11.0691 5276 circlass - ok 16:14:11.0731 5276 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 16:14:11.0743 5276 CLFS - ok 16:14:11.0810 5276 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:14:11.0812 5276 clr_optimization_v2.0.50727_32 - ok 16:14:11.0853 5276 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:14:11.0855 5276 clr_optimization_v2.0.50727_64 - ok 16:14:11.0954 5276 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:14:11.0955 5276 clr_optimization_v4.0.30319_32 - ok 16:14:11.0989 5276 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:14:11.0990 5276 clr_optimization_v4.0.30319_64 - ok 16:14:12.0015 5276 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 16:14:12.0016 5276 CmBatt - ok 16:14:12.0051 5276 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 16:14:12.0053 5276 cmdide - ok 16:14:12.0111 5276 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 16:14:12.0120 5276 CNG - ok 16:14:12.0141 5276 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 16:14:12.0142 5276 Compbatt - ok 16:14:12.0197 5276 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 16:14:12.0198 5276 CompositeBus - ok 16:14:12.0214 5276 COMSysApp - ok 16:14:12.0231 5276 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 16:14:12.0233 5276 crcdisk - ok 16:14:12.0294 5276 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 16:14:12.0299 5276 CryptSvc - ok 16:14:12.0362 5276 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 16:14:12.0377 5276 CSC - ok 16:14:12.0450 5276 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 16:14:12.0458 5276 CscService - ok 16:14:12.0500 5276 cvusbdrv (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys 16:14:12.0501 5276 cvusbdrv - ok 16:14:12.0532 5276 d554gps (0fef994d890c92d8f23442bc52d4fea9) C:\Windows\system32\DRIVERS\d554gps64.sys 16:14:12.0534 5276 d554gps - ok 16:14:12.0564 5276 d554scard (95da07e4859396912d8e5630da5a9324) C:\Windows\system32\DRIVERS\d554scard.sys 16:14:12.0565 5276 d554scard - ok 16:14:12.0617 5276 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys 16:14:12.0618 5276 dc3d - ok 16:14:12.0688 5276 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 16:14:12.0696 5276 DcomLaunch - ok 16:14:12.0753 5276 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 16:14:12.0796 5276 defragsvc - ok 16:14:12.0841 5276 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 16:14:12.0844 5276 DfsC - ok 16:14:12.0887 5276 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 16:14:12.0901 5276 Dhcp - ok 16:14:12.0934 5276 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 16:14:12.0936 5276 discache - ok 16:14:12.0968 5276 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 16:14:12.0970 5276 Disk - ok 16:14:13.0015 5276 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 16:14:13.0028 5276 Dnscache - ok 16:14:13.0086 5276 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 16:14:13.0095 5276 dot3svc - ok 16:14:13.0136 5276 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 16:14:13.0143 5276 DPS - ok 16:14:13.0172 5276 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 16:14:13.0173 5276 drmkaud - ok 16:14:13.0249 5276 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 16:14:13.0262 5276 dtsoftbus01 - ok 16:14:13.0351 5276 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 16:14:13.0366 5276 DXGKrnl - ok 16:14:13.0428 5276 e1cexpress (60633132a929c09fe78fab16541f9e71) C:\Windows\system32\DRIVERS\e1c62x64.sys 16:14:13.0435 5276 e1cexpress - ok 16:14:13.0468 5276 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 16:14:13.0476 5276 EapHost - ok 16:14:13.0679 5276 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 16:14:13.0758 5276 ebdrv - ok 16:14:13.0879 5276 ecnssndis (f88f2e5806fc405b0fa94b7947a5875e) C:\Windows\system32\Drivers\wwuss64.sys 16:14:13.0880 5276 ecnssndis - ok 16:14:13.0911 5276 ecnssndisfltr (c8cd88218efc28f7e44a9892b3e97f4d) C:\Windows\system32\Drivers\wwussf64.sys 16:14:13.0911 5276 ecnssndisfltr - ok 16:14:13.0949 5276 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 16:14:13.0951 5276 EFS - ok 16:14:14.0051 5276 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 16:14:14.0064 5276 ehRecvr - ok 16:14:14.0096 5276 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 16:14:14.0098 5276 ehSched - ok 16:14:14.0159 5276 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 16:14:14.0190 5276 elxstor - ok 16:14:14.0283 5276 EMP_UDSA (faa735cb77474deb4e4e327340117d3a) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe 16:14:14.0366 5276 EMP_UDSA - ok 16:14:14.0393 5276 eppvad_simple (55d460f601d0b4d528bb16c0e8e18723) C:\Windows\system32\drivers\EMP_UDAU.sys 16:14:14.0394 5276 eppvad_simple - ok 16:14:14.0426 5276 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 16:14:14.0427 5276 ErrDev - ok 16:14:14.0487 5276 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 16:14:14.0500 5276 EventSystem - ok 16:14:14.0523 5276 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 16:14:14.0528 5276 exfat - ok 16:14:14.0559 5276 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 16:14:14.0563 5276 fastfat - ok 16:14:14.0652 5276 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 16:14:14.0672 5276 Fax - ok 16:14:14.0680 5276 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 16:14:14.0682 5276 fdc - ok 16:14:14.0709 5276 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 16:14:14.0710 5276 fdPHost - ok 16:14:14.0719 5276 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 16:14:14.0721 5276 FDResPub - ok 16:14:14.0732 5276 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 16:14:14.0733 5276 FileInfo - ok 16:14:14.0749 5276 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 16:14:14.0751 5276 Filetrace - ok 16:14:14.0755 5276 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 16:14:14.0756 5276 flpydisk - ok 16:14:14.0812 5276 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 16:14:14.0821 5276 FltMgr - ok 16:14:14.0919 5276 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 16:14:14.0955 5276 FontCache - ok 16:14:15.0045 5276 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:14:15.0048 5276 FontCache3.0.0.0 - ok 16:14:15.0124 5276 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 16:14:15.0125 5276 FsDepends - ok 16:14:15.0166 5276 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 16:14:15.0167 5276 Fs_Rec - ok 16:14:15.0225 5276 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 16:14:15.0253 5276 fvevol - ok 16:14:15.0269 5276 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 16:14:15.0270 5276 gagp30kx - ok 16:14:15.0349 5276 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:14:15.0353 5276 GEARAspiWDM - ok 16:14:15.0439 5276 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 16:14:15.0452 5276 gpsvc - ok 16:14:15.0489 5276 hcmon (ba207b48aa3d9d73fd4856400f852458) C:\Windows\system32\drivers\hcmon.sys 16:14:15.0491 5276 hcmon - ok 16:14:15.0523 5276 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 16:14:15.0525 5276 hcw85cir - ok 16:14:15.0594 5276 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 16:14:15.0603 5276 HdAudAddService - ok 16:14:15.0630 5276 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 16:14:15.0632 5276 HDAudBus - ok 16:14:15.0635 5276 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 16:14:15.0636 5276 HidBatt - ok 16:14:15.0644 5276 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 16:14:15.0646 5276 HidBth - ok 16:14:15.0650 5276 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 16:14:15.0651 5276 HidIr - ok 16:14:15.0680 5276 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 16:14:15.0681 5276 hidserv - ok 16:14:15.0707 5276 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 16:14:15.0708 5276 HidUsb - ok 16:14:15.0751 5276 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 16:14:15.0752 5276 hkmsvc - ok 16:14:15.0807 5276 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 16:14:15.0823 5276 HomeGroupListener - ok 16:14:15.0873 5276 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 16:14:15.0886 5276 HomeGroupProvider - ok 16:14:15.0910 5276 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 16:14:15.0911 5276 HpSAMD - ok 16:14:15.0998 5276 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 16:14:16.0011 5276 HTTP - ok 16:14:16.0049 5276 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 16:14:16.0050 5276 hwpolicy - ok 16:14:16.0069 5276 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 16:14:16.0072 5276 i8042prt - ok 16:14:16.0136 5276 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 16:14:16.0140 5276 iaStorV - ok 16:14:16.0222 5276 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:14:16.0236 5276 idsvc - ok 16:14:16.0851 5276 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys 16:14:17.0050 5276 igfx - ok 16:14:17.0202 5276 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 16:14:17.0205 5276 iirsp - ok 16:14:17.0302 5276 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 16:14:17.0318 5276 IKEEXT - ok 16:14:17.0379 5276 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 16:14:17.0387 5276 IntcDAud - ok 16:14:17.0424 5276 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 16:14:17.0425 5276 intelide - ok 16:14:17.0448 5276 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 16:14:17.0450 5276 intelppm - ok 16:14:17.0484 5276 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 16:14:17.0487 5276 IPBusEnum - ok 16:14:17.0521 5276 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:14:17.0523 5276 IpFilterDriver - ok 16:14:17.0594 5276 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 16:14:17.0602 5276 iphlpsvc - ok 16:14:17.0640 5276 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 16:14:17.0642 5276 IPMIDRV - ok 16:14:17.0666 5276 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 16:14:17.0669 5276 IPNAT - ok 16:14:17.0806 5276 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 16:14:17.0817 5276 iPod Service - ok 16:14:17.0839 5276 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 16:14:17.0840 5276 IRENUM - ok 16:14:17.0856 5276 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 16:14:17.0857 5276 isapnp - ok 16:14:17.0901 5276 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 16:14:17.0910 5276 iScsiPrt - ok 16:14:17.0940 5276 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 16:14:17.0941 5276 kbdclass - ok 16:14:17.0990 5276 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 16:14:17.0991 5276 kbdhid - ok 16:14:18.0024 5276 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:14:18.0025 5276 KeyIso - ok 16:14:18.0041 5276 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 16:14:18.0043 5276 KSecDD - ok 16:14:18.0062 5276 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 16:14:18.0068 5276 KSecPkg - ok 16:14:18.0094 5276 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 16:14:18.0095 5276 ksthunk - ok 16:14:18.0157 5276 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 16:14:18.0170 5276 KtmRm - ok 16:14:18.0307 5276 L4301_Solar (caeaa16039485b2d3bb069c1107442a5) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe 16:14:18.0312 5276 L4301_Solar - ok 16:14:18.0377 5276 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 16:14:18.0387 5276 LanmanServer - ok 16:14:18.0426 5276 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 16:14:18.0435 5276 LanmanWorkstation - ok 16:14:18.0586 5276 LBTServ (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 16:14:18.0604 5276 LBTServ - ok 16:14:18.0690 5276 LEqdUsb (abfd2b5726f4cce49297ae48806cc594) C:\Windows\system32\DRIVERS\LEqdUsb.Sys 16:14:18.0691 5276 LEqdUsb - ok 16:14:18.0720 5276 LHidEqd (933f69cf9acd2498693bfcd7ed68e8d4) C:\Windows\system32\DRIVERS\LHidEqd.Sys 16:14:18.0721 5276 LHidEqd - ok 16:14:18.0742 5276 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys 16:14:18.0744 5276 LHidFilt - ok 16:14:18.0799 5276 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 16:14:18.0801 5276 lltdio - ok 16:14:18.0849 5276 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 16:14:18.0857 5276 lltdsvc - ok 16:14:18.0878 5276 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 16:14:18.0879 5276 lmhosts - ok 16:14:18.0914 5276 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys 16:14:18.0915 5276 LMouFilt - ok 16:14:18.0959 5276 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 16:14:18.0960 5276 LSI_FC - ok 16:14:18.0977 5276 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 16:14:18.0979 5276 LSI_SAS - ok 16:14:18.0998 5276 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:14:18.0999 5276 LSI_SAS2 - ok 16:14:19.0022 5276 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:14:19.0024 5276 LSI_SCSI - ok 16:14:19.0053 5276 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 16:14:19.0055 5276 luafv - ok 16:14:19.0093 5276 LUsbFilt (11ddb1d900078fbe3691df7b878aec28) C:\Windows\system32\Drivers\LUsbFilt.Sys 16:14:19.0094 5276 LUsbFilt - ok 16:14:19.0156 5276 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 16:14:19.0157 5276 MBAMProtector - ok 16:14:19.0275 5276 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 16:14:19.0283 5276 MBAMService - ok 16:14:19.0346 5276 Mbm3CBus (0845da0bff1af5c57de4dd97acaf2fcd) C:\Windows\system32\DRIVERS\Mbm3CBus.sys 16:14:19.0349 5276 Mbm3CBus - ok 16:14:19.0406 5276 Mbm3DevMt (db6fa599aa79324e287c4eaf6020da37) C:\Windows\system32\DRIVERS\Mbm3DevMt.sys 16:14:19.0409 5276 Mbm3DevMt - ok 16:14:19.0434 5276 Mbm3mdfl (2f71edb697752d409b9983f0e1d88f70) C:\Windows\system32\DRIVERS\Mbm3mdfl.sys 16:14:19.0435 5276 Mbm3mdfl - ok 16:14:19.0478 5276 Mbm3Mdm (21b412a36de3ccfe4e13383b88cfc90c) C:\Windows\system32\DRIVERS\Mbm3Mdm.sys 16:14:19.0481 5276 Mbm3Mdm - ok 16:14:19.0519 5276 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 16:14:19.0522 5276 Mcx2Svc - ok 16:14:19.0548 5276 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 16:14:19.0549 5276 megasas - ok 16:14:19.0579 5276 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 16:14:19.0589 5276 MegaSR - ok 16:14:19.0602 5276 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 16:14:19.0604 5276 MEIx64 - ok 16:14:19.0631 5276 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 16:14:19.0633 5276 MMCSS - ok 16:14:19.0648 5276 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 16:14:19.0649 5276 Modem - ok 16:14:19.0680 5276 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 16:14:19.0680 5276 monitor - ok 16:14:19.0724 5276 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 16:14:19.0726 5276 mouclass - ok 16:14:19.0748 5276 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 16:14:19.0750 5276 mouhid - ok 16:14:19.0795 5276 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 16:14:19.0797 5276 mountmgr - ok 16:14:19.0866 5276 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 16:14:19.0874 5276 MpFilter - ok 16:14:19.0921 5276 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 16:14:19.0929 5276 mpio - ok 16:14:19.0946 5276 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 16:14:19.0948 5276 mpsdrv - ok 16:14:20.0031 5276 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 16:14:20.0046 5276 MpsSvc - ok 16:14:20.0090 5276 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 16:14:20.0104 5276 MRxDAV - ok 16:14:20.0149 5276 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:14:20.0155 5276 mrxsmb - ok 16:14:20.0208 5276 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:14:20.0218 5276 mrxsmb10 - ok 16:14:20.0259 5276 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:14:20.0267 5276 mrxsmb20 - ok 16:14:20.0301 5276 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 16:14:20.0303 5276 msahci - ok 16:14:20.0349 5276 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 16:14:20.0356 5276 msdsm - ok 16:14:20.0391 5276 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 16:14:20.0399 5276 MSDTC - ok 16:14:20.0438 5276 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 16:14:20.0439 5276 Msfs - ok 16:14:20.0468 5276 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 16:14:20.0469 5276 mshidkmdf - ok 16:14:20.0482 5276 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 16:14:20.0483 5276 msisadrv - ok 16:14:20.0519 5276 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 16:14:20.0526 5276 MSiSCSI - ok 16:14:20.0532 5276 msiserver - ok 16:14:20.0649 5276 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 16:14:20.0669 5276 MSKSSRV - ok 16:14:20.0803 5276 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe 16:14:20.0803 5276 MsMpSvc - ok 16:14:20.0836 5276 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 16:14:20.0838 5276 MSPCLOCK - ok 16:14:20.0847 5276 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 16:14:20.0848 5276 MSPQM - ok 16:14:20.0917 5276 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 16:14:20.0927 5276 MsRPC - ok 16:14:20.0966 5276 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 16:14:20.0967 5276 mssmbios - ok 16:14:20.0996 5276 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 16:14:20.0997 5276 MSTEE - ok 16:14:21.0008 5276 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 16:14:21.0010 5276 MTConfig - ok 16:14:21.0040 5276 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 16:14:21.0042 5276 Mup - ok 16:14:21.0101 5276 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 16:14:21.0117 5276 napagent - ok 16:14:21.0166 5276 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 16:14:21.0173 5276 NativeWifiP - ok 16:14:21.0248 5276 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 16:14:21.0260 5276 NDIS - ok 16:14:21.0277 5276 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 16:14:21.0278 5276 NdisCap - ok 16:14:21.0293 5276 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 16:14:21.0295 5276 NdisTapi - ok 16:14:21.0339 5276 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 16:14:21.0342 5276 Ndisuio - ok 16:14:21.0396 5276 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 16:14:21.0402 5276 NdisWan - ok 16:14:21.0441 5276 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 16:14:21.0442 5276 NDProxy - ok 16:14:21.0471 5276 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys 16:14:21.0473 5276 Netaapl - ok 16:14:21.0492 5276 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 16:14:21.0493 5276 NetBIOS - ok 16:14:21.0545 5276 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 16:14:21.0557 5276 NetBT - ok 16:14:21.0591 5276 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:14:21.0593 5276 Netlogon - ok 16:14:21.0661 5276 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 16:14:21.0674 5276 Netman - ok 16:14:21.0705 5276 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 16:14:21.0710 5276 netprofm - ok 16:14:21.0782 5276 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:14:21.0790 5276 NetTcpPortSharing - ok 16:14:22.0236 5276 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys 16:14:22.0381 5276 NETwNs64 - ok 16:14:22.0523 5276 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 16:14:22.0525 5276 nfrd960 - ok 16:14:22.0595 5276 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 16:14:22.0603 5276 NisDrv - ok 16:14:22.0736 5276 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe 16:14:22.0769 5276 NisSrv - ok 16:14:22.0836 5276 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 16:14:22.0844 5276 NlaSvc - ok 16:14:22.0876 5276 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 16:14:22.0877 5276 Npfs - ok 16:14:22.0904 5276 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 16:14:22.0906 5276 nsi - ok 16:14:22.0915 5276 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 16:14:22.0917 5276 nsiproxy - ok 16:14:23.0076 5276 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 16:14:23.0107 5276 Ntfs - ok 16:14:23.0268 5276 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys 16:14:23.0270 5276 NuidFltr - ok 16:14:23.0301 5276 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 16:14:23.0303 5276 Null - ok 16:14:23.0343 5276 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 16:14:23.0349 5276 nvraid - ok 16:14:23.0390 5276 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 16:14:23.0393 5276 nvstor - ok 16:14:23.0443 5276 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 16:14:23.0445 5276 nv_agp - ok 16:14:23.0487 5276 O2FLASH (4e37455db16aec75862b1d0bc35b589e) C:\Windows\system32\DRIVERS\o2flash.exe 16:14:23.0489 5276 O2FLASH - ok 16:14:23.0507 5276 O2MDFRDR (6172db160fc566cf24307941c0e94d8e) C:\Windows\system32\DRIVERS\O2MDFw7x64.sys 16:14:23.0509 5276 O2MDFRDR - ok 16:14:23.0563 5276 O2SDJRDR (61b2aca7f48738afc883c05fa136a468) C:\Windows\system32\DRIVERS\o2sdjw7x64.sys 16:14:23.0565 5276 O2SDJRDR - ok 16:14:23.0675 5276 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:14:23.0687 5276 odserv - ok 16:14:23.0721 5276 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 16:14:23.0723 5276 ohci1394 - ok 16:14:23.0778 5276 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:14:23.0786 5276 ose - ok 16:14:23.0857 5276 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 16:14:23.0866 5276 p2pimsvc - ok 16:14:23.0904 5276 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 16:14:23.0913 5276 p2psvc - ok 16:14:23.0953 5276 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 16:14:23.0963 5276 Parport - ok 16:14:24.0001 5276 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 16:14:24.0004 5276 partmgr - ok 16:14:24.0030 5276 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 16:14:24.0042 5276 PcaSvc - ok 16:14:24.0079 5276 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 16:14:24.0085 5276 pci - ok 16:14:24.0123 5276 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 16:14:24.0124 5276 pciide - ok 16:14:24.0155 5276 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 16:14:24.0160 5276 pcmcia - ok 16:14:24.0178 5276 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 16:14:24.0179 5276 pcw - ok 16:14:24.0240 5276 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 16:14:24.0253 5276 PEAUTH - ok 16:14:24.0349 5276 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 16:14:24.0379 5276 PeerDistSvc - ok 16:14:24.0456 5276 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 16:14:24.0458 5276 PerfHost - ok 16:14:24.0666 5276 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 16:14:24.0699 5276 pla - ok 16:14:24.0763 5276 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 16:14:24.0772 5276 PlugPlay - ok 16:14:24.0795 5276 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 16:14:24.0797 5276 PNRPAutoReg - ok 16:14:24.0826 5276 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 16:14:24.0828 5276 PNRPsvc - ok 16:14:24.0895 5276 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys 16:14:24.0897 5276 Point64 - ok 16:14:24.0952 5276 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 16:14:24.0966 5276 PolicyAgent - ok 16:14:24.0994 5276 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 16:14:24.0997 5276 Power - ok 16:14:25.0057 5276 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 16:14:25.0060 5276 PptpMiniport - ok 16:14:25.0088 5276 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 16:14:25.0090 5276 Processor - ok 16:14:25.0125 5276 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 16:14:25.0138 5276 ProfSvc - ok 16:14:25.0174 5276 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:14:25.0175 5276 ProtectedStorage - ok 16:14:25.0230 5276 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 16:14:25.0239 5276 Psched - ok 16:14:25.0349 5276 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 16:14:25.0385 5276 ql2300 - ok 16:14:25.0518 5276 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 16:14:25.0521 5276 ql40xx - ok 16:14:25.0558 5276 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 16:14:25.0569 5276 QWAVE - ok 16:14:25.0583 5276 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 16:14:25.0584 5276 QWAVEdrv - ok 16:14:25.0669 5276 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll 16:14:25.0671 5276 RapiMgr - ok 16:14:25.0687 5276 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 16:14:25.0688 5276 RasAcd - ok 16:14:25.0728 5276 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 16:14:25.0729 5276 RasAgileVpn - ok 16:14:25.0760 5276 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 16:14:25.0773 5276 RasAuto - ok 16:14:25.0814 5276 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:14:25.0823 5276 Rasl2tp - ok 16:14:25.0878 5276 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 16:14:25.0892 5276 RasMan - ok 16:14:25.0911 5276 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 16:14:25.0913 5276 RasPppoe - ok 16:14:25.0927 5276 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 16:14:25.0929 5276 RasSstp - ok 16:14:25.0978 5276 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 16:14:25.0986 5276 rdbss - ok 16:14:25.0995 5276 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 16:14:25.0996 5276 rdpbus - ok 16:14:26.0002 5276 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:14:26.0003 5276 RDPCDD - ok 16:14:26.0043 5276 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 16:14:26.0049 5276 RDPDR - ok 16:14:26.0070 5276 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 16:14:26.0071 5276 RDPENCDD - ok 16:14:26.0078 5276 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 16:14:26.0079 5276 RDPREFMP - ok 16:14:26.0128 5276 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys 16:14:26.0129 5276 RdpVideoMiniport - ok 16:14:26.0173 5276 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 16:14:26.0186 5276 RDPWD - ok 16:14:26.0248 5276 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 16:14:26.0261 5276 rdyboost - ok 16:14:26.0296 5276 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 16:14:26.0298 5276 RemoteAccess - ok 16:14:26.0318 5276 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 16:14:26.0324 5276 RemoteRegistry - ok 16:14:26.0367 5276 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 16:14:26.0374 5276 RFCOMM - ok 16:14:26.0401 5276 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 16:14:26.0403 5276 RpcEptMapper - ok 16:14:26.0423 5276 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 16:14:26.0424 5276 RpcLocator - ok 16:14:26.0481 5276 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 16:14:26.0485 5276 RpcSs - ok 16:14:26.0523 5276 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 16:14:26.0525 5276 rspndr - ok 16:14:26.0560 5276 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 16:14:26.0561 5276 s3cap - ok 16:14:26.0599 5276 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:14:26.0600 5276 SamSs - ok 16:14:26.0640 5276 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 16:14:26.0642 5276 sbp2port - ok 16:14:26.0830 5276 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 16:14:26.0862 5276 SBSDWSCService - ok 16:14:26.0898 5276 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 16:14:26.0904 5276 SCardSvr - ok 16:14:26.0960 5276 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 16:14:26.0962 5276 scfilter - ok 16:14:27.0062 5276 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 16:14:27.0081 5276 Schedule - ok 16:14:27.0127 5276 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 16:14:27.0128 5276 SCPolicySvc - ok 16:14:27.0168 5276 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 16:14:27.0169 5276 sdbus - ok 16:14:27.0211 5276 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 16:14:27.0220 5276 SDRSVC - ok 16:14:27.0261 5276 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 16:14:27.0262 5276 secdrv - ok 16:14:27.0302 5276 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 16:14:27.0304 5276 seclogon - ok 16:14:27.0346 5276 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 16:14:27.0347 5276 SENS - ok 16:14:27.0360 5276 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 16:14:27.0362 5276 SensrSvc - ok 16:14:27.0386 5276 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 16:14:27.0387 5276 Serenum - ok 16:14:27.0406 5276 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 16:14:27.0407 5276 Serial - ok 16:14:27.0436 5276 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 16:14:27.0437 5276 sermouse - ok 16:14:27.0490 5276 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 16:14:27.0492 5276 SessionEnv - ok 16:14:27.0527 5276 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 16:14:27.0528 5276 sffdisk - ok 16:14:27.0538 5276 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 16:14:27.0539 5276 sffp_mmc - ok 16:14:27.0560 5276 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 16:14:27.0561 5276 sffp_sd - ok 16:14:27.0576 5276 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 16:14:27.0577 5276 sfloppy - ok 16:14:27.0621 5276 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 16:14:27.0635 5276 SharedAccess - ok 16:14:27.0685 5276 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 16:14:27.0699 5276 ShellHWDetection - ok 16:14:27.0721 5276 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:14:27.0723 5276 SiSRaid2 - ok 16:14:27.0745 5276 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 16:14:27.0747 5276 SiSRaid4 - ok 16:14:27.0763 5276 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 16:14:27.0765 5276 Smb - ok 16:14:27.0801 5276 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 16:14:27.0803 5276 SNMPTRAP - ok 16:14:27.0819 5276 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 16:14:27.0820 5276 spldr - ok 16:14:27.0864 5276 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 16:14:27.0876 5276 Spooler - ok 16:14:28.0085 5276 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 16:14:28.0151 5276 sppsvc - ok 16:14:28.0254 5276 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 16:14:28.0256 5276 sppuinotify - ok 16:14:28.0336 5276 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 16:14:28.0346 5276 srv - ok 16:14:28.0380 5276 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 16:14:28.0389 5276 srv2 - ok 16:14:28.0431 5276 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 16:14:28.0437 5276 srvnet - ok 16:14:28.0477 5276 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 16:14:28.0483 5276 SSDPSRV - ok 16:14:28.0501 5276 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 16:14:28.0503 5276 SstpSvc - ok 16:14:28.0598 5276 STacSV (c8f44e5e99ff6cf2e0627139cfec0742) C:\Program Files\IDT\WDM\STacSV64.exe 16:14:28.0601 5276 STacSV - ok 16:14:28.0651 5276 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys 16:14:28.0653 5276 stdcfltn - ok 16:14:28.0680 5276 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 16:14:28.0681 5276 stexstor - ok 16:14:28.0755 5276 STHDA (7a69c8af123f4c6a1d63daa7f5e2638d) C:\Windows\system32\DRIVERS\stwrt64.sys 16:14:28.0768 5276 STHDA - ok 16:14:28.0855 5276 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 16:14:28.0865 5276 stisvc - ok 16:14:28.0897 5276 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 16:14:28.0898 5276 storflt - ok 16:14:28.0932 5276 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 16:14:28.0933 5276 StorSvc - ok 16:14:28.0950 5276 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 16:14:28.0951 5276 storvsc - ok 16:14:28.0968 5276 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 16:14:28.0970 5276 swenum - ok 16:14:29.0026 5276 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 16:14:29.0041 5276 swprv - ok 16:14:29.0052 5276 Synth3dVsc - ok 16:14:29.0193 5276 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 16:14:29.0227 5276 SysMain - ok 16:14:29.0343 5276 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 16:14:29.0346 5276 TabletInputService - ok 16:14:29.0401 5276 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 16:14:29.0409 5276 TapiSrv - ok 16:14:29.0431 5276 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 16:14:29.0433 5276 TBS - ok 16:14:29.0586 5276 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 16:14:29.0618 5276 Tcpip - ok 16:14:29.0847 5276 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 16:14:29.0861 5276 TCPIP6 - ok 16:14:29.0952 5276 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 16:14:29.0953 5276 tcpipreg - ok 16:14:29.0982 5276 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 16:14:29.0983 5276 TDPIPE - ok 16:14:30.0013 5276 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 16:14:30.0014 5276 TDTCP - ok 16:14:30.0065 5276 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 16:14:30.0067 5276 tdx - ok 16:14:30.0341 5276 TeamViewer7 (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 16:14:30.0383 5276 TeamViewer7 - ok 16:14:30.0531 5276 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 16:14:30.0533 5276 TermDD - ok 16:14:30.0614 5276 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 16:14:30.0632 5276 TermService - ok 16:14:30.0664 5276 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 16:14:30.0667 5276 Themes - ok 16:14:30.0690 5276 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 16:14:30.0692 5276 THREADORDER - ok 16:14:30.0731 5276 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 16:14:30.0739 5276 TrkWks - ok 16:14:30.0965 5276 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 16:14:30.0967 5276 TrustedInstaller - ok 16:14:31.0025 5276 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:14:31.0026 5276 tssecsrv - ok 16:14:31.0109 5276 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 16:14:31.0114 5276 TsUsbFlt - ok 16:14:31.0122 5276 tsusbhub - ok 16:14:31.0164 5276 TTCinergyT2 (a52c83517f54e1e33000d86389ae78cf) C:\Windows\system32\DRIVERS\TTCinergyT2BDA.sys 16:14:31.0180 5276 TTCinergyT2 - ok 16:14:31.0236 5276 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 16:14:31.0238 5276 tunnel - ok 16:14:31.0375 5276 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 16:14:31.0376 5276 uagp35 - ok 16:14:31.0429 5276 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 16:14:31.0440 5276 udfs - ok 16:14:31.0521 5276 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe 16:14:31.0535 5276 ufad-ws60 - ok 16:14:31.0566 5276 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 16:14:31.0569 5276 UI0Detect - ok 16:14:31.0619 5276 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 16:14:31.0621 5276 uliagpkx - ok 16:14:31.0671 5276 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 16:14:31.0673 5276 umbus - ok 16:14:31.0677 5276 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 16:14:31.0678 5276 UmPass - ok 16:14:31.0725 5276 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 16:14:31.0736 5276 UmRdpService - ok 16:14:31.0777 5276 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 16:14:31.0790 5276 upnphost - ok 16:14:31.0832 5276 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 16:14:31.0834 5276 USBAAPL64 - ok 16:14:31.0894 5276 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 16:14:31.0899 5276 usbaudio - ok 16:14:31.0943 5276 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 16:14:31.0945 5276 usbccgp - ok 16:14:31.0994 5276 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 16:14:31.0996 5276 usbcir - ok 16:14:32.0019 5276 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 16:14:32.0021 5276 usbehci - ok 16:14:32.0070 5276 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 16:14:32.0077 5276 usbhub - ok 16:14:32.0114 5276 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 16:14:32.0116 5276 usbohci - ok 16:14:32.0154 5276 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 16:14:32.0155 5276 usbprint - ok 16:14:32.0188 5276 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:14:32.0191 5276 USBSTOR - ok 16:14:32.0200 5276 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 16:14:32.0201 5276 usbuhci - ok 16:14:32.0268 5276 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 16:14:32.0274 5276 usbvideo - ok 16:14:32.0298 5276 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 16:14:32.0300 5276 UxSms - ok 16:14:32.0340 5276 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:14:32.0342 5276 VaultSvc - ok 16:14:32.0391 5276 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 16:14:32.0393 5276 vdrvroot - ok 16:14:32.0477 5276 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 16:14:32.0495 5276 vds - ok 16:14:32.0532 5276 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 16:14:32.0533 5276 vga - ok 16:14:32.0537 5276 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 16:14:32.0538 5276 VgaSave - ok 16:14:32.0541 5276 VGPU - ok 16:14:32.0580 5276 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 16:14:32.0586 5276 vhdmp - ok 16:14:32.0599 5276 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 16:14:32.0600 5276 viaide - ok 16:14:32.0696 5276 VMAuthdService (42f0ecaf36636841a4a006850695507f) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe 16:14:32.0705 5276 VMAuthdService - ok 16:14:32.0809 5276 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 16:14:32.0815 5276 vmbus - ok 16:14:32.0850 5276 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 16:14:32.0866 5276 VMBusHID - ok 16:14:32.0913 5276 vmci (3d810a11c3e7fd4682a8824f54c1a04f) C:\Windows\system32\drivers\vmci.sys 16:14:32.0915 5276 vmci - ok 16:14:32.0949 5276 vmkbd (1af6462718e5ab0ed55014a6ef3790ef) C:\Windows\system32\drivers\VMkbd.sys 16:14:32.0950 5276 vmkbd - ok 16:14:32.0983 5276 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys 16:14:32.0984 5276 VMnetAdapter - ok 16:14:33.0021 5276 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys 16:14:33.0024 5276 VMnetBridge - ok 16:14:33.0044 5276 VMnetDHCP - ok 16:14:33.0064 5276 VMnetuserif (daf5e04eb56cd0ed945fb2fdd94812db) C:\Windows\system32\drivers\vmnetuserif.sys 16:14:33.0067 5276 VMnetuserif - ok 16:14:33.0081 5276 VMparport (a459ee9a95fde6b7140336e2f5e6a4cb) C:\Windows\system32\drivers\VMparport.sys 16:14:33.0083 5276 VMparport - ok 16:14:33.0132 5276 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys 16:14:33.0133 5276 vmusb - ok 16:14:33.0235 5276 VMUSBArbService (f22098dbdd13c1221c274496b3e18da7) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe 16:14:33.0243 5276 VMUSBArbService - ok 16:14:33.0252 5276 VMware NAT Service - ok 16:14:33.0266 5276 vmx86 (ae7f667db83e108e83c86a56b821e9a6) C:\Windows\system32\drivers\vmx86.sys 16:14:33.0268 5276 vmx86 - ok 16:14:33.0310 5276 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 16:14:33.0312 5276 volmgr - ok 16:14:33.0361 5276 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 16:14:33.0367 5276 volmgrx - ok 16:14:33.0419 5276 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 16:14:33.0427 5276 volsnap - ok 16:14:33.0530 5276 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 16:14:33.0536 5276 vsmraid - ok 16:14:33.0652 5276 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 16:14:33.0675 5276 VSS - ok 16:14:33.0745 5276 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys 16:14:33.0746 5276 vstor2-ws60 - ok 16:14:33.0870 5276 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 16:14:33.0871 5276 vwifibus - ok 16:14:33.0882 5276 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 16:14:33.0884 5276 vwififlt - ok 16:14:33.0912 5276 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 16:14:33.0913 5276 vwifimp - ok 16:14:33.0961 5276 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 16:14:33.0972 5276 W32Time - ok 16:14:33.0985 5276 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 16:14:33.0987 5276 WacomPen - ok 16:14:34.0039 5276 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 16:14:34.0041 5276 WANARP - ok 16:14:34.0043 5276 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 16:14:34.0044 5276 Wanarpv6 - ok 16:14:34.0161 5276 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 16:14:34.0191 5276 wbengine - ok 16:14:34.0317 5276 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 16:14:34.0333 5276 WbioSrvc - ok 16:14:34.0420 5276 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll 16:14:34.0423 5276 WcesComm - ok 16:14:34.0482 5276 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 16:14:34.0495 5276 wcncsvc - ok 16:14:34.0510 5276 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 16:14:34.0512 5276 WcsPlugInService - ok 16:14:34.0562 5276 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 16:14:34.0564 5276 Wd - ok 16:14:34.0609 5276 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys 16:14:34.0610 5276 WDC_SAM - ok 16:14:34.0696 5276 WDDMService (e6050fe6b60fa91188b8abdb5b1e339f) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe 16:14:34.0700 5276 WDDMService - ok 16:14:34.0781 5276 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 16:14:34.0797 5276 Wdf01000 - ok 16:14:34.0920 5276 WDFME (b83d5071b32a70bebdb3330bfa7acb80) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe 16:14:34.0931 5276 WDFME - ok 16:14:35.0058 5276 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 16:14:35.0061 5276 WdiServiceHost - ok 16:14:35.0065 5276 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 16:14:35.0067 5276 WdiSystemHost - ok 16:14:35.0109 5276 WDSC (517de2c5568cba6b2a24a557ac60c30b) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe 16:14:35.0112 5276 WDSC - ok 16:14:35.0161 5276 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 16:14:35.0168 5276 WebClient - ok 16:14:35.0190 5276 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 16:14:35.0202 5276 Wecsvc - ok 16:14:35.0219 5276 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 16:14:35.0221 5276 wercplsupport - ok 16:14:35.0247 5276 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 16:14:35.0249 5276 WerSvc - ok 16:14:35.0305 5276 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 16:14:35.0306 5276 WfpLwf - ok 16:14:35.0319 5276 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 16:14:35.0320 5276 WIMMount - ok 16:14:35.0332 5276 WinDefend - ok 16:14:35.0337 5276 WinHttpAutoProxySvc - ok 16:14:35.0409 5276 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 16:14:35.0417 5276 Winmgmt - ok 16:14:35.0563 5276 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 16:14:35.0602 5276 WinRM - ok 16:14:35.0793 5276 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 16:14:35.0794 5276 WinUsb - ok 16:14:35.0869 5276 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 16:14:35.0886 5276 Wlansvc - ok 16:14:36.0163 5276 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 16:14:36.0202 5276 wlidsvc - ok 16:14:36.0354 5276 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 16:14:36.0355 5276 WmiAcpi - ok 16:14:36.0410 5276 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 16:14:36.0423 5276 wmiApSrv - ok 16:14:36.0441 5276 WMPNetworkSvc - ok 16:14:36.0482 5276 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 16:14:36.0485 5276 WPCSvc - ok 16:14:36.0535 5276 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 16:14:36.0545 5276 WPDBusEnum - ok 16:14:36.0568 5276 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 16:14:36.0570 5276 ws2ifsl - ok 16:14:36.0588 5276 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 16:14:36.0591 5276 wscsvc - ok 16:14:36.0595 5276 WSearch - ok 16:14:36.0780 5276 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 16:14:36.0829 5276 wuauserv - ok 16:14:36.0980 5276 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 16:14:36.0989 5276 WudfPf - ok 16:14:37.0019 5276 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:14:37.0030 5276 WUDFRd - ok 16:14:37.0066 5276 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 16:14:37.0068 5276 wudfsvc - ok 16:14:37.0106 5276 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 16:14:37.0118 5276 WwanSvc - ok 16:14:37.0157 5276 WwanUsbServ (a100bd898b40de890dbe53eae4896d20) C:\Windows\system32\DRIVERS\WwanUsbMp64.sys 16:14:37.0159 5276 WwanUsbServ - ok 16:14:37.0213 5276 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 16:14:37.0484 5276 \Device\Harddisk0\DR0 - ok 16:14:37.0486 5276 Boot (0x1200) (f978931a0526a4a206a6a3c700e00f6e) \Device\Harddisk0\DR0\Partition0 16:14:37.0487 5276 \Device\Harddisk0\DR0\Partition0 - ok 16:14:37.0498 5276 Boot (0x1200) (bc398a7b6ccd4bd3d6e56941670283e3) \Device\Harddisk0\DR0\Partition1 16:14:37.0499 5276 \Device\Harddisk0\DR0\Partition1 - ok 16:14:37.0517 5276 Boot (0x1200) (4429aa7c6889c6c6b4f98e32749f73ea) \Device\Harddisk0\DR0\Partition2 16:14:37.0518 5276 \Device\Harddisk0\DR0\Partition2 - ok 16:14:37.0519 5276 ============================================================ 16:14:37.0519 5276 Scan finished 16:14:37.0519 5276 ============================================================ 16:14:37.0530 9172 Detected object count: 0 16:14:37.0530 9172 Actual detected object count: 0 16:15:09.0283 5632 ============================================================ 16:15:09.0283 5632 Scan started 16:15:09.0283 5632 Mode: Manual; SigCheck; TDLFS; 16:15:09.0283 5632 ============================================================ 16:15:09.0637 5632 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 16:15:09.0769 5632 1394ohci - ok 16:15:09.0799 5632 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys 16:15:09.0820 5632 Acceler - ok 16:15:09.0851 5632 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 16:15:09.0864 5632 ACPI - ok 16:15:09.0881 5632 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 16:15:09.0939 5632 AcpiPmi - ok 16:15:10.0051 5632 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 16:15:10.0058 5632 AdobeARMservice - ok 16:15:10.0109 5632 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 16:15:10.0125 5632 adp94xx - ok 16:15:10.0156 5632 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 16:15:10.0169 5632 adpahci - ok 16:15:10.0196 5632 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 16:15:10.0207 5632 adpu320 - ok 16:15:10.0239 5632 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 16:15:10.0345 5632 AeLookupSvc - ok 16:15:10.0405 5632 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe 16:15:10.0449 5632 AESTFilters - ok 16:15:10.0516 5632 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 16:15:10.0587 5632 AFD - ok 16:15:10.0628 5632 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 16:15:10.0640 5632 agp440 - ok 16:15:10.0663 5632 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 16:15:10.0685 5632 ALG - ok 16:15:10.0699 5632 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 16:15:10.0706 5632 aliide - ok 16:15:10.0709 5632 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 16:15:10.0716 5632 amdide - ok 16:15:10.0748 5632 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 16:15:10.0807 5632 AmdK8 - ok 16:15:10.0814 5632 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 16:15:10.0842 5632 AmdPPM - ok 16:15:10.0875 5632 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 16:15:10.0884 5632 amdsata - ok 16:15:10.0909 5632 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 16:15:10.0917 5632 amdsbs - ok 16:15:10.0932 5632 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 16:15:10.0939 5632 amdxata - ok 16:15:11.0032 5632 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 16:15:11.0050 5632 AntiVirSchedulerService - ok 16:15:11.0088 5632 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 16:15:11.0095 5632 AntiVirService - ok 16:15:11.0165 5632 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE 16:15:11.0181 5632 AntiVirWebService - ok 16:15:11.0226 5632 ApfiltrService (ca5f1bd1261bc771d30096bbcfd625a0) C:\Windows\system32\DRIVERS\Apfiltr.sys 16:15:11.0237 5632 ApfiltrService - ok 16:15:11.0271 5632 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 16:15:11.0391 5632 AppID - ok 16:15:11.0418 5632 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 16:15:11.0454 5632 AppIDSvc - ok 16:15:11.0491 5632 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 16:15:11.0532 5632 Appinfo - ok 16:15:11.0650 5632 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 16:15:11.0658 5632 Apple Mobile Device - ok 16:15:11.0681 5632 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 16:15:11.0720 5632 AppMgmt - ok 16:15:11.0753 5632 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 16:15:11.0761 5632 arc - ok 16:15:11.0772 5632 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 16:15:11.0779 5632 arcsas - ok 16:15:11.0795 5632 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 16:15:11.0875 5632 AsyncMac - ok 16:15:11.0901 5632 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 16:15:11.0908 5632 atapi - ok 16:15:11.0979 5632 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 16:15:12.0021 5632 AudioEndpointBuilder - ok 16:15:12.0026 5632 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 16:15:12.0055 5632 AudioSrv - ok 16:15:12.0092 5632 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys 16:15:12.0099 5632 avgntflt - ok 16:15:12.0141 5632 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys 16:15:12.0149 5632 avipbb - ok 16:15:12.0178 5632 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys 16:15:12.0184 5632 avkmgr - ok 16:15:12.0224 5632 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 16:15:12.0273 5632 AxInstSV - ok 16:15:12.0330 5632 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 16:15:12.0352 5632 b06bdrv - ok 16:15:12.0385 5632 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 16:15:12.0425 5632 b57nd60a - ok 16:15:12.0462 5632 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 16:15:12.0495 5632 BDESVC - ok 16:15:12.0506 5632 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 16:15:12.0552 5632 Beep - ok 16:15:12.0630 5632 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 16:15:12.0665 5632 BFE - ok 16:15:12.0748 5632 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 16:15:12.0796 5632 BITS - ok 16:15:12.0829 5632 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 16:15:12.0850 5632 blbdrive - ok 16:15:12.0937 5632 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 16:15:12.0955 5632 Bonjour Service - ok 16:15:12.0995 5632 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 16:15:13.0016 5632 bowser - ok 16:15:13.0032 5632 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:15:13.0082 5632 BrFiltLo - ok 16:15:13.0085 5632 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:15:13.0096 5632 BrFiltUp - ok 16:15:13.0137 5632 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 16:15:13.0192 5632 Browser - ok 16:15:13.0219 5632 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 16:15:13.0248 5632 Brserid - ok 16:15:13.0253 5632 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 16:15:13.0270 5632 BrSerWdm - ok 16:15:13.0273 5632 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 16:15:13.0286 5632 BrUsbMdm - ok 16:15:13.0290 5632 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 16:15:13.0305 5632 BrUsbSer - ok 16:15:13.0339 5632 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 16:15:13.0400 5632 BthEnum - ok 16:15:13.0417 5632 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 16:15:13.0443 5632 BTHMODEM - ok 16:15:13.0472 5632 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 16:15:13.0491 5632 BthPan - ok 16:15:13.0548 5632 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 16:15:13.0585 5632 BTHPORT - ok 16:15:13.0614 5632 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 16:15:13.0654 5632 bthserv - ok 16:15:13.0675 5632 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 16:15:13.0690 5632 BTHUSB - ok 16:15:13.0719 5632 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 16:15:13.0758 5632 cdfs - ok 16:15:13.0794 5632 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 16:15:13.0813 5632 cdrom - ok 16:15:13.0860 5632 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 16:15:13.0915 5632 CertPropSvc - ok 16:15:13.0938 5632 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 16:15:13.0951 5632 circlass - ok 16:15:13.0987 5632 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 16:15:13.0998 5632 CLFS - ok 16:15:14.0052 5632 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:15:14.0076 5632 clr_optimization_v2.0.50727_32 - ok 16:15:14.0112 5632 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:15:14.0122 5632 clr_optimization_v2.0.50727_64 - ok 16:15:14.0207 5632 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:15:14.0230 5632 clr_optimization_v4.0.30319_32 - ok 16:15:14.0267 5632 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:15:14.0287 5632 clr_optimization_v4.0.30319_64 - ok 16:15:14.0315 5632 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 16:15:14.0341 5632 CmBatt - ok 16:15:14.0391 5632 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 16:15:14.0413 5632 cmdide - ok 16:15:14.0550 5632 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 16:15:14.0580 5632 CNG - ok 16:15:14.0591 5632 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 16:15:14.0598 5632 Compbatt - ok 16:15:14.0631 5632 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 16:15:14.0649 5632 CompositeBus - ok 16:15:14.0652 5632 COMSysApp - ok 16:15:14.0665 5632 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 16:15:14.0672 5632 crcdisk - ok 16:15:14.0719 5632 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 16:15:14.0768 5632 CryptSvc - ok 16:15:14.0841 5632 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys 16:15:14.0891 5632 CSC - ok 16:15:14.0959 5632 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll 16:15:14.0990 5632 CscService - ok 16:15:15.0007 5632 cvusbdrv (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys 16:15:15.0017 5632 cvusbdrv - ok 16:15:15.0047 5632 d554gps (0fef994d890c92d8f23442bc52d4fea9) C:\Windows\system32\DRIVERS\d554gps64.sys 16:15:15.0057 5632 d554gps - ok 16:15:15.0082 5632 d554scard (95da07e4859396912d8e5630da5a9324) C:\Windows\system32\DRIVERS\d554scard.sys 16:15:15.0090 5632 d554scard - ok 16:15:15.0126 5632 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys 16:15:15.0167 5632 dc3d - ok 16:15:15.0237 5632 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 16:15:15.0289 5632 DcomLaunch - ok 16:15:15.0334 5632 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 16:15:15.0375 5632 defragsvc - ok 16:15:15.0406 5632 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 16:15:15.0455 5632 DfsC - ok 16:15:15.0508 5632 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 16:15:15.0555 5632 Dhcp - ok 16:15:15.0575 5632 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 16:15:15.0609 5632 discache - ok 16:15:15.0641 5632 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 16:15:15.0648 5632 Disk - ok 16:15:15.0690 5632 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 16:15:15.0717 5632 Dnscache - ok 16:15:15.0763 5632 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 16:15:15.0826 5632 dot3svc - ok 16:15:15.0869 5632 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 16:15:15.0918 5632 DPS - ok 16:15:15.0939 5632 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 16:15:15.0952 5632 drmkaud - ok 16:15:16.0002 5632 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 16:15:16.0013 5632 dtsoftbus01 - ok 16:15:16.0098 5632 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 16:15:16.0119 5632 DXGKrnl - ok 16:15:16.0160 5632 e1cexpress (60633132a929c09fe78fab16541f9e71) C:\Windows\system32\DRIVERS\e1c62x64.sys 16:15:16.0169 5632 e1cexpress - ok 16:15:16.0199 5632 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 16:15:16.0235 5632 EapHost - ok 16:15:16.0429 5632 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 16:15:16.0491 5632 ebdrv - ok 16:15:16.0605 5632 ecnssndis (f88f2e5806fc405b0fa94b7947a5875e) C:\Windows\system32\Drivers\wwuss64.sys 16:15:16.0616 5632 ecnssndis - ok 16:15:16.0628 5632 ecnssndisfltr (c8cd88218efc28f7e44a9892b3e97f4d) C:\Windows\system32\Drivers\wwussf64.sys 16:15:16.0640 5632 ecnssndisfltr - ok 16:15:16.0675 5632 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 16:15:16.0712 5632 EFS - ok 16:15:16.0811 5632 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 16:15:16.0847 5632 ehRecvr - ok 16:15:16.0879 5632 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 16:15:16.0916 5632 ehSched - ok 16:15:16.0968 5632 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 16:15:16.0983 5632 elxstor - ok 16:15:17.0059 5632 EMP_UDSA (faa735cb77474deb4e4e327340117d3a) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe 16:15:17.0066 5632 EMP_UDSA ( UnsignedFile.Multi.Generic ) - warning 16:15:17.0067 5632 EMP_UDSA - detected UnsignedFile.Multi.Generic (1) 16:15:17.0086 5632 eppvad_simple (55d460f601d0b4d528bb16c0e8e18723) C:\Windows\system32\drivers\EMP_UDAU.sys 16:15:17.0120 5632 eppvad_simple - ok 16:15:17.0152 5632 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 16:15:17.0172 5632 ErrDev - ok 16:15:17.0213 5632 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 16:15:17.0257 5632 EventSystem - ok 16:15:17.0283 5632 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 16:15:17.0308 5632 exfat - ok 16:15:17.0334 5632 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 16:15:17.0373 5632 fastfat - ok 16:15:17.0444 5632 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 16:15:17.0493 5632 Fax - ok 16:15:17.0498 5632 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 16:15:17.0511 5632 fdc - ok 16:15:17.0534 5632 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 16:15:17.0584 5632 fdPHost - ok 16:15:17.0603 5632 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 16:15:17.0634 5632 FDResPub - ok 16:15:17.0658 5632 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 16:15:17.0665 5632 FileInfo - ok 16:15:17.0675 5632 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 16:15:17.0699 5632 Filetrace - ok 16:15:17.0702 5632 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 16:15:17.0716 5632 flpydisk - ok 16:15:17.0762 5632 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 16:15:17.0771 5632 FltMgr - ok 16:15:17.0870 5632 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 16:15:17.0913 5632 FontCache - ok 16:15:17.0985 5632 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:15:17.0990 5632 FontCache3.0.0.0 - ok 16:15:18.0033 5632 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 16:15:18.0040 5632 FsDepends - ok 16:15:18.0075 5632 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 16:15:18.0082 5632 Fs_Rec - ok 16:15:18.0126 5632 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 16:15:18.0137 5632 fvevol - ok 16:15:18.0153 5632 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 16:15:18.0160 5632 gagp30kx - ok 16:15:18.0199 5632 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:15:18.0205 5632 GEARAspiWDM - ok 16:15:18.0294 5632 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 16:15:18.0347 5632 gpsvc - ok 16:15:18.0379 5632 hcmon (ba207b48aa3d9d73fd4856400f852458) C:\Windows\system32\drivers\hcmon.sys 16:15:18.0386 5632 hcmon - ok 16:15:18.0399 5632 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 16:15:18.0447 5632 hcw85cir - ok 16:15:18.0507 5632 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 16:15:18.0519 5632 HdAudAddService - ok 16:15:18.0547 5632 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 16:15:18.0562 5632 HDAudBus - ok 16:15:18.0566 5632 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 16:15:18.0583 5632 HidBatt - ok 16:15:18.0591 5632 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 16:15:18.0601 5632 HidBth - ok 16:15:18.0615 5632 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 16:15:18.0635 5632 HidIr - ok 16:15:18.0664 5632 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 16:15:18.0697 5632 hidserv - ok 16:15:18.0716 5632 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 16:15:18.0724 5632 HidUsb - ok 16:15:18.0759 5632 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 16:15:18.0797 5632 hkmsvc - ok 16:15:18.0845 5632 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 16:15:18.0879 5632 HomeGroupListener - ok 16:15:18.0924 5632 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 16:15:18.0945 5632 HomeGroupProvider - ok 16:15:18.0962 5632 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 16:15:18.0969 5632 HpSAMD - ok 16:15:19.0053 5632 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 16:15:19.0112 5632 HTTP - ok 16:15:19.0150 5632 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 16:15:19.0164 5632 hwpolicy - ok 16:15:19.0180 5632 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 16:15:19.0191 5632 i8042prt - ok 16:15:19.0252 5632 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 16:15:19.0264 5632 iaStorV - ok 16:15:19.0371 5632 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:15:19.0397 5632 idsvc - ok 16:15:20.0078 5632 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys 16:15:20.0214 5632 igfx - ok 16:15:20.0327 5632 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 16:15:20.0339 5632 iirsp - ok 16:15:20.0417 5632 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 16:15:20.0457 5632 IKEEXT - ok 16:15:20.0499 5632 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 16:15:20.0535 5632 IntcDAud - ok 16:15:20.0567 5632 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 16:15:20.0577 5632 intelide - ok 16:15:20.0590 5632 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 16:15:20.0611 5632 intelppm - ok 16:15:20.0645 5632 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 16:15:20.0685 5632 IPBusEnum - ok 16:15:20.0723 5632 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:15:20.0759 5632 IpFilterDriver - ok 16:15:20.0858 5632 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 16:15:20.0900 5632 iphlpsvc - ok 16:15:20.0935 5632 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 16:15:20.0961 5632 IPMIDRV - ok 16:15:20.0983 5632 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 16:15:21.0031 5632 IPNAT - ok 16:15:21.0137 5632 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 16:15:21.0162 5632 iPod Service - ok 16:15:21.0174 5632 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 16:15:21.0227 5632 IRENUM - ok 16:15:21.0241 5632 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 16:15:21.0248 5632 isapnp - ok 16:15:21.0293 5632 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 16:15:21.0304 5632 iScsiPrt - ok 16:15:21.0324 5632 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 16:15:21.0331 5632 kbdclass - ok 16:15:21.0366 5632 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 16:15:21.0374 5632 kbdhid - ok 16:15:21.0409 5632 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:15:21.0416 5632 KeyIso - ok 16:15:21.0435 5632 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 16:15:21.0444 5632 KSecDD - ok 16:15:21.0462 5632 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 16:15:21.0470 5632 KSecPkg - ok 16:15:21.0487 5632 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 16:15:21.0525 5632 ksthunk - ok 16:15:21.0572 5632 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 16:15:21.0608 5632 KtmRm - ok 16:15:21.0716 5632 L4301_Solar (caeaa16039485b2d3bb069c1107442a5) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe 16:15:21.0728 5632 L4301_Solar - ok 16:15:21.0776 5632 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 16:15:21.0812 5632 LanmanServer - ok 16:15:21.0852 5632 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 16:15:21.0891 5632 LanmanWorkstation - ok 16:15:22.0012 5632 LBTServ (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 16:15:22.0024 5632 LBTServ - ok 16:15:22.0081 5632 LEqdUsb (abfd2b5726f4cce49297ae48806cc594) C:\Windows\system32\DRIVERS\LEqdUsb.Sys 16:15:22.0091 5632 LEqdUsb - ok 16:15:22.0121 5632 LHidEqd (933f69cf9acd2498693bfcd7ed68e8d4) C:\Windows\system32\DRIVERS\LHidEqd.Sys 16:15:22.0129 5632 LHidEqd - ok 16:15:22.0142 5632 LHidFilt (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys 16:15:22.0150 5632 LHidFilt - ok 16:15:22.0172 5632 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 16:15:22.0216 5632 lltdio - ok 16:15:22.0254 5632 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 16:15:22.0291 5632 lltdsvc - ok 16:15:22.0327 5632 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 16:15:22.0352 5632 lmhosts - ok 16:15:22.0381 5632 LMouFilt (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys 16:15:22.0388 5632 LMouFilt - ok 16:15:22.0409 5632 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 16:15:22.0417 5632 LSI_FC - ok 16:15:22.0436 5632 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 16:15:22.0448 5632 LSI_SAS - ok 16:15:22.0464 5632 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:15:22.0471 5632 LSI_SAS2 - ok 16:15:22.0486 5632 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:15:22.0497 5632 LSI_SCSI - ok 16:15:22.0519 5632 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 16:15:22.0544 5632 luafv - ok 16:15:22.0576 5632 LUsbFilt (11ddb1d900078fbe3691df7b878aec28) C:\Windows\system32\Drivers\LUsbFilt.Sys 16:15:22.0584 5632 LUsbFilt - ok 16:15:22.0613 5632 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 16:15:22.0620 5632 MBAMProtector - ok 16:15:22.0726 5632 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 16:15:22.0745 5632 MBAMService - ok 16:15:22.0795 5632 Mbm3CBus (0845da0bff1af5c57de4dd97acaf2fcd) C:\Windows\system32\DRIVERS\Mbm3CBus.sys 16:15:22.0805 5632 Mbm3CBus - ok 16:15:22.0854 5632 Mbm3DevMt (db6fa599aa79324e287c4eaf6020da37) C:\Windows\system32\DRIVERS\Mbm3DevMt.sys 16:15:22.0864 5632 Mbm3DevMt - ok 16:15:22.0885 5632 Mbm3mdfl (2f71edb697752d409b9983f0e1d88f70) C:\Windows\system32\DRIVERS\Mbm3mdfl.sys 16:15:22.0891 5632 Mbm3mdfl - ok 16:15:22.0933 5632 Mbm3Mdm (21b412a36de3ccfe4e13383b88cfc90c) C:\Windows\system32\DRIVERS\Mbm3Mdm.sys 16:15:22.0952 5632 Mbm3Mdm - ok 16:15:22.0995 5632 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 16:15:23.0028 5632 Mcx2Svc - ok 16:15:23.0048 5632 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 16:15:23.0057 5632 megasas - ok 16:15:23.0090 5632 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 16:15:23.0099 5632 MegaSR - ok 16:15:23.0120 5632 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 16:15:23.0126 5632 MEIx64 - ok 16:15:23.0140 5632 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 16:15:23.0178 5632 MMCSS - ok 16:15:23.0198 5632 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 16:15:23.0231 5632 Modem - ok 16:15:23.0247 5632 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 16:15:23.0262 5632 monitor - ok 16:15:23.0300 5632 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 16:15:23.0307 5632 mouclass - ok 16:15:23.0323 5632 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 16:15:23.0340 5632 mouhid - ok 16:15:23.0378 5632 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 16:15:23.0386 5632 mountmgr - ok 16:15:23.0427 5632 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 16:15:23.0441 5632 MpFilter - ok 16:15:23.0489 5632 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 16:15:23.0497 5632 mpio - ok 16:15:23.0521 5632 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 16:15:23.0547 5632 mpsdrv - ok 16:15:23.0632 5632 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 16:15:23.0669 5632 MpsSvc - ok 16:15:23.0710 5632 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 16:15:23.0729 5632 MRxDAV - ok 16:15:23.0765 5632 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:15:23.0791 5632 mrxsmb - ok 16:15:23.0851 5632 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:15:23.0861 5632 mrxsmb10 - ok 16:15:23.0901 5632 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:15:23.0912 5632 mrxsmb20 - ok 16:15:23.0951 5632 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 16:15:23.0958 5632 msahci - ok 16:15:23.0998 5632 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 16:15:24.0006 5632 msdsm - ok 16:15:24.0043 5632 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 16:15:24.0072 5632 MSDTC - ok 16:15:24.0096 5632 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 16:15:24.0126 5632 Msfs - ok 16:15:24.0135 5632 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 16:15:24.0171 5632 mshidkmdf - ok 16:15:24.0182 5632 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 16:15:24.0190 5632 msisadrv - ok 16:15:24.0219 5632 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 16:15:24.0253 5632 MSiSCSI - ok 16:15:24.0256 5632 msiserver - ok 16:15:24.0264 5632 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 16:15:24.0296 5632 MSKSSRV - ok 16:15:24.0353 5632 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe 16:15:24.0360 5632 MsMpSvc - ok 16:15:24.0370 5632 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 16:15:24.0406 5632 MSPCLOCK - ok 16:15:24.0423 5632 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 16:15:24.0460 5632 MSPQM - ok 16:15:24.0515 5632 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 16:15:24.0526 5632 MsRPC - ok 16:15:24.0583 5632 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 16:15:24.0592 5632 mssmbios - ok 16:15:24.0604 5632 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 16:15:24.0641 5632 MSTEE - ok 16:15:24.0650 5632 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 16:15:24.0658 5632 MTConfig - ok 16:15:24.0673 5632 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 16:15:24.0680 5632 Mup - ok 16:15:24.0741 5632 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 16:15:24.0785 5632 napagent - ok 16:15:24.0819 5632 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 16:15:24.0842 5632 NativeWifiP - ok 16:15:24.0914 5632 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 16:15:24.0941 5632 NDIS - ok 16:15:24.0952 5632 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 16:15:24.0976 5632 NdisCap - ok 16:15:24.0986 5632 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 16:15:25.0023 5632 NdisTapi - ok 16:15:25.0055 5632 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 16:15:25.0088 5632 Ndisuio - ok 16:15:25.0146 5632 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 16:15:25.0189 5632 NdisWan - ok 16:15:25.0224 5632 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 16:15:25.0284 5632 NDProxy - ok 16:15:25.0313 5632 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys 16:15:25.0347 5632 Netaapl - ok 16:15:25.0358 5632 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 16:15:25.0403 5632 NetBIOS - ok 16:15:25.0455 5632 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 16:15:25.0498 5632 NetBT - ok 16:15:25.0533 5632 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:15:25.0549 5632 Netlogon - ok 16:15:25.0592 5632 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 16:15:25.0635 5632 Netman - ok 16:15:25.0664 5632 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 16:15:25.0700 5632 netprofm - ok 16:15:25.0755 5632 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:15:25.0761 5632 NetTcpPortSharing - ok 16:15:26.0209 5632 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys 16:15:26.0304 5632 NETwNs64 - ok 16:15:26.0406 5632 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 16:15:26.0416 5632 nfrd960 - ok 16:15:26.0450 5632 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 16:15:26.0458 5632 NisDrv - ok 16:15:26.0561 5632 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe 16:15:26.0579 5632 NisSrv - ok 16:15:26.0644 5632 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 16:15:26.0680 5632 NlaSvc - ok 16:15:26.0693 5632 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 16:15:26.0716 5632 Npfs - ok 16:15:26.0737 5632 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 16:15:26.0777 5632 nsi - ok 16:15:26.0791 5632 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 16:15:26.0830 5632 nsiproxy - ok 16:15:26.0964 5632 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 16:15:26.0995 5632 Ntfs - ok 16:15:27.0127 5632 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys 16:15:27.0144 5632 NuidFltr - ok 16:15:27.0168 5632 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 16:15:27.0212 5632 Null - ok 16:15:27.0252 5632 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 16:15:27.0283 5632 nvraid - ok 16:15:27.0314 5632 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 16:15:27.0325 5632 nvstor - ok 16:15:27.0360 5632 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 16:15:27.0370 5632 nv_agp - ok 16:15:27.0404 5632 O2FLASH (4e37455db16aec75862b1d0bc35b589e) C:\Windows\system32\DRIVERS\o2flash.exe 16:15:27.0411 5632 O2FLASH - ok 16:15:27.0441 5632 O2MDFRDR (6172db160fc566cf24307941c0e94d8e) C:\Windows\system32\DRIVERS\O2MDFw7x64.sys 16:15:27.0449 5632 O2MDFRDR - ok 16:15:27.0481 5632 O2SDJRDR (61b2aca7f48738afc883c05fa136a468) C:\Windows\system32\DRIVERS\o2sdjw7x64.sys 16:15:27.0488 5632 O2SDJRDR - ok 16:15:27.0608 5632 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:15:27.0618 5632 odserv - ok 16:15:27.0648 5632 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 16:15:27.0663 5632 ohci1394 - ok 16:15:27.0703 5632 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:15:27.0711 5632 ose - ok 16:15:27.0751 5632 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 16:15:27.0779 5632 p2pimsvc - ok 16:15:27.0828 5632 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 16:15:27.0839 5632 p2psvc - ok 16:15:27.0869 5632 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 16:15:27.0877 5632 Parport - ok 16:15:27.0909 5632 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 16:15:27.0918 5632 partmgr - ok 16:15:27.0945 5632 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 16:15:27.0965 5632 PcaSvc - ok 16:15:28.0008 5632 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 16:15:28.0033 5632 pci - ok 16:15:28.0065 5632 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 16:15:28.0077 5632 pciide - ok 16:15:28.0107 5632 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 16:15:28.0115 5632 pcmcia - ok 16:15:28.0128 5632 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 16:15:28.0136 5632 pcw - ok 16:15:28.0189 5632 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 16:15:28.0230 5632 PEAUTH - ok 16:15:28.0326 5632 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 16:15:28.0378 5632 PeerDistSvc - ok 16:15:28.0456 5632 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 16:15:28.0484 5632 PerfHost - ok 16:15:28.0657 5632 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 16:15:28.0726 5632 pla - ok 16:15:28.0776 5632 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 16:15:28.0792 5632 PlugPlay - ok 16:15:28.0821 5632 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 16:15:28.0839 5632 PNRPAutoReg - ok 16:15:28.0877 5632 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 16:15:28.0887 5632 PNRPsvc - ok 16:15:28.0946 5632 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys 16:15:28.0965 5632 Point64 - ok 16:15:29.0038 5632 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 16:15:29.0084 5632 PolicyAgent - ok 16:15:29.0111 5632 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 16:15:29.0152 5632 Power - ok 16:15:29.0184 5632 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 16:15:29.0213 5632 PptpMiniport - ok 16:15:29.0234 5632 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 16:15:29.0246 5632 Processor - ok 16:15:29.0301 5632 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 16:15:29.0336 5632 ProfSvc - ok 16:15:29.0376 5632 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:15:29.0393 5632 ProtectedStorage - ok 16:15:29.0441 5632 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 16:15:29.0482 5632 Psched - ok 16:15:29.0719 5632 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 16:15:29.0753 5632 ql2300 - ok 16:15:29.0870 5632 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 16:15:29.0879 5632 ql40xx - ok 16:15:29.0916 5632 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 16:15:29.0937 5632 QWAVE - ok 16:15:29.0950 5632 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 16:15:29.0970 5632 QWAVEdrv - ok 16:15:30.0038 5632 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll 16:15:30.0054 5632 RapiMgr - ok 16:15:30.0072 5632 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 16:15:30.0107 5632 RasAcd - ok 16:15:30.0129 5632 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 16:15:30.0154 5632 RasAgileVpn - ok 16:15:30.0173 5632 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 16:15:30.0215 5632 RasAuto - ok 16:15:30.0249 5632 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:15:30.0298 5632 Rasl2tp - ok 16:15:30.0354 5632 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 16:15:30.0384 5632 RasMan - ok 16:15:30.0403 5632 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 16:15:30.0428 5632 RasPppoe - ok 16:15:30.0445 5632 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 16:15:30.0481 5632 RasSstp - ok 16:15:30.0529 5632 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 16:15:30.0568 5632 rdbss - ok 16:15:30.0579 5632 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 16:15:30.0589 5632 rdpbus - ok 16:15:30.0595 5632 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:15:30.0631 5632 RDPCDD - ok 16:15:30.0679 5632 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys 16:15:30.0708 5632 RDPDR - ok 16:15:30.0721 5632 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 16:15:30.0756 5632 RDPENCDD - ok 16:15:30.0771 5632 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 16:15:30.0797 5632 RDPREFMP - ok 16:15:30.0829 5632 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys 16:15:30.0861 5632 RdpVideoMiniport - ok 16:15:30.0909 5632 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 16:15:30.0936 5632 RDPWD - ok 16:15:30.0983 5632 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 16:15:30.0994 5632 rdyboost - ok 16:15:31.0022 5632 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 16:15:31.0065 5632 RemoteAccess - ok 16:15:31.0091 5632 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 16:15:31.0128 5632 RemoteRegistry - ok 16:15:31.0161 5632 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 16:15:31.0186 5632 RFCOMM - ok 16:15:31.0203 5632 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 16:15:31.0245 5632 RpcEptMapper - ok 16:15:31.0266 5632 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 16:15:31.0293 5632 RpcLocator - ok 16:15:31.0352 5632 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 16:15:31.0380 5632 RpcSs - ok 16:15:31.0409 5632 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 16:15:31.0433 5632 rspndr - ok 16:15:31.0461 5632 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys 16:15:31.0480 5632 s3cap - ok 16:15:31.0516 5632 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:15:31.0524 5632 SamSs - ok 16:15:31.0558 5632 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 16:15:31.0566 5632 sbp2port - ok 16:15:31.0731 5632 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 16:15:31.0757 5632 SBSDWSCService - ok 16:15:31.0791 5632 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 16:15:31.0835 5632 SCardSvr - ok 16:15:31.0895 5632 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 16:15:31.0918 5632 scfilter - ok 16:15:32.0011 5632 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 16:15:32.0081 5632 Schedule - ok 16:15:32.0119 5632 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 16:15:32.0142 5632 SCPolicySvc - ok 16:15:32.0188 5632 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 16:15:32.0211 5632 sdbus - ok 16:15:32.0248 5632 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 16:15:32.0262 5632 SDRSVC - ok 16:15:32.0279 5632 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 16:15:32.0313 5632 secdrv - ok 16:15:32.0346 5632 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 16:15:32.0412 5632 seclogon - ok 16:15:32.0446 5632 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 16:15:32.0472 5632 SENS - ok 16:15:32.0486 5632 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 16:15:32.0513 5632 SensrSvc - ok 16:15:32.0530 5632 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 16:15:32.0537 5632 Serenum - ok 16:15:32.0550 5632 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 16:15:32.0571 5632 Serial - ok 16:15:32.0604 5632 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 16:15:32.0647 5632 sermouse - ok 16:15:32.0708 5632 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 16:15:32.0745 5632 SessionEnv - ok 16:15:32.0787 5632 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 16:15:32.0809 5632 sffdisk - ok 16:15:32.0822 5632 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 16:15:32.0841 5632 sffp_mmc - ok 16:15:32.0853 5632 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 16:15:32.0871 5632 sffp_sd - ok 16:15:32.0886 5632 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 16:15:32.0894 5632 sfloppy - ok 16:15:32.0939 5632 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 16:15:32.0980 5632 SharedAccess - ok 16:15:33.0028 5632 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 16:15:33.0066 5632 ShellHWDetection - ok 16:15:33.0081 5632 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:15:33.0088 5632 SiSRaid2 - ok 16:15:33.0104 5632 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 16:15:33.0112 5632 SiSRaid4 - ok 16:15:33.0119 5632 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 16:15:33.0151 5632 Smb - ok 16:15:33.0178 5632 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 16:15:33.0186 5632 SNMPTRAP - ok 16:15:33.0195 5632 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 16:15:33.0201 5632 spldr - ok 16:15:33.0264 5632 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 16:15:33.0292 5632 Spooler - ok 16:15:33.0521 5632 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 16:15:33.0585 5632 sppsvc - ok 16:15:33.0673 5632 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 16:15:33.0713 5632 sppuinotify - ok 16:15:33.0788 5632 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 16:15:33.0819 5632 srv - ok 16:15:33.0863 5632 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 16:15:33.0886 5632 srv2 - ok 16:15:33.0924 5632 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 16:15:33.0940 5632 srvnet - ok 16:15:33.0980 5632 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 16:15:34.0014 5632 SSDPSRV - ok 16:15:34.0035 5632 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 16:15:34.0061 5632 SstpSvc - ok 16:15:34.0133 5632 STacSV (c8f44e5e99ff6cf2e0627139cfec0742) C:\Program Files\IDT\WDM\STacSV64.exe 16:15:34.0154 5632 STacSV - ok 16:15:34.0178 5632 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys 16:15:34.0185 5632 stdcfltn - ok 16:15:34.0206 5632 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 16:15:34.0214 5632 stexstor - ok 16:15:34.0270 5632 STHDA (7a69c8af123f4c6a1d63daa7f5e2638d) C:\Windows\system32\DRIVERS\stwrt64.sys 16:15:34.0282 5632 STHDA - ok 16:15:34.0352 5632 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 16:15:34.0369 5632 stisvc - ok 16:15:34.0407 5632 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys 16:15:34.0414 5632 storflt - ok 16:15:34.0440 5632 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 16:15:34.0458 5632 StorSvc - ok 16:15:34.0475 5632 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys 16:15:34.0482 5632 storvsc - ok 16:15:34.0493 5632 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 16:15:34.0501 5632 swenum - ok 16:15:34.0545 5632 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 16:15:34.0592 5632 swprv - ok 16:15:34.0594 5632 Synth3dVsc - ok 16:15:34.0742 5632 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 16:15:34.0778 5632 SysMain - ok 16:15:34.0901 5632 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 16:15:34.0920 5632 TabletInputService - ok 16:15:34.0978 5632 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 16:15:35.0023 5632 TapiSrv - ok 16:15:35.0047 5632 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 16:15:35.0081 5632 TBS - ok 16:15:35.0249 5632 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 16:15:35.0284 5632 Tcpip - ok 16:15:35.0493 5632 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 16:15:35.0523 5632 TCPIP6 - ok 16:15:35.0602 5632 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 16:15:35.0669 5632 tcpipreg - ok 16:15:35.0699 5632 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 16:15:35.0717 5632 TDPIPE - ok 16:15:35.0747 5632 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 16:15:35.0761 5632 TDTCP - ok 16:15:35.0808 5632 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 16:15:35.0861 5632 tdx - ok 16:15:36.0114 5632 TeamViewer7 (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe 16:15:36.0159 5632 TeamViewer7 - ok 16:15:36.0281 5632 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 16:15:36.0290 5632 TermDD - ok 16:15:36.0378 5632 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 16:15:36.0445 5632 TermService - ok 16:15:36.0472 5632 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 16:15:36.0492 5632 Themes - ok 16:15:36.0522 5632 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 16:15:36.0552 5632 THREADORDER - ok 16:15:36.0572 5632 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 16:15:36.0603 5632 TrkWks - ok 16:15:36.0687 5632 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 16:15:36.0739 5632 TrustedInstaller - ok 16:15:36.0773 5632 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:15:36.0796 5632 tssecsrv - ok 16:15:36.0824 5632 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 16:15:36.0866 5632 TsUsbFlt - ok 16:15:36.0877 5632 tsusbhub - ok 16:15:36.0915 5632 TTCinergyT2 (a52c83517f54e1e33000d86389ae78cf) C:\Windows\system32\DRIVERS\TTCinergyT2BDA.sys 16:15:36.0923 5632 TTCinergyT2 - ok 16:15:36.0963 5632 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 16:15:37.0015 5632 tunnel - ok 16:15:37.0041 5632 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 16:15:37.0048 5632 uagp35 - ok 16:15:37.0101 5632 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 16:15:37.0141 5632 udfs - ok 16:15:37.0236 5632 ufad-ws60 (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe 16:15:37.0251 5632 ufad-ws60 - ok 16:15:37.0283 5632 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 16:15:37.0299 5632 UI0Detect - ok 16:15:37.0335 5632 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 16:15:37.0343 5632 uliagpkx - ok 16:15:37.0379 5632 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 16:15:37.0400 5632 umbus - ok 16:15:37.0419 5632 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 16:15:37.0436 5632 UmPass - ok 16:15:37.0485 5632 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll 16:15:37.0531 5632 UmRdpService - ok 16:15:37.0567 5632 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 16:15:37.0606 5632 upnphost - ok 16:15:37.0641 5632 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 16:15:37.0656 5632 USBAAPL64 - ok 16:15:37.0697 5632 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 16:15:37.0707 5632 usbaudio - ok 16:15:37.0742 5632 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 16:15:37.0769 5632 usbccgp - ok 16:15:37.0809 5632 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 16:15:37.0819 5632 usbcir - ok 16:15:37.0837 5632 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 16:15:37.0855 5632 usbehci - ok 16:15:37.0885 5632 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 16:15:37.0904 5632 usbhub - ok 16:15:37.0930 5632 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 16:15:37.0947 5632 usbohci - ok 16:15:37.0963 5632 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 16:15:37.0982 5632 usbprint - ok 16:15:38.0022 5632 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:15:38.0055 5632 USBSTOR - ok 16:15:38.0083 5632 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 16:15:38.0102 5632 usbuhci - ok 16:15:38.0152 5632 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 16:15:38.0163 5632 usbvideo - ok 16:15:38.0189 5632 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 16:15:38.0220 5632 UxSms - ok 16:15:38.0258 5632 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 16:15:38.0266 5632 VaultSvc - ok 16:15:38.0282 5632 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 16:15:38.0289 5632 vdrvroot - ok 16:15:38.0345 5632 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 16:15:38.0390 5632 vds - ok 16:15:38.0416 5632 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 16:15:38.0426 5632 vga - ok 16:15:38.0439 5632 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 16:15:38.0471 5632 VgaSave - ok 16:15:38.0473 5632 VGPU - ok 16:15:38.0515 5632 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 16:15:38.0525 5632 vhdmp - ok 16:15:38.0541 5632 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 16:15:38.0548 5632 viaide - ok 16:15:38.0618 5632 VMAuthdService (42f0ecaf36636841a4a006850695507f) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe 16:15:38.0625 5632 VMAuthdService - ok 16:15:38.0644 5632 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys 16:15:38.0653 5632 vmbus - ok 16:15:38.0668 5632 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys 16:15:38.0690 5632 VMBusHID - ok 16:15:38.0730 5632 vmci (3d810a11c3e7fd4682a8824f54c1a04f) C:\Windows\system32\drivers\vmci.sys 16:15:38.0736 5632 vmci - ok 16:15:38.0749 5632 vmkbd (1af6462718e5ab0ed55014a6ef3790ef) C:\Windows\system32\drivers\VMkbd.sys 16:15:38.0755 5632 vmkbd - ok 16:15:38.0792 5632 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys 16:15:38.0798 5632 VMnetAdapter - ok 16:15:38.0839 5632 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys 16:15:38.0845 5632 VMnetBridge - ok 16:15:38.0847 5632 VMnetDHCP - ok 16:15:38.0857 5632 VMnetuserif (daf5e04eb56cd0ed945fb2fdd94812db) C:\Windows\system32\drivers\vmnetuserif.sys 16:15:38.0862 5632 VMnetuserif - ok 16:15:38.0874 5632 VMparport (a459ee9a95fde6b7140336e2f5e6a4cb) C:\Windows\system32\drivers\VMparport.sys 16:15:38.0880 5632 VMparport - ok 16:15:38.0916 5632 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys 16:15:38.0922 5632 vmusb - ok 16:15:39.0004 5632 VMUSBArbService (f22098dbdd13c1221c274496b3e18da7) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe 16:15:39.0015 5632 VMUSBArbService - ok 16:15:39.0020 5632 VMware NAT Service - ok 16:15:39.0033 5632 vmx86 (ae7f667db83e108e83c86a56b821e9a6) C:\Windows\system32\drivers\vmx86.sys 16:15:39.0040 5632 vmx86 - ok 16:15:39.0077 5632 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 16:15:39.0085 5632 volmgr - ok 16:15:39.0139 5632 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 16:15:39.0149 5632 volmgrx - ok 16:15:39.0195 5632 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 16:15:39.0204 5632 volsnap - ok 16:15:39.0239 5632 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 16:15:39.0248 5632 vsmraid - ok 16:15:39.0380 5632 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 16:15:39.0433 5632 VSS - ok 16:15:39.0500 5632 vstor2-ws60 (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys 16:15:39.0515 5632 vstor2-ws60 - ok 16:15:39.0638 5632 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 16:15:39.0664 5632 vwifibus - ok 16:15:39.0683 5632 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 16:15:39.0701 5632 vwififlt - ok 16:15:39.0713 5632 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 16:15:39.0730 5632 vwifimp - ok 16:15:39.0780 5632 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 16:15:39.0830 5632 W32Time - ok 16:15:39.0853 5632 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 16:15:39.0876 5632 WacomPen - ok 16:15:39.0927 5632 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 16:15:39.0989 5632 WANARP - ok 16:15:39.0993 5632 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 16:15:40.0019 5632 Wanarpv6 - ok 16:15:40.0128 5632 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 16:15:40.0162 5632 wbengine - ok 16:15:40.0289 5632 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 16:15:40.0303 5632 WbioSrvc - ok 16:15:40.0388 5632 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll 16:15:40.0404 5632 WcesComm - ok 16:15:40.0459 5632 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 16:15:40.0476 5632 wcncsvc - ok 16:15:40.0495 5632 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 16:15:40.0530 5632 WcsPlugInService - ok 16:15:40.0564 5632 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 16:15:40.0571 5632 Wd - ok 16:15:40.0602 5632 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys 16:15:40.0615 5632 WDC_SAM - ok 16:15:40.0694 5632 WDDMService (e6050fe6b60fa91188b8abdb5b1e339f) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe 16:15:40.0719 5632 WDDMService ( UnsignedFile.Multi.Generic ) - warning 16:15:40.0719 5632 WDDMService - detected UnsignedFile.Multi.Generic (1) 16:15:40.0775 5632 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 16:15:40.0800 5632 Wdf01000 - ok 16:15:40.0879 5632 WDFME (b83d5071b32a70bebdb3330bfa7acb80) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe 16:15:40.0903 5632 WDFME - ok 16:15:41.0000 5632 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 16:15:41.0086 5632 WdiServiceHost - ok 16:15:41.0090 5632 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 16:15:41.0111 5632 WdiSystemHost - ok 16:15:41.0152 5632 WDSC (517de2c5568cba6b2a24a557ac60c30b) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe 16:15:41.0162 5632 WDSC - ok 16:15:41.0210 5632 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 16:15:41.0231 5632 WebClient - ok 16:15:41.0261 5632 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 16:15:41.0320 5632 Wecsvc - ok 16:15:41.0345 5632 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 16:15:41.0370 5632 wercplsupport - ok 16:15:41.0383 5632 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 16:15:41.0414 5632 WerSvc - ok 16:15:41.0448 5632 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 16:15:41.0472 5632 WfpLwf - ok 16:15:41.0486 5632 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 16:15:41.0493 5632 WIMMount - ok 16:15:41.0500 5632 WinDefend - ok 16:15:41.0504 5632 WinHttpAutoProxySvc - ok 16:15:41.0555 5632 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 16:15:41.0580 5632 Winmgmt - ok 16:15:41.0730 5632 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 16:15:41.0773 5632 WinRM - ok 16:15:41.0902 5632 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 16:15:41.0914 5632 WinUsb - ok 16:15:41.0981 5632 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 16:15:42.0014 5632 Wlansvc - ok 16:15:42.0195 5632 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 16:15:42.0229 5632 wlidsvc - ok 16:15:42.0363 5632 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 16:15:42.0386 5632 WmiAcpi - ok 16:15:42.0436 5632 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 16:15:42.0452 5632 wmiApSrv - ok 16:15:42.0467 5632 WMPNetworkSvc - ok 16:15:42.0492 5632 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 16:15:42.0510 5632 WPCSvc - ok 16:15:42.0545 5632 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 16:15:42.0574 5632 WPDBusEnum - ok 16:15:42.0595 5632 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 16:15:42.0623 5632 ws2ifsl - ok 16:15:42.0654 5632 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 16:15:42.0680 5632 wscsvc - ok 16:15:42.0682 5632 WSearch - ok 16:15:42.0867 5632 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 16:15:42.0925 5632 wuauserv - ok 16:15:43.0065 5632 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 16:15:43.0120 5632 WudfPf - ok 16:15:43.0151 5632 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:15:43.0176 5632 WUDFRd - ok 16:15:43.0209 5632 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 16:15:43.0233 5632 wudfsvc - ok 16:15:43.0266 5632 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 16:15:43.0284 5632 WwanSvc - ok 16:15:43.0325 5632 WwanUsbServ (a100bd898b40de890dbe53eae4896d20) C:\Windows\system32\DRIVERS\WwanUsbMp64.sys 16:15:43.0334 5632 WwanUsbServ - ok 16:15:43.0356 5632 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 16:15:43.0683 5632 \Device\Harddisk0\DR0 - ok 16:15:43.0688 5632 Boot (0x1200) (f978931a0526a4a206a6a3c700e00f6e) \Device\Harddisk0\DR0\Partition0 16:15:43.0691 5632 \Device\Harddisk0\DR0\Partition0 - ok 16:15:43.0724 5632 Boot (0x1200) (bc398a7b6ccd4bd3d6e56941670283e3) \Device\Harddisk0\DR0\Partition1 16:15:43.0726 5632 \Device\Harddisk0\DR0\Partition1 - ok 16:15:43.0743 5632 Boot (0x1200) (4429aa7c6889c6c6b4f98e32749f73ea) \Device\Harddisk0\DR0\Partition2 16:15:43.0745 5632 \Device\Harddisk0\DR0\Partition2 - ok 16:15:43.0745 5632 ============================================================ 16:15:43.0745 5632 Scan finished 16:15:43.0745 5632 ============================================================ 16:15:43.0752 5836 Detected object count: 2 16:15:43.0752 5836 Actual detected object count: 2 16:16:00.0199 5836 EMP_UDSA ( UnsignedFile.Multi.Generic ) - skipped by user 16:16:00.0199 5836 EMP_UDSA ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:16:00.0200 5836 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user 16:16:00.0200 5836 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip |
Themen zu Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein |
administrator, antivir, avira, avira searchfree toolbar, bonjour, browser, dateisystem, explorer, firefox, free download, google, helper, heuristiks/extra, heuristiks/shuriken, langs, logfile, microsoft security, mp3, object, plug-in, popup, problem, registry, remote control, safer networking, scan, searchqu toolbar, searchscopes, security, seiten, software, super, usb, werbung, win32/toolbar.widgi |