| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: EXP/CVE-2010-4452.BG + Email gehackt? Was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.06.2012, 13:19
| #1 |
 |  EXP/CVE-2010-4452.BG + Email gehackt? Was tun? Guten Tag, gestern habe ich bemerkt, dass eine Werbe-Email von meiner Emailadresse aus an alle meine Kontakte geschickt wurde und habe deshalb das Passwort geändert. Das hat mich auch dazu veranlasst, einen Virenscan durchzuführen . Hier das AV-Log: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 16. Juni 2012 00:23
Es wird nach 3837524 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Ultimate
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : VuN
Computername : VUN-PC
Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 19:41:56
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 19:41:56
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 19:41:56
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 19:41:56
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 19:41:45
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:49:21
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 06:56:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 06:56:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 18:21:14
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 18:21:22
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 19:41:41
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 19:41:41
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 19:41:41
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 19:41:41
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 19:41:41
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 19:41:41
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 19:41:41
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 19:41:41
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 19:41:41
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 20:28:19
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 20:28:23
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 11:04:51
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 16:11:46
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 18:49:13
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 18:49:08
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 19:13:02
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 19:11:14
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 19:11:21
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 19:11:32
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 19:11:34
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 20:53:33
VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 23:14:04
VBASE027.VDF : 7.11.32.252 2048 Bytes 14.06.2012 23:14:04
VBASE028.VDF : 7.11.32.253 2048 Bytes 14.06.2012 23:14:04
VBASE029.VDF : 7.11.32.254 2048 Bytes 14.06.2012 23:14:04
VBASE030.VDF : 7.11.32.255 2048 Bytes 14.06.2012 23:14:04
VBASE031.VDF : 7.11.33.6 2048 Bytes 14.06.2012 23:14:04
Engineversion : 8.2.10.92
AEVDF.DLL : 8.1.2.8 106867 Bytes 01.06.2012 19:11:12
AESCRIPT.DLL : 8.1.4.26 450939 Bytes 14.06.2012 23:14:12
AESCN.DLL : 8.1.8.2 131444 Bytes 22.04.2012 18:21:30
AESBX.DLL : 8.2.5.12 606578 Bytes 14.06.2012 23:14:12
AERDL.DLL : 8.1.9.15 639348 Bytes 31.01.2012 06:55:37
AEPACK.DLL : 8.2.16.18 807287 Bytes 14.06.2012 23:14:12
AEOFFICE.DLL : 8.1.2.36 201082 Bytes 14.06.2012 23:14:11
AEHEUR.DLL : 8.1.4.46 4923767 Bytes 14.06.2012 23:14:10
AEHELP.DLL : 8.1.21.0 254326 Bytes 10.05.2012 19:41:42
AEGEN.DLL : 8.1.5.30 422261 Bytes 14.06.2012 23:14:05
AEEXP.DLL : 8.1.0.52 82293 Bytes 14.06.2012 23:14:12
AEEMU.DLL : 8.1.3.0 393589 Bytes 31.01.2012 06:55:34
AECORE.DLL : 8.1.25.10 201080 Bytes 31.05.2012 19:13:06
AEBB.DLL : 8.1.1.0 53618 Bytes 31.01.2012 06:55:33
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 19:41:55
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 19:41:56
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 19:41:56
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 19:41:55
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 19:41:56
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 19:41:56
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 19:41:56
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 19:41:56
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 19:41:55
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 19:41:55
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Samstag, 16. Juni 2012 00:23
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'E:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_257.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_257.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'daemonu.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'COCIManager.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVComSX.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'Communications_Helper.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'wn111.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'RocketDock.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'mdm.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVPrS64H.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '31' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Program Files (x86)\AMP WinOFF\uninstall.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
C:\Program Files (x86)\AP Tuner\AP Tuner 3.08\uninstall.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Windows\Sysnative\drivers\sptd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '2622' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\androidsdk\platforms\android-10\images\system.img
[WARNUNG] Der Archivheader ist defekt
C:\androidsdk\platforms\android-12\images\system.img
[WARNUNG] Der Archivheader ist defekt
C:\Program Files\WinRAR\rarnew.dat
[WARNUNG] Das Archiv ist unbekannt oder defekt
C:\Program Files (x86)\AMP WinOFF\uninstall.exe
[WARNUNG] Die Version dieses Archives wird nicht unterstützt
C:\Program Files (x86)\AP Tuner\AP Tuner 3.08\uninstall.exe
[WARNUNG] Unerwartetes Dateiende erreicht
C:\Users\VuN\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\5cff2f01-2d7ff172
[0] Archivtyp: ZIP
--> Java.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452.BG
C:\Users\VuN\Desktop\I9000XWJW5%20-%20DBT.zip
[WARNUNG] Die Datei ist kennwortgeschützt
C:\Users\VuN\Music\Imogen Heap\Imogen Heap - Speeding Cars.rar
[WARNUNG] Die Datei ist kennwortgeschützt
Beginne mit der Suche in 'D:\'
D:\VUN-PC\Backup Set 2011-09-11 190001\Backup Files 2011-09-25 202031\Backup files 20.zip
[WARNUNG] Unerwartetes Ende beim Lesen eines Blocks
D:\VUN-PC\Backup Set 2011-09-11 190001\Backup Files 2011-09-25 202031\Backup files 4.zip
[WARNUNG] Unerwartetes Ende beim Lesen eines Blocks
Beginne mit der Desinfektion:
C:\Users\VuN\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\5cff2f01-2d7ff172
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-4452.BG
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5572f467.qua' verschoben!
Ende des Suchlaufs: Samstag, 16. Juni 2012 11:49
Benötigte Zeit: 1:45:27 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
43990 Verzeichnisse wurden überprüft
979006 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
979004 Dateien ohne Befall
7892 Archive wurden durchsucht
12 Warnungen
2 Hinweise
653490 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden
Ein Malwarebytes Log nach dem AV-Scan: Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.16.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 VuN :: VUN-PC [Administrator] Schutz: Deaktiviert 16.06.2012 11:53:48 mbam-log-2012-06-16 (11-53-48).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 476455 Laufzeit: 1 Stunde(n), 24 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 16.06.2012 13:54:07 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\VuN\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,49% Memory free 8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,34% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 114,82 Gb Total Space | 68,45 Gb Free Space | 59,61% Space Free | Partition Type: NTFS Drive D: | 18,81 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS Drive E: | 332,03 Gb Total Space | 197,49 Gb Free Space | 59,48% Space Free | Partition Type: NTFS Computer Name: VUN-PC | User Name: VuN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.16 13:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe PRC - [2012.05.08 21:41:56 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 21:41:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 21:41:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.29 21:06:06 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe PRC - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2008.04.01 15:30:50 | 002,502,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe PRC - [2007.02.08 02:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LComMgr\Communications_Helper.exe PRC - [2007.02.08 02:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2007.02.06 18:44:14 | 000,064,288 | ---- | M] (Logitech Inc.) -- c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe PRC - [2007.02.06 18:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe ========== Modules (No Company Name) ========== MOD - [2011.10.29 21:06:06 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\BWfiles.dll MOD - [2011.10.29 21:06:06 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\clntutil.dll MOD - [2011.10.29 21:06:06 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll MOD - [2011.10.29 21:06:06 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe MOD - [2008.04.01 15:30:50 | 002,502,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll MOD - [2007.02.08 02:13:00 | 000,022,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LCMServerPS.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.09.10 14:04:32 | 003,065,160 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007.02.06 18:45:38 | 000,173,344 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV:64bit: - [2007.02.06 18:44:02 | 000,173,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe -- (LVPrcS64) SRV - [2012.06.15 01:46:31 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 21:41:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 21:41:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.03 17:33:53 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.06.14 13:09:04 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.24 08:02:30 | 000,699,392 | ---- | M] (DameWare Development LLC) [Disabled | Stopped] -- C:\Windows\dwrcs\DWRCS.EXE -- (dwmrcs) SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.08 21:41:56 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 21:41:56 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.02 14:26:23 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.20 09:46:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2011.07.20 09:46:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2011.07.20 09:46:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2011.07.20 09:45:54 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.07.20 09:45:54 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.07.20 09:45:54 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011.07.20 09:45:54 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2011.05.19 17:29:28 | 000,334,400 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdevice.sys -- (mcdevice) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.21 11:39:40 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.01.21 11:39:39 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.02 21:22:18 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.10 12:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV:64bit: - [2007.10.28 21:22:32 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111x.sys -- (MRV6X64U) Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x) DRV:64bit: - [2007.02.06 18:43:14 | 000,031,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV:64bit: - [2007.02.06 18:42:50 | 002,346,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVMVdrv.sys -- (LVMVDrv) DRV:64bit: - [2007.02.06 18:41:40 | 001,013,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVCKap64.sys -- (LVcKap64) DRV:64bit: - [2007.02.03 10:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2007.02.03 10:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0) DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.09.11 04:23:46 | 000,018,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 72 3E D4 0F 47 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..network.proxy.backup.ftp: "64.85.181.46" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.socks: "64.85.181.46" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "64.85.181.46" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "64.85.181.46" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.http: "64.85.181.46" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "64.85.181.46" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "64.85.181.46" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.17 15:38:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.08 18:01:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.16 12:15:39 | 000,000,000 | ---D | M] [2010.12.02 20:59:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VuN\AppData\Roaming\mozilla\Extensions [2012.05.19 01:07:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VuN\AppData\Roaming\mozilla\Firefox\Profiles\tzmkfnv0.default\extensions [2010.09.05 00:25:48 | 000,002,395 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\tzmkfnv0.default\searchplugins\askcom.xml [2010.01.11 17:48:44 | 000,004,153 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\tzmkfnv0.default\searchplugins\youtube.xml [2012.03.18 01:28:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.17 15:38:24 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.04.13 13:41:29 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZMKFNV0.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI [2012.01.06 13:46:23 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZMKFNV0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.05.19 01:07:39 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TZMKFNV0.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2012.05.03 17:33:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe () O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - Startup: C:\Users\VuN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk = C:\Program Files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: microsoft.com) ([fai.music.metaservices] http in Vertrauenswürdige Sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B2F30F8-C105-40E4-8BF9-E4327E0688D3}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{292BDBB5-D674-498D-A539-AC2B5A1C9999}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB05EBC-CE5D-40A6-A2C2-B87449F36DCE}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8280385D-EA22-4074-89E2-B0F6EA326450}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{882C5845-1DA3-441B-A83E-A99011AF1A95}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB4659D0-100E-4990-BBD3-F0119580CE5C}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell - "" = AutoRun O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell\AutoRun\command - "" = H:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.16 13:51:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe [2012.06.16 13:36:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\VuN\Desktop\HiJackThis204.exe [2012.06.16 12:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.06.16 12:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.09 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\VuN\Desktop\ws 2012 [2012.06.09 13:53:24 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Local\Macromedia [2012.06.08 18:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.06.08 18:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.06.08 18:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.05.28 16:35:46 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\LolClient2 [2012.05.20 19:14:15 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08 [2012.05.20 19:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08 [2012.05.20 19:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AP Tuner [2012.05.20 19:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tuned [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.16 13:55:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 13:55:34 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.16 13:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe [2012.06.16 13:47:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.16 13:47:37 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys [2012.06.16 13:47:36 | 002,031,392 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.06.16 13:46:39 | 000,000,020 | ---- | M] () -- C:\Users\VuN\defogger_reenable [2012.06.16 13:46:20 | 000,050,477 | ---- | M] () -- C:\Users\VuN\Desktop\Defogger.exe [2012.06.16 13:37:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\VuN\Desktop\HiJackThis204.exe [2012.06.16 13:37:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.13 23:40:54 | 000,321,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.13 14:19:16 | 001,519,798 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.13 14:19:16 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.13 14:19:16 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.13 14:19:16 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.13 14:19:16 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.11 21:09:24 | 000,507,960 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 23.png [2012.06.10 19:15:15 | 001,096,043 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (25).wma [2012.06.10 18:58:47 | 001,374,423 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (24).wma [2012.06.10 18:53:41 | 001,118,493 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (23).wma [2012.06.10 16:50:01 | 000,033,241 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 1019.png [2012.06.08 20:23:43 | 000,091,605 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 987.png [2012.06.06 17:32:36 | 000,424,144 | ---- | M] () -- C:\Users\VuN\Documents\IMG_06062012_233214.png [2012.06.06 16:03:12 | 000,232,157 | ---- | M] () -- C:\Users\VuN\Documents\IMG_06062012_220228.png [2012.06.05 20:39:24 | 000,772,763 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (22).wma [2012.06.05 20:27:47 | 000,723,373 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (21).wma [2012.06.05 20:24:47 | 000,651,533 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (20).wma [2012.06.05 18:52:32 | 000,183,637 | ---- | M] () -- C:\Users\VuN\Documents\vugod.gif [2012.06.03 21:22:02 | 000,081,675 | ---- | M] () -- C:\Users\VuN\DSCN0311.JPG [2012.06.03 21:21:04 | 000,067,656 | ---- | M] () -- C:\Users\VuN\DSCN0310.JPG [2012.06.03 18:15:05 | 000,673,983 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (19).wma [2012.06.03 18:04:44 | 001,320,543 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (18).wma [2012.06.03 17:50:12 | 000,673,983 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (17).wma [2012.06.03 17:29:51 | 000,804,193 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (16).wma [2012.06.03 15:13:45 | 000,507,853 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (15).wma [2012.05.29 22:27:34 | 000,061,389 | ---- | M] () -- C:\Users\VuN\Documents\IMG_0555.JPG [2012.05.29 20:27:35 | 000,021,420 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 897.png [2012.05.26 17:03:06 | 003,108,328 | ---- | M] () -- C:\Users\VuN\Documents\DSCN0225.JPG [2012.05.21 21:09:19 | 000,970,323 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (13).wma [2012.05.20 20:25:54 | 000,364,173 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (12).wma [2012.05.20 20:21:28 | 000,808,683 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (11).wma [2012.05.20 20:08:58 | 000,534,793 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (10).wma [2012.05.20 20:01:26 | 000,813,173 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (2).wma [2012.05.20 19:10:38 | 000,001,120 | ---- | M] () -- C:\Users\VuN\ia_remove.sh [2012.05.17 20:39:47 | 000,249,516 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 804.png [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.16 13:46:39 | 000,000,020 | ---- | C] () -- C:\Users\VuN\defogger_reenable [2012.06.16 13:46:17 | 000,050,477 | ---- | C] () -- C:\Users\VuN\Desktop\Defogger.exe [2012.06.15 01:46:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.11 21:07:19 | 000,507,960 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 23.png [2012.06.10 19:15:15 | 001,096,043 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (25).wma [2012.06.10 18:58:47 | 001,374,423 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (24).wma [2012.06.10 18:53:41 | 001,118,493 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (23).wma [2012.06.10 16:49:31 | 000,033,241 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 1019.png [2012.06.08 20:23:29 | 000,091,605 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 987.png [2012.06.06 17:32:28 | 000,424,144 | ---- | C] () -- C:\Users\VuN\Documents\IMG_06062012_233214.png [2012.06.06 16:03:06 | 000,232,157 | ---- | C] () -- C:\Users\VuN\Documents\IMG_06062012_220228.png [2012.06.05 20:39:24 | 000,772,763 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (22).wma [2012.06.05 20:27:47 | 000,723,373 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (21).wma [2012.06.05 20:24:47 | 000,651,533 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (20).wma [2012.06.05 18:52:04 | 000,183,637 | ---- | C] () -- C:\Users\VuN\Documents\vugod.gif [2012.06.03 21:17:26 | 000,081,675 | ---- | C] () -- C:\Users\VuN\DSCN0311.JPG [2012.06.03 21:17:26 | 000,067,656 | ---- | C] () -- C:\Users\VuN\DSCN0310.JPG [2012.06.03 18:15:05 | 000,673,983 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (19).wma [2012.06.03 18:04:44 | 001,320,543 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (18).wma [2012.06.03 17:50:12 | 000,673,983 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (17).wma [2012.06.03 17:29:51 | 000,804,193 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (16).wma [2012.06.03 15:13:45 | 000,507,853 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (15).wma [2012.05.29 22:27:02 | 000,061,389 | ---- | C] () -- C:\Users\VuN\Documents\IMG_0555.JPG [2012.05.29 20:26:49 | 000,021,420 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 897.png [2012.05.26 17:01:58 | 003,108,328 | ---- | C] () -- C:\Users\VuN\Documents\DSCN0225.JPG [2012.05.21 21:09:19 | 000,970,323 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (13).wma [2012.05.20 20:25:54 | 000,364,173 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (12).wma [2012.05.20 20:21:28 | 000,808,683 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (11).wma [2012.05.20 20:08:58 | 000,534,793 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (10).wma [2012.05.20 20:01:25 | 000,813,173 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (2).wma [2012.05.20 19:10:38 | 000,001,120 | ---- | C] () -- C:\Users\VuN\ia_remove.sh [2012.05.17 20:39:31 | 000,249,516 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 804.png [2011.12.12 19:11:46 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.11.05 05:21:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.10.29 21:06:06 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe [2011.10.29 02:03:02 | 000,000,520 | ---- | C] () -- C:\Windows\_delis32.ini [2011.10.02 14:51:45 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011.10.02 14:11:43 | 000,003,584 | ---- | C] () -- C:\Users\VuN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.01 15:40:44 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.05.13 00:38:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.07 19:56:45 | 006,904,040 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011.04.17 19:23:08 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.01.26 12:05:28 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.05 19:15:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.12.02 21:26:05 | 000,049,459 | ---- | C] () -- C:\Windows\War3Unin.dat ========== LOP Check ========== [2011.01.06 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\.minecraft [2012.06.11 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AIMP [2012.03.14 17:18:53 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Audacity [2011.10.11 03:03:51 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AutoHideIP [2011.12.23 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Beat Hazard [2011.02.25 22:36:16 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Braid [2012.04.29 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DAEMON Tools Lite [2011.07.05 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DameWare Development [2011.09.01 15:40:23 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Degener [2010.12.09 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Dropbox [2011.10.29 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\FotoWire [2011.05.07 16:40:41 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gedit [2011.10.02 14:25:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\GetRightToGo [2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Go!Zilla [2011.05.07 15:01:42 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gtk-2.0 [2010.12.05 04:57:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hothead Games [2012.02.21 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ICQ [2011.01.27 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\IrfanView [2011.07.05 17:55:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\iTALC [2011.05.31 16:53:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Lionhead Studios [2011.01.02 17:58:29 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient [2012.05.28 16:35:46 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient2 [2012.01.09 01:34:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ManyCam [2012.04.08 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Mp3tag [2012.01.20 22:48:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\MultiSkypeLauncher [2010.12.08 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\OpenOffice.org [2011.05.07 15:56:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Opera [2011.09.20 00:21:27 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Samsung [2011.04.23 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\SmartSurfer [2010.12.02 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trillian [2011.10.29 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trine2 [2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TS3Client [2010.12.02 23:34:21 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TuneUp Software [2011.11.04 22:03:08 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Tunngle [2011.01.16 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1 [2011.10.02 15:37:38 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WebcamMax [2011.04.23 21:16:01 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WEBDE [2011.12.23 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\XnView [2012.05.25 18:53:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.06.2012 13:54:07 - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\VuN\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,62 Gb Available Physical Memory | 65,49% Memory free
8,00 Gb Paging File | 6,50 Gb Available in Paging File | 81,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 114,82 Gb Total Space | 68,45 Gb Free Space | 59,61% Space Free | Partition Type: NTFS
Drive D: | 18,81 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS
Drive E: | 332,03 Gb Total Space | 197,49 Gb Free Space | 59,48% Space Free | Partition Type: NTFS
Computer Name: VUN-PC | User Name: VuN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{135816FA-C601-4C70-BAB7-8EE5D5768023}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A0D5BA6-F8A4-4284-9404-84EFC137E966}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C4A3E53-9784-430C-81EC-6DF70C9C3063}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D705481-46F3-4EA4-B4E5-AB69811296CB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1FA7B0E7-19B0-4A13-B3F0-29F5B944E6C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{205D6A4D-DC75-4F8D-848A-CD4C2A3209E0}" = rport=139 | protocol=6 | dir=out | app=system |
"{207FF0ED-E175-4332-921D-8EFE74D447A4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{29595982-E4C8-40AB-B858-700141011539}" = lport=137 | protocol=17 | dir=in | app=system |
"{371E43A2-C5EE-4490-ACB7-963CDA3F4960}" = lport=6943 | protocol=17 | dir=in | name=league of legends launcher |
"{3B468C96-820C-48D8-9380-5D335091FF8B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C7D34BE-8938-4A09-90CC-B06E358D42ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FDC5E30-3F1D-4AB2-A140-1EC21662B686}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D13F98F-F948-4C82-A69E-30DCB39DE22B}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{4E227041-096D-473C-82F5-A65EEF1B1FB2}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{4ECB70DA-5D22-4AAD-9434-73A00BCD7E74}" = lport=6943 | protocol=6 | dir=in | name=league of legends launcher |
"{5A4B8C64-D93D-47C0-A496-25F6916347B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6250864A-0031-46C3-A326-02AFE2EC8C04}" = lport=139 | protocol=6 | dir=in | app=system |
"{6DD680B3-5FC2-490A-884E-F8705E8E2772}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{704418F3-5B7A-4BDA-AAD4-46773B8D953E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74D498E8-1AAF-4A2B-B5F9-B2B0B2C9D51D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97DA7D57-B648-435D-BCDD-2B6B30358901}" = rport=445 | protocol=6 | dir=out | app=system |
"{9B4026AF-308E-4FAC-9875-DF19E8835853}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7619A2E-CA78-4A45-A25A-D95F2C6EE989}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AEC8C7FF-4C8C-41CC-9A14-73238FC78333}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF7F80F6-92C8-455E-B2A3-91D796B0E77A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C5C25498-BB44-451F-91AA-BAC481905F7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA7327B0-875B-4CBD-9FDE-6E7D6C7ECEE8}" = rport=138 | protocol=17 | dir=out | app=system |
"{D29756D9-52DB-4959-9423-479B65DF373B}" = lport=4495 | protocol=6 | dir=in | name=net monitor for employees configuration |
"{D326070F-A57B-42E2-889B-6D07C6D3F988}" = rport=137 | protocol=17 | dir=out | app=system |
"{D88545B4-8F7B-470E-968F-2CA1C23E66AF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D9EF043B-C8AC-4752-AACF-F3273340FBDB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F285AAD6-CD38-4D39-A80A-C35345CED91D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FB732DA6-3AE9-4D37-B18F-8DD32F0FFED1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF219F88-1859-4324-933A-BABE0C0475B2}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008A9C88-07D2-485E-BADC-AC7D3B780DD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{06054B65-263C-4FC7-9E00-A9FE44252358}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{09D877CB-4796-48D2-8B12-042E83729373}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe |
"{119D9CF6-5168-4657-9197-E5CE4736800E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A6BAAEA-603E-43A3-9AB6-D217A9F2305A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1C0081D3-126D-4DD0-913B-5E5E153C99DF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1CAB0875-6211-4AE4-AFF6-C4862D324B29}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe |
"{232E82DA-F6AD-47DA-BBCA-7D2598EA9802}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2F8F8712-0E08-4CE5-93CA-C8711221FEBF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{31B9F738-7A0A-4CCF-AFE6-113674AFCD0D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{31C8A650-D148-4622-AA85-DC1172DED484}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe |
"{357791B5-D1BE-41B6-AC90-A16408FDF08F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3B8B6566-1DC1-4EC4-9AC5-2CCA955A4502}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4018DE97-16DF-406C-A989-0B428F11E6B0}" = protocol=6 | dir=out | app=system |
"{42EA7D0B-BE99-4E1D-BCB2-4978E5EACC8B}" = protocol=6 | dir=in | app=e:\games\rayman origins\rayman origins.exe |
"{4CE70D5C-D945-4F99-905F-E2760ECF22B9}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe |
"{575BEAD5-BC6B-4D69-950A-5B2A8A12DFEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6005C0E0-D3D2-4F15-94E0-FC03CFF5F6AC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{664F7CAC-2943-41AE-ACA0-148807AB38E9}" = protocol=6 | dir=in | app=e:\games\rayman origins\gu.exe |
"{6762DA49-7EFE-453D-B10F-A35349FF2AF2}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe |
"{6D1FDBA3-328D-4B96-ADAB-112580D0E05D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{76288942-8814-451B-903A-3E58E0288B41}" = protocol=6 | dir=in | app=e:\program files (x86)\opera\opera.exe |
"{78A85FCF-3317-43DB-91FB-A0DDF144A3E5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7E7997F9-0C4C-4D87-88BA-F205F7503625}" = protocol=6 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe |
"{83138879-0C1C-4E62-8B75-73CA34185883}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{83D723DE-6A92-49E2-BF7B-E1849FEA83F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{8B82C53B-8BE0-43C7-A8A3-B52A08F0540F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9413AA04-31B6-47D0-B2C4-B7B823EA2220}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{969E7223-2346-4C47-BF00-E821AA727516}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{A4783BE5-B950-4A89-B82E-6F824C74C886}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB5A5199-A001-4C17-BF57-277F046EEC74}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B6658E43-FE77-4A58-BB88-6530A6286779}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7D101E3-0D0A-427E-A345-449137F20E03}" = protocol=17 | dir=in | app=e:\games\rayman origins\rayman origins.exe |
"{C05758F3-1D62-4182-AD10-E5741D8FD954}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5CE8B2B-E81B-40B6-8A1E-BEEC1BB12EBE}" = protocol=17 | dir=in | app=e:\program files (x86)\opera\opera.exe |
"{C80A5E28-74DF-44AF-A116-62374AA840AC}" = protocol=17 | dir=in | app=e:\games\rayman origins\gu.exe |
"{D833D58F-115A-4468-9B8F-BA7F437097F0}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\aolload.exe |
"{E879E2E2-E3B9-40E2-8C4E-E3E936BDC185}" = protocol=17 | dir=in | app=e:\program files (x86)\icq7.2\icq.exe |
"{E8A1E8DE-8FCA-41FE-B739-15A7152E820F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB85073C-6DAA-41B9-BDE4-B38EE93FC266}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC31520F-2B8A-4855-AC3B-D27EC012A04B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{ECEE5E1C-2207-4678-97A1-28CC9A42537D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"TCP Query User{050BC08D-77B8-4872-BA41-28A7CC169C43}E:\games\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=e:\games\left 4 dead 2\left4dead2.exe |
"TCP Query User{4A27BC9C-DF3C-4076-A13F-BA7026E6986C}G:\david\games\left 4 dead 2\srcds.exe" = protocol=6 | dir=in | app=g:\david\games\left 4 dead 2\srcds.exe |
"TCP Query User{5218527F-F8CB-4017-AE3A-C57F53B37654}C:\users\vun\desktop\ranked gaming client\rgc.exe" = protocol=6 | dir=in | app=c:\users\vun\desktop\ranked gaming client\rgc.exe |
"TCP Query User{72447530-DE3A-4684-8702-4B84B6E213F6}E:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=e:\games\warcraft iii\war3.exe |
"TCP Query User{7D4055E3-6EC8-41E2-8D48-A27AED180DF4}G:\david\games\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=g:\david\games\left 4 dead 2\left4dead2.exe |
"TCP Query User{83E743ED-13D0-4C87-91A1-564018E9D3BF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{907A20FF-E9F9-4659-A553-91D2EECE7B0C}C:\program files (x86)\hamachi\hamachi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"TCP Query User{9A91632B-0368-4166-97EB-626E505F4D26}E:\games\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=e:\games\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{AFC38F18-AAAE-4970-8821-A3812BDA61A8}E:\games\mw2\iw4mp.exe" = protocol=6 | dir=in | app=e:\games\mw2\iw4mp.exe |
"TCP Query User{CA4B37F0-A0E5-483A-B7FF-18841FCDDD8D}E:\games\left 4 dead 2\srcds.exe" = protocol=6 | dir=in | app=e:\games\left 4 dead 2\srcds.exe |
"TCP Query User{D0254337-EC51-413B-8E59-159D8495EED7}E:\games\mw2\iw4mp.dat" = protocol=6 | dir=in | app=e:\games\mw2\iw4mp.dat |
"TCP Query User{ECF77B2C-6383-4701-BC19-99FA4C381043}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"TCP Query User{F2F1015D-C694-4D7D-9616-B56BBF975E9B}E:\games\mw2\iw4mp.exe" = protocol=6 | dir=in | app=e:\games\mw2\iw4mp.exe |
"UDP Query User{2070C189-46B0-4D92-9DBA-2D48AD082A86}E:\games\left 4 dead 2\srcds.exe" = protocol=17 | dir=in | app=e:\games\left 4 dead 2\srcds.exe |
"UDP Query User{2FF0BD35-42D3-4ACF-A4AE-0FDD654E01B5}E:\games\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=e:\games\left 4 dead 2\left4dead2.exe |
"UDP Query User{489C661E-7508-47FC-BD84-8428614ED624}E:\games\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=e:\games\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{79C4ABEF-AE70-47AE-98B9-4338597755EE}G:\david\games\left 4 dead 2\srcds.exe" = protocol=17 | dir=in | app=g:\david\games\left 4 dead 2\srcds.exe |
"UDP Query User{84198B8B-4E0E-4ECA-BC61-75E9593E6176}E:\games\mw2\iw4mp.dat" = protocol=17 | dir=in | app=e:\games\mw2\iw4mp.dat |
"UDP Query User{846138DD-7041-475B-ACC0-C648FB5F4E57}G:\david\games\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=g:\david\games\left 4 dead 2\left4dead2.exe |
"UDP Query User{99F01905-4920-4E80-865A-30541D000520}E:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=e:\games\warcraft iii\war3.exe |
"UDP Query User{ADE3C6C8-2BE8-41F2-9A63-999D202E221B}E:\games\mw2\iw4mp.exe" = protocol=17 | dir=in | app=e:\games\mw2\iw4mp.exe |
"UDP Query User{CB9A66EF-9982-41BB-9701-B13F7AFC800A}C:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\desktop messenger\8876480\program\backweb-8876480.exe |
"UDP Query User{D4E2088F-8256-4F18-958B-FC77DE967975}C:\program files (x86)\hamachi\hamachi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hamachi\hamachi.exe |
"UDP Query User{EAC08568-6CE1-4C6D-9890-4AB930FD773A}E:\games\mw2\iw4mp.exe" = protocol=17 | dir=in | app=e:\games\mw2\iw4mp.exe |
"UDP Query User{ED37E1BF-CEED-4963-AF98-1968A2A80153}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{F7821A52-7EB5-4D48-8456-221F578304E4}C:\users\vun\desktop\ranked gaming client\rgc.exe" = protocol=17 | dir=in | app=c:\users\vun\desktop\ranked gaming client\rgc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{192E85C6-2B8A-4217-AD30-ECA5CE19DB23}" = Logitech QuickCam
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DF54E1D5-B4A3-4F94-B018-75529AB97682}" = O&O Defrag Professional
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIMP2" = AIMP2
"AMP WinOFF" = AMP WinOFF
"AP Tuner 3.08" = AP Tuner 3.08
"Avira AntiVir Desktop" = Avira Free Antivirus
"Diablo III" = Diablo III
"DivX Setup" = DivX-Setup
"Dungeon Defenders_is1" = Dungeon Defenders
"EarMaster School 5_is1" = EarMaster School 5
"gedit_is1" = gedit 2.30.1
"Hamachi" = Hamachi 1.0.1.5
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{AFCE4D19-D385-4232-9B0E-809D85A25A10}" = NETGEAR WN111 wireless USB 2.0 adapter
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.5.4 (Standard)
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"ManyCam" = ManyCam 2.6.60 (remove only)
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49
"MultiSkypeLauncher" = MultiSkypeLauncher (remove only)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.64.1403" = Opera 11.64
"pcsx2-r3878" = PCSX2 - Playstation 2 Emulator
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"QcDrv" = Logitech® Camera-Treiber
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 570" = Dota 2
"Tuned!" = Tuned!
"VLC media player" = VLC media player 1.1.5
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.19.3.0b
"XnView_is1" = XnView 1.98.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12.06.2012 08:14:23 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.06.2012 08:14:24 | Computer Name = VuN-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 13.06.2012 08:21:59 | Computer Name = VuN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll,
Version: 11.3.300.257, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x0016b4ac ID des fehlerhaften Prozesses: 0x105c Startzeit der fehlerhaften Anwendung:
0x01cd494c9399f081 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
Berichtskennung:
5f5d2e38-b552-11e1-869a-002354c0ca07
Error - 13.06.2012 19:31:45 | Computer Name = VuN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 12.0.0.4493,
Zeitstempel: 0x4f920759 Name des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4fc821fc Ausnahmecode: 0xc0000005 Fehleroffset:
0x6da59903 ID des fehlerhaften Prozesses: 0x15b4 Startzeit der fehlerhaften Anwendung:
0x01cd49aefd92598d Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla
Firefox\plugin-container.exe Pfad des fehlerhaften Moduls: NPSWF32_11_3_300_257.dll
Berichtskennung:
f005a920-b5af-11e1-9b35-002354c0ca07
Error - 14.06.2012 19:47:41 | Computer Name = VuN-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_257.exe,
Version: 11.3.300.257, Zeitstempel: 0x4fc82063 Name des fehlerhaften Moduls: MSVCR80.dll,
Version: 8.0.50727.6195, Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0xc000000d Fehleroffset:
0x00014ba1 ID des fehlerhaften Prozesses: 0xd14 Startzeit der fehlerhaften Anwendung:
0x01cd4a87f1a8eb66 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
53c989bd-b67b-11e1-9d77-002354c0ca07
Error - 15.06.2012 18:03:09 | Computer Name = VuN-PC | Source = VSS | ID = 12310
Description =
Error - 15.06.2012 18:03:09 | Computer Name = VuN-PC | Source = VSS | ID = 12298
Description =
[ System Events ]
Error - 11.06.2012 14:40:17 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 12.06.2012 05:37:54 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 12.06.2012 16:49:22 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 13.06.2012 06:06:18 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 13.06.2012 17:41:52 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 13.06.2012 19:41:46 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 14.06.2012 08:05:38 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 14.06.2012 19:09:58 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.06.2012 16:44:12 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 16.06.2012 07:48:02 | Computer Name = VuN-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
Vielen Dank im Voraus , boreal99 :-) |
|
18.06.2012, 16:00
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | EXP/CVE-2010-4452.BG + Email gehackt? Was tun? Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
18.06.2012, 21:27
| #3 |
| | EXP/CVE-2010-4452.BG + Email gehackt? Was tun? Ja, aber es wurde nie was gefunden bzw. sie sehen so aus wie das Logfile, das ich schon gepostet habe.
__________________Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.29.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 VuN :: VUN-PC [Administrator] Schutz: Aktiviert 30.03.2012 00:03:25 mbam-log-2012-03-30 (00-03-25).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 208218 Laufzeit: 3 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.15.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 VuN :: VUN-PC [Administrator] Schutz: Aktiviert 15.03.2012 22:34:54 mbam-log-2012-03-15 (22-34-54).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204218 Laufzeit: 3 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) boreal99 |
|
18.06.2012, 21:58
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2010-4452.BG + Email gehackt? Was tun? Führ bitte auch ESET aus, danach sehen wir weiter. Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
 + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.06.2012, 08:11
| #5 |
| | EXP/CVE-2010-4452.BG + Email gehackt? Was tun?Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7ce384113997e843ad67f54a89e2a2ac
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-18 11:39:49
# local_time=2012-06-19 01:39:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 26990385 26990385 0 0
# compatibility_mode=1792 16777215 100 0 4935510 4935510 0 0
# compatibility_mode=5893 16776574 100 94 79100 91684172 0 0
# compatibility_mode=8192 67108863 100 0 882 882 0 0
# scanned=267671
# found=3
# cleaned=0
# scan_time=8468
C:\Users\VuN\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\VuN\Desktop\galaxy s\titanium\com.bslapps1.gbc-008ebe1251eec8406f1ab884e898ca0f.apk.gz a variant of Android/Adware.Leadbolt.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\VuN\Desktop\galaxy s\titanium\com.geeksoft.screenshot-29bf9425a18e05f84330914c0ac181ad.apk.gz Android/Plankton.H trojan (unable to clean) 00000000000000000000000000000000 I
|
|
19.06.2012, 08:48
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2010-4452.BG + Email gehackt? Was tun? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> EXP/CVE-2010-4452.BG + Email gehackt? Was tun? |
|
19.06.2012, 20:50
| #7 |
| | EXP/CVE-2010-4452.BG + Email gehackt? Was tun? OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.06.2012 21:36:27 - Run 2 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\VuN\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 72,72% Memory free 8,00 Gb Paging File | 6,70 Gb Available in Paging File | 83,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 114,82 Gb Total Space | 62,69 Gb Free Space | 54,60% Space Free | Partition Type: NTFS Drive D: | 18,81 Gb Total Space | 0,01 Gb Free Space | 0,04% Space Free | Partition Type: NTFS Drive E: | 332,03 Gb Total Space | 194,49 Gb Free Space | 58,58% Space Free | Partition Type: NTFS Computer Name: VUN-PC | User Name: VuN | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.16 13:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe PRC - [2012.05.08 21:41:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 21:41:56 | 000,086,992 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\ipmGui.exe PRC - [2012.05.08 21:41:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.10.29 21:06:06 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe PRC - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2008.04.01 15:30:50 | 002,502,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe PRC - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe PRC - [2007.02.08 02:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LComMgr\Communications_Helper.exe PRC - [2007.02.08 02:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2007.02.06 18:44:14 | 000,064,288 | ---- | M] (Logitech Inc.) -- c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe PRC - [2007.02.06 18:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe ========== Modules (No Company Name) ========== MOD - [2011.10.29 21:06:06 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\BWfiles.dll MOD - [2011.10.29 21:06:06 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\6.1.4.36-8876480L\Program\clntutil.dll MOD - [2011.10.29 21:06:06 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll MOD - [2011.10.29 21:06:06 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe MOD - [2008.04.01 15:30:50 | 002,502,656 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WN111\wn111.exe MOD - [2007.09.02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007.09.02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll MOD - [2007.02.08 02:13:00 | 000,022,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LCMServerPS.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.09.10 14:04:32 | 003,065,160 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007.02.06 18:45:38 | 000,173,344 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV:64bit: - [2007.02.06 18:44:02 | 000,173,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe -- (LVPrcS64) SRV - [2012.06.16 21:15:27 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.08 21:41:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 21:41:56 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.09.09 00:00:00 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.05.24 08:02:30 | 000,699,392 | ---- | M] (DameWare Development LLC) [Disabled | Stopped] -- C:\Windows\dwrcs\DWRCS.EXE -- (dwmrcs) SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.16 17:49:12 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.05.08 21:41:56 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 21:41:56 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.02 14:26:23 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.20 09:46:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2011.07.20 09:46:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2011.07.20 09:46:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2011.07.20 09:45:54 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011.07.20 09:45:54 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011.07.20 09:45:54 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011.07.20 09:45:54 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2011.05.19 17:29:28 | 000,334,400 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdevice.sys -- (mcdevice) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.21 11:39:40 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.01.21 11:39:39 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.02 21:22:18 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.10 12:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam) DRV:64bit: - [2007.10.28 21:22:32 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WN111x.sys -- (MRV6X64U) Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x) DRV:64bit: - [2007.02.06 18:43:14 | 000,031,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV:64bit: - [2007.02.06 18:42:50 | 002,346,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVMVdrv.sys -- (LVMVDrv) DRV:64bit: - [2007.02.06 18:41:40 | 001,013,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVCKap64.sys -- (LVcKap64) DRV:64bit: - [2007.02.03 10:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2007.02.03 10:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0) DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007.09.11 04:23:46 | 000,018,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mrv64drv.sys -- (Mrvleap) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786 IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 72 3E D4 0F 47 CD 01 [binary data] IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109958&tt=060612_8_&babsrc=SP_ss&mntrId=5e59474200000000000000195b551786 IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 9B 8D BC 13 26 CC 01 [binary data] IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786" FF - prefs.js..extensions.enabledItems: {c36177c0-224a-11da-8cd6-0800200c9a91}:3.9.4 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=KW_ss&mntrId=5e59474200000000000000195b551786&q=" FF - prefs.js..network.proxy.backup.ftp: "64.85.181.46" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.socks: "64.85.181.46" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "64.85.181.46" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "64.85.181.46" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.http: "64.85.181.46" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "64.85.181.46" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "64.85.181.46" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.17 15:38:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 13:05:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.16 12:15:39 | 000,000,000 | ---D | M] [2012.06.17 13:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VuN\AppData\Roaming\mozilla\Extensions [2012.06.17 13:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VuN\AppData\Roaming\mozilla\Firefox\Profiles\6etmbr70.default\extensions [2010.09.05 00:25:48 | 000,002,395 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\searchplugins\askcom.xml [2010.01.11 17:48:44 | 000,004,153 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\searchplugins\youtube.xml [2012.06.17 13:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.17 15:38:24 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.04.13 13:41:30 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6ETMBR70.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI [2012.01.06 13:46:24 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6ETMBR70.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.05.19 01:07:40 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\VUN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6ETMBR70.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.16 17:42:56 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000..\Run: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe () O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\RunOnce: [InetReg] C:\Program Files (x86)\Creative\Produktregistrierung\German\InetReg.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\VuN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiSkypeLauncher.lnk = C:\Program Files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe (IM-history) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..Trusted Domains: microsoft.com) ([fai.music.metaservices] http in Vertrauenswürdige Sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B2F30F8-C105-40E4-8BF9-E4327E0688D3}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{292BDBB5-D674-498D-A539-AC2B5A1C9999}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB05EBC-CE5D-40A6-A2C2-B87449F36DCE}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8280385D-EA22-4074-89E2-B0F6EA326450}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{882C5845-1DA3-441B-A83E-A99011AF1A95}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB4659D0-100E-4990-BBD3-F0119580CE5C}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell - "" = AutoRun O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell\AutoRun\command - "" = H:\Setup.exe O33 - MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\Shell - "" = AutoRun O33 - MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\Shell\AutoRun\command - "" = G:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^VuN^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^My_AutoWarkey_Script.lnk - C:\PROGRA~2\Warkeys\AUTOWA~1\AUTOHO~1\AUTOHO~1.EXE - () MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= - File not found MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation) MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\Windows\SysWow64\SL_ANET.ACM (Sipro Lab Telecom Inc.) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.iv31 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\SysWow64\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) Drivers32: vidc.yvu9 - C:\Windows\SysWow64\Iyvu9_32.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.18 23:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.18 23:03:38 | 002,322,184 | ---- | C] (ESET) -- C:\Users\VuN\Desktop\esetsmartinstaller_enu.exe [2012.06.17 13:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.06.17 12:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup [2012.06.17 12:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup [2012.06.16 17:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.06.16 17:47:07 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.06.16 17:47:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2012.06.16 17:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012.06.16 17:42:35 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\Babylon [2012.06.16 16:57:03 | 000,000,000 | ---D | C] -- C:\Users\VuN\Desktop\magicka [2012.06.16 13:51:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe [2012.06.16 12:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.06.16 12:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.09 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\VuN\Desktop\ws 2012 [2012.06.09 13:53:24 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Local\Macromedia [2012.06.08 18:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.06.08 18:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.06.08 18:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.05.28 16:35:46 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\LolClient2 [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.19 21:37:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.19 21:28:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.19 21:28:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.19 21:24:56 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.19 21:24:56 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.19 21:24:56 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.19 21:24:56 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.19 21:24:56 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.19 21:20:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.19 21:20:31 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys [2012.06.19 21:20:31 | 002,037,772 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor [2012.06.18 23:03:40 | 002,322,184 | ---- | M] (ESET) -- C:\Users\VuN\Desktop\esetsmartinstaller_enu.exe [2012.06.17 13:05:56 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.17 13:00:55 | 004,294,464 | ---- | M] () -- C:\Users\VuN\Desktop\Firefox 13.0.1 (de) - 2012-06-17.pcv [2012.06.17 12:59:37 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk [2012.06.16 17:49:49 | 000,000,691 | ---- | M] () -- C:\Users\VuN\Desktop\SmartSteam - Verknüpfung.lnk [2012.06.16 17:49:12 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012.06.16 17:43:22 | 000,000,250 | ---- | M] () -- C:\user.js [2012.06.16 14:18:08 | 000,048,483 | ---- | M] () -- C:\Users\VuN\Desktop\authrootstl.cab [2012.06.16 13:51:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\VuN\Desktop\OTL.exe [2012.06.16 13:46:39 | 000,000,020 | ---- | M] () -- C:\Users\VuN\defogger_reenable [2012.06.16 13:46:20 | 000,050,477 | ---- | M] () -- C:\Users\VuN\Desktop\Defogger.exe [2012.06.13 23:40:54 | 000,321,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.11 21:09:24 | 000,507,960 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 23.png [2012.06.10 19:15:15 | 001,096,043 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (25).wma [2012.06.10 18:58:47 | 001,374,423 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (24).wma [2012.06.10 18:53:41 | 001,118,493 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (23).wma [2012.06.10 16:50:01 | 000,033,241 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 1019.png [2012.06.08 20:23:43 | 000,091,605 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 987.png [2012.06.06 17:32:36 | 000,424,144 | ---- | M] () -- C:\Users\VuN\Documents\IMG_06062012_233214.png [2012.06.06 16:03:12 | 000,232,157 | ---- | M] () -- C:\Users\VuN\Documents\IMG_06062012_220228.png [2012.06.05 20:39:24 | 000,772,763 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (22).wma [2012.06.05 20:27:47 | 000,723,373 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (21).wma [2012.06.05 20:24:47 | 000,651,533 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (20).wma [2012.06.05 18:52:32 | 000,183,637 | ---- | M] () -- C:\Users\VuN\Documents\vugod.gif [2012.06.03 21:22:02 | 000,081,675 | ---- | M] () -- C:\Users\VuN\DSCN0311.JPG [2012.06.03 21:21:04 | 000,067,656 | ---- | M] () -- C:\Users\VuN\DSCN0310.JPG [2012.06.03 18:15:05 | 000,673,983 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (19).wma [2012.06.03 18:04:44 | 001,320,543 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (18).wma [2012.06.03 17:50:12 | 000,673,983 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (17).wma [2012.06.03 17:29:51 | 000,804,193 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (16).wma [2012.06.03 15:13:45 | 000,507,853 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (15).wma [2012.05.29 22:27:34 | 000,061,389 | ---- | M] () -- C:\Users\VuN\Documents\IMG_0555.JPG [2012.05.29 20:27:35 | 000,021,420 | ---- | M] () -- C:\Users\VuN\Documents\Video call snapshot 897.png [2012.05.26 17:03:06 | 003,108,328 | ---- | M] () -- C:\Users\VuN\Documents\DSCN0225.JPG [2012.05.21 21:09:19 | 000,970,323 | ---- | M] () -- C:\Users\VuN\Documents\Unbenannt (13).wma [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.17 13:05:56 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.06.17 13:05:56 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.06.17 13:00:53 | 004,294,464 | ---- | C] () -- C:\Users\VuN\Desktop\Firefox 13.0.1 (de) - 2012-06-17.pcv [2012.06.17 12:59:37 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk [2012.06.16 17:49:49 | 000,000,691 | ---- | C] () -- C:\Users\VuN\Desktop\SmartSteam - Verknüpfung.lnk [2012.06.16 17:43:19 | 000,000,250 | ---- | C] () -- C:\user.js [2012.06.16 14:18:07 | 000,048,483 | ---- | C] () -- C:\Users\VuN\Desktop\authrootstl.cab [2012.06.16 13:46:39 | 000,000,020 | ---- | C] () -- C:\Users\VuN\defogger_reenable [2012.06.16 13:46:17 | 000,050,477 | ---- | C] () -- C:\Users\VuN\Desktop\Defogger.exe [2012.06.15 01:46:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.11 21:07:19 | 000,507,960 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 23.png [2012.06.10 19:15:15 | 001,096,043 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (25).wma [2012.06.10 18:58:47 | 001,374,423 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (24).wma [2012.06.10 18:53:41 | 001,118,493 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (23).wma [2012.06.10 16:49:31 | 000,033,241 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 1019.png [2012.06.08 20:23:29 | 000,091,605 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 987.png [2012.06.06 17:32:28 | 000,424,144 | ---- | C] () -- C:\Users\VuN\Documents\IMG_06062012_233214.png [2012.06.06 16:03:06 | 000,232,157 | ---- | C] () -- C:\Users\VuN\Documents\IMG_06062012_220228.png [2012.06.05 20:39:24 | 000,772,763 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (22).wma [2012.06.05 20:27:47 | 000,723,373 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (21).wma [2012.06.05 20:24:47 | 000,651,533 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (20).wma [2012.06.05 18:52:04 | 000,183,637 | ---- | C] () -- C:\Users\VuN\Documents\vugod.gif [2012.06.03 21:17:26 | 000,081,675 | ---- | C] () -- C:\Users\VuN\DSCN0311.JPG [2012.06.03 21:17:26 | 000,067,656 | ---- | C] () -- C:\Users\VuN\DSCN0310.JPG [2012.06.03 18:15:05 | 000,673,983 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (19).wma [2012.06.03 18:04:44 | 001,320,543 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (18).wma [2012.06.03 17:50:12 | 000,673,983 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (17).wma [2012.06.03 17:29:51 | 000,804,193 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (16).wma [2012.06.03 15:13:45 | 000,507,853 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (15).wma [2012.05.29 22:27:02 | 000,061,389 | ---- | C] () -- C:\Users\VuN\Documents\IMG_0555.JPG [2012.05.29 20:26:49 | 000,021,420 | ---- | C] () -- C:\Users\VuN\Documents\Video call snapshot 897.png [2012.05.26 17:01:58 | 003,108,328 | ---- | C] () -- C:\Users\VuN\Documents\DSCN0225.JPG [2012.05.21 21:09:19 | 000,970,323 | ---- | C] () -- C:\Users\VuN\Documents\Unbenannt (13).wma [2011.12.12 19:11:46 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI [2011.11.05 05:21:58 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.10.29 21:06:06 | 000,081,920 | R--- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe [2011.10.29 02:03:02 | 000,000,520 | ---- | C] () -- C:\Windows\_delis32.ini [2011.10.02 14:51:45 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2011.10.02 14:11:43 | 000,003,584 | ---- | C] () -- C:\Users\VuN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.01 15:40:44 | 000,000,164 | ---- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.05.13 00:38:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.05.07 19:56:45 | 006,904,040 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011.04.17 19:23:08 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.01.26 12:05:28 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.05 19:15:31 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.12.02 21:26:05 | 000,049,459 | ---- | C] () -- C:\Windows\War3Unin.dat ========== LOP Check ========== [2011.01.06 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\.minecraft [2012.06.11 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AIMP [2012.03.14 17:18:53 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Audacity [2011.10.11 03:03:51 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AutoHideIP [2012.06.16 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Babylon [2011.12.23 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Beat Hazard [2011.02.25 22:36:16 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Braid [2012.04.29 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DAEMON Tools Lite [2011.07.05 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DameWare Development [2011.09.01 15:40:23 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Degener [2010.12.09 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Dropbox [2011.10.29 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\FotoWire [2011.05.07 16:40:41 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gedit [2011.10.02 14:25:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\GetRightToGo [2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Go!Zilla [2011.05.07 15:01:42 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gtk-2.0 [2010.12.05 04:57:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hothead Games [2012.02.21 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ICQ [2011.01.27 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\IrfanView [2011.07.05 17:55:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\iTALC [2011.05.31 16:53:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Lionhead Studios [2011.01.02 17:58:29 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient [2012.05.28 16:35:46 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient2 [2012.01.09 01:34:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ManyCam [2012.04.08 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Mp3tag [2012.01.20 22:48:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\MultiSkypeLauncher [2010.12.08 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\OpenOffice.org [2011.05.07 15:56:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Opera [2011.09.20 00:21:27 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Samsung [2011.04.23 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\SmartSurfer [2010.12.02 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trillian [2011.10.29 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trine2 [2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TS3Client [2010.12.02 23:34:21 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TuneUp Software [2011.11.04 22:03:08 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Tunngle [2011.01.16 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1 [2011.10.02 15:37:38 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WebcamMax [2011.04.23 21:16:01 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WEBDE [2011.12.23 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\XnView [2012.05.25 18:53:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.01.06 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\.minecraft [2011.05.07 19:56:46 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AccurateRip [2011.01.16 02:10:12 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Adobe [2012.06.11 13:40:26 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AIMP [2012.01.16 15:08:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Apple Computer [2012.03.14 17:18:53 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Audacity [2011.10.11 03:03:51 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\AutoHideIP [2012.04.22 20:25:52 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Avira [2012.06.16 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Babylon [2011.12.23 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Beat Hazard [2011.02.25 22:36:16 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Braid [2012.04.29 16:05:17 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DAEMON Tools Lite [2011.07.05 19:21:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DameWare Development [2011.09.01 15:40:23 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Degener [2011.12.11 02:48:31 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\DivX [2011.01.13 15:42:18 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Download Manager [2010.12.09 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Dropbox [2011.06.19 00:50:12 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\dvdcss [2011.10.29 21:07:13 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\FotoWire [2011.05.07 16:40:41 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gedit [2011.10.02 14:25:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\GetRightToGo [2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Go!Zilla [2011.05.07 15:01:42 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\gtk-2.0 [2012.06.18 23:10:07 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hamachi [2012.04.09 21:16:05 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hamachi Backup [2010.12.05 04:57:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Hothead Games [2012.02.21 15:05:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ICQ [2010.12.02 20:40:25 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Identities [2012.02.04 00:23:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\InstallShield Installation Information [2011.01.27 20:33:09 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\IrfanView [2011.07.05 17:55:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\iTALC [2011.05.31 16:53:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Lionhead Studios [2011.01.02 17:58:29 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient [2012.05.28 16:35:46 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\LolClient2 [2010.12.02 21:14:11 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Macromedia [2011.01.09 16:19:19 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Malwarebytes [2012.01.09 01:34:15 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ManyCam [2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Media Center Programs [2012.04.16 22:05:08 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Media Player Classic [2011.09.20 12:33:28 | 000,000,000 | --SD | M] -- C:\Users\VuN\AppData\Roaming\Microsoft [2012.06.17 13:06:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Mozilla [2012.04.08 17:50:20 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Mp3tag [2012.01.20 22:48:32 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\MultiSkypeLauncher [2010.12.29 19:33:53 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\NVIDIA [2010.12.08 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\OpenOffice.org [2011.05.07 15:56:22 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Opera [2011.09.20 00:21:27 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Samsung [2010.12.18 20:39:48 | 000,000,000 | RH-D | M] -- C:\Users\VuN\AppData\Roaming\SecuROM [2012.06.19 21:34:25 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Skype [2011.04.23 21:34:50 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\SmartSurfer [2010.12.02 21:46:54 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trillian [2011.10.29 18:55:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Trine2 [2012.02.04 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TS3Client [2010.12.02 23:34:21 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\TuneUp Software [2011.11.04 22:03:08 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\Tunngle [2011.01.16 02:10:44 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1 [2011.12.15 02:00:36 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\vlc [2011.10.02 15:37:38 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WebcamMax [2011.04.23 21:16:01 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WEBDE [2010.12.02 20:54:42 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\WinRAR [2011.12.23 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\VuN\AppData\Roaming\XnView < %APPDATA%\*.exe /s > [2011.08.11 13:58:57 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\VuN\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2011.11.15 15:20:01 | 000,010,134 | R--- | M] () -- C:\Users\VuN\AppData\Roaming\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > |
|
19.06.2012, 20:55
| #8 |
| | EXP/CVE-2010-4452.BG + Email gehackt? Was tun? -Doppelpost- Geändert von boreal99 (19.06.2012 um 21:16 Uhr) |
|
20.06.2012, 10:54
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2010-4452.BG + Email gehackt? Was tun? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 73 72 3E D4 0F 47 CD 01 [binary data]
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=109958&tt=060612_8_&babsrc=SP_ss&mntrId=5e59474200000000000000195b551786
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 9B 8D BC 13 26 CC 01 [binary data]
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=KW_ss&mntrId=5e59474200000000000000195b551786&q="
FF - prefs.js..network.proxy.backup.ftp: "64.85.181.46"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "64.85.181.46"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "64.85.181.46"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "64.85.181.46"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.http: "64.85.181.46"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "64.85.181.46"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "64.85.181.46"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
[2010.09.05 00:25:48 | 000,002,395 | ---- | M] () -- C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\searchplugins\askcom.xml
[2012.06.16 17:42:56 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell - "" = AutoRun
O33 - MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\Shell - "" = AutoRun
O33 - MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\Shell\AutoRun\command - "" = G:\Setup.exe
[2012.06.16 17:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.06.16 17:42:35 | 000,000,000 | ---D | C] -- C:\Users\VuN\AppData\Roaming\Babylon
[2012.06.16 17:43:19 | 000,000,250 | ---- | C] () -- C:\user.js
:Files
C:\Users\VuN\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\VuN\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe
C:\Users\VuN\Desktop\galaxy s\titanium\com.bslapps1.gbc-008ebe1251eec8406f1ab884e898ca0f.apk.gz
C:\Users\VuN\Desktop\galaxy s\titanium\com.geeksoft.screenshot-29bf9425a18e05f84330914c0ac181ad.apk.gz
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.06.2012, 19:30
| #10 |
| | EXP/CVE-2010-4452.BG + Email gehackt? Was tun? Der OTL-Fix lief bis zu "resetting hosts file. do not interrupt......" und dann erschien eine Fehlermeldung : cannot create file C:\windows\system32\drivers\etc\hosts . Der Pc hat sich dann aufgehangen und ich musste neustarten. Diese .txt Datei wurde erstellt : Code:
ATTFilter Files\Folders moved on Reboot...
File move failed. C:\Users\VuN\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Windows\System32\drivers\etc\Hosts moved successfully.
Registry entries deleted on Reboot...
Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1435813945-2107367148-2769172061-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=HP_ss&mntrId=5e59474200000000000000195b551786" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=109958&tt=060612_8_&babsrc=KW_ss&mntrId=5e59474200000000000000195b551786&q=" removed from keyword.URL
Prefs.js: "64.85.181.46" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "64.85.181.46" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "64.85.181.46" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "64.85.181.46" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "" removed from network.proxy.gopher
Prefs.js: 0 removed from network.proxy.gopher_port
Prefs.js: "64.85.181.46" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "64.85.181.46" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "64.85.181.46" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
File C:\Users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\searchplugins\askcom.xml not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop not found.
Registry value HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{002f4f05-fe4f-11df-9800-002354c0ca07}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{002f4f05-fe4f-11df-9800-002354c0ca07}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{002f4f05-fe4f-11df-9800-002354c0ca07}\ not found.
File H:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c7c15bf-b7a9-11e1-a561-002354c0ca07}\ not found.
File G:\Setup.exe not found.
Folder C:\ProgramData\Babylon\ not found.
Folder C:\Users\VuN\AppData\Roaming\Babylon\ not found.
File C:\user.js not found.
========== FILES ==========
File\Folder C:\Users\VuN\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File\Folder C:\Users\VuN\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe not found.
File\Folder C:\Users\VuN\Desktop\galaxy s\titanium\com.bslapps1.gbc-008ebe1251eec8406f1ab884e898ca0f.apk.gz not found.
File\Folder C:\Users\VuN\Desktop\galaxy s\titanium\com.geeksoft.screenshot-29bf9425a18e05f84330914c0ac181ad.apk.gz not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: VuN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 38443 bytes
->FireFox cache emptied: 6342273 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 6,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: UpdatusUser
User: VuN
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.49.0 log created on 06202012_202403
Files\Folders moved on Reboot...
File\Folder C:\Users\VuN\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
21.06.2012, 10:13
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2010-4452.BG + Email gehackt? Was tun? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.06.2012, 19:39
| #12 |
| | EXP/CVE-2010-4452.BG + Email gehackt? Was tun?Code:
ATTFilter 20:36:07.0393 2104 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
20:36:07.0720 2104 ============================================================
20:36:07.0720 2104 Current date / time: 2012/06/21 20:36:07.0720
20:36:07.0720 2104 SystemInfo:
20:36:07.0720 2104
20:36:07.0720 2104 OS Version: 6.1.7601 ServicePack: 1.0
20:36:07.0720 2104 Product type: Workstation
20:36:07.0720 2104 ComputerName: VUN-PC
20:36:07.0720 2104 UserName: VuN
20:36:07.0720 2104 Windows directory: C:\Windows
20:36:07.0720 2104 System windows directory: C:\Windows
20:36:07.0720 2104 Running under WOW64
20:36:07.0720 2104 Processor architecture: Intel x64
20:36:07.0721 2104 Number of processors: 2
20:36:07.0721 2104 Page size: 0x1000
20:36:07.0721 2104 Boot type: Normal boot
20:36:07.0721 2104 ============================================================
20:36:08.0625 2104 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
20:36:08.0629 2104 ============================================================
20:36:08.0629 2104 \Device\Harddisk0\DR0:
20:36:08.0630 2104 MBR partitions:
20:36:08.0630 2104 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:36:08.0630 2104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32808, BlocksNum 0x298106B8
20:36:08.0646 2104 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x29843800, BlocksNum 0x259C800
20:36:08.0646 2104 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2BDE0EC0, BlocksNum 0xE5A4140
20:36:08.0646 2104 ============================================================
20:36:08.0665 2104 C: <-> \Device\Harddisk0\DR0\Partition3
20:36:08.0692 2104 D: <-> \Device\Harddisk0\DR0\Partition2
20:36:08.0731 2104 E: <-> \Device\Harddisk0\DR0\Partition1
20:36:08.0731 2104 ============================================================
20:36:08.0731 2104 Initialize success
20:36:08.0731 2104 ============================================================
20:36:33.0781 3704 ============================================================
20:36:33.0781 3704 Scan started
20:36:33.0781 3704 Mode: Manual; SigCheck; TDLFS;
20:36:33.0781 3704 ============================================================
20:36:34.0261 3704 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:36:34.0388 3704 1394ohci - ok
20:36:34.0419 3704 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:36:34.0433 3704 ACPI - ok
20:36:34.0446 3704 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:36:34.0485 3704 AcpiPmi - ok
20:36:34.0592 3704 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:36:34.0601 3704 AdobeARMservice - ok
20:36:34.0697 3704 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:36:34.0708 3704 AdobeFlashPlayerUpdateSvc - ok
20:36:34.0754 3704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:36:34.0783 3704 adp94xx - ok
20:36:34.0815 3704 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:36:34.0836 3704 adpahci - ok
20:36:34.0858 3704 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:36:34.0876 3704 adpu320 - ok
20:36:34.0910 3704 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:36:34.0987 3704 AeLookupSvc - ok
20:36:35.0040 3704 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:36:35.0062 3704 AFD - ok
20:36:35.0086 3704 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:36:35.0101 3704 agp440 - ok
20:36:35.0115 3704 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:36:35.0154 3704 ALG - ok
20:36:35.0181 3704 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:36:35.0195 3704 aliide - ok
20:36:35.0215 3704 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:36:35.0228 3704 amdide - ok
20:36:35.0259 3704 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:36:35.0287 3704 AmdK8 - ok
20:36:35.0304 3704 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:36:35.0321 3704 AmdPPM - ok
20:36:35.0353 3704 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:36:35.0369 3704 amdsata - ok
20:36:35.0389 3704 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:36:35.0408 3704 amdsbs - ok
20:36:35.0422 3704 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:36:35.0435 3704 amdxata - ok
20:36:35.0462 3704 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
20:36:35.0513 3704 androidusb - ok
20:36:35.0594 3704 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:36:35.0605 3704 AntiVirSchedulerService - ok
20:36:35.0674 3704 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:36:35.0684 3704 AntiVirService - ok
20:36:35.0735 3704 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:36:35.0860 3704 AppID - ok
20:36:35.0877 3704 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:36:35.0917 3704 AppIDSvc - ok
20:36:35.0936 3704 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:36:35.0971 3704 Appinfo - ok
20:36:36.0022 3704 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:36:36.0056 3704 AppMgmt - ok
20:36:36.0086 3704 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:36:36.0103 3704 arc - ok
20:36:36.0123 3704 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:36:36.0139 3704 arcsas - ok
20:36:36.0165 3704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:36:36.0206 3704 AsyncMac - ok
20:36:36.0247 3704 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:36:36.0256 3704 atapi - ok
20:36:36.0302 3704 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
20:36:36.0323 3704 atksgt - ok
20:36:36.0375 3704 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:36:36.0446 3704 AudioEndpointBuilder - ok
20:36:36.0456 3704 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:36:36.0491 3704 AudioSrv - ok
20:36:36.0537 3704 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
20:36:36.0553 3704 avgntflt - ok
20:36:36.0573 3704 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
20:36:36.0592 3704 avipbb - ok
20:36:36.0605 3704 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:36:36.0619 3704 avkmgr - ok
20:36:36.0647 3704 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:36:36.0718 3704 AxInstSV - ok
20:36:36.0765 3704 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:36:36.0807 3704 b06bdrv - ok
20:36:36.0842 3704 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:36:36.0879 3704 b57nd60a - ok
20:36:36.0920 3704 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:36:36.0959 3704 BDESVC - ok
20:36:36.0970 3704 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:36:37.0009 3704 Beep - ok
20:36:37.0063 3704 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:36:37.0107 3704 BFE - ok
20:36:37.0155 3704 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:36:37.0199 3704 BITS - ok
20:36:37.0237 3704 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:36:37.0271 3704 blbdrive - ok
20:36:37.0303 3704 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:36:37.0340 3704 bowser - ok
20:36:37.0362 3704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:36:37.0413 3704 BrFiltLo - ok
20:36:37.0437 3704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:36:37.0454 3704 BrFiltUp - ok
20:36:37.0484 3704 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:36:37.0522 3704 Browser - ok
20:36:37.0551 3704 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:36:37.0590 3704 Brserid - ok
20:36:37.0608 3704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:36:37.0637 3704 BrSerWdm - ok
20:36:37.0660 3704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:36:37.0682 3704 BrUsbMdm - ok
20:36:37.0699 3704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:36:37.0714 3704 BrUsbSer - ok
20:36:37.0733 3704 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:36:37.0765 3704 BTHMODEM - ok
20:36:37.0807 3704 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:36:37.0856 3704 bthserv - ok
20:36:37.0909 3704 CamDrL64 (6e1641724439e18ce55adee2d347aa19) C:\Windows\system32\DRIVERS\CamDrL64.sys
20:36:37.0938 3704 CamDrL64 - ok
20:36:37.0955 3704 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:36:37.0998 3704 cdfs - ok
20:36:38.0058 3704 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:36:38.0085 3704 cdrom - ok
20:36:38.0114 3704 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:36:38.0155 3704 CertPropSvc - ok
20:36:38.0179 3704 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:36:38.0200 3704 circlass - ok
20:36:38.0236 3704 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:36:38.0252 3704 CLFS - ok
20:36:38.0304 3704 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:36:38.0319 3704 clr_optimization_v2.0.50727_32 - ok
20:36:38.0348 3704 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:36:38.0364 3704 clr_optimization_v2.0.50727_64 - ok
20:36:38.0413 3704 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:36:38.0422 3704 clr_optimization_v4.0.30319_32 - ok
20:36:38.0450 3704 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:36:38.0460 3704 clr_optimization_v4.0.30319_64 - ok
20:36:38.0567 3704 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:36:38.0599 3704 CmBatt - ok
20:36:38.0654 3704 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:36:38.0668 3704 cmdide - ok
20:36:38.0704 3704 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:36:38.0736 3704 CNG - ok
20:36:38.0756 3704 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:36:38.0770 3704 Compbatt - ok
20:36:38.0807 3704 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:36:38.0837 3704 CompositeBus - ok
20:36:38.0847 3704 COMSysApp - ok
20:36:38.0862 3704 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:36:38.0876 3704 crcdisk - ok
20:36:38.0903 3704 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:36:38.0929 3704 CryptSvc - ok
20:36:38.0961 3704 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:36:39.0016 3704 CSC - ok
20:36:39.0043 3704 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:36:39.0069 3704 CscService - ok
20:36:39.0098 3704 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:36:39.0140 3704 DcomLaunch - ok
20:36:39.0185 3704 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:36:39.0229 3704 defragsvc - ok
20:36:39.0285 3704 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:36:39.0337 3704 DfsC - ok
20:36:39.0376 3704 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:36:39.0420 3704 Dhcp - ok
20:36:39.0444 3704 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:36:39.0487 3704 discache - ok
20:36:39.0512 3704 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:36:39.0530 3704 Disk - ok
20:36:39.0551 3704 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:36:39.0585 3704 Dnscache - ok
20:36:39.0623 3704 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:36:39.0675 3704 dot3svc - ok
20:36:39.0698 3704 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:36:39.0740 3704 DPS - ok
20:36:39.0775 3704 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:36:39.0799 3704 drmkaud - ok
20:36:39.0836 3704 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:36:39.0848 3704 dtsoftbus01 - ok
20:36:39.0887 3704 dwmrcs - ok
20:36:39.0944 3704 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:36:39.0972 3704 DXGKrnl - ok
20:36:39.0998 3704 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:36:40.0040 3704 EapHost - ok
20:36:40.0146 3704 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:36:40.0274 3704 ebdrv - ok
20:36:40.0344 3704 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:36:40.0366 3704 EFS - ok
20:36:40.0424 3704 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:36:40.0479 3704 ehRecvr - ok
20:36:40.0503 3704 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:36:40.0537 3704 ehSched - ok
20:36:40.0596 3704 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:36:40.0621 3704 elxstor - ok
20:36:40.0648 3704 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:36:40.0672 3704 ErrDev - ok
20:36:40.0866 3704 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:36:40.0908 3704 EventSystem - ok
20:36:40.0931 3704 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:36:40.0981 3704 exfat - ok
20:36:41.0000 3704 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:36:41.0048 3704 fastfat - ok
20:36:41.0100 3704 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:36:41.0130 3704 Fax - ok
20:36:41.0142 3704 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:36:41.0161 3704 fdc - ok
20:36:41.0182 3704 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:36:41.0231 3704 fdPHost - ok
20:36:41.0250 3704 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:36:41.0304 3704 FDResPub - ok
20:36:41.0332 3704 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:36:41.0348 3704 FileInfo - ok
20:36:41.0369 3704 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:36:41.0412 3704 Filetrace - ok
20:36:41.0438 3704 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:36:41.0460 3704 flpydisk - ok
20:36:41.0493 3704 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:36:41.0517 3704 FltMgr - ok
20:36:41.0579 3704 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:36:41.0618 3704 FontCache - ok
20:36:41.0663 3704 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:36:41.0677 3704 FontCache3.0.0.0 - ok
20:36:41.0714 3704 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:36:41.0730 3704 FsDepends - ok
20:36:41.0758 3704 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:36:41.0772 3704 Fs_Rec - ok
20:36:41.0804 3704 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:36:41.0819 3704 fvevol - ok
20:36:41.0842 3704 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:36:41.0858 3704 gagp30kx - ok
20:36:41.0897 3704 GGSAFERDriver - ok
20:36:41.0931 3704 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:36:41.0996 3704 gpsvc - ok
20:36:42.0015 3704 hamachi (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
20:36:42.0028 3704 hamachi - ok
20:36:42.0048 3704 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:36:42.0080 3704 hcw85cir - ok
20:36:42.0122 3704 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:36:42.0160 3704 HdAudAddService - ok
20:36:42.0175 3704 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:36:42.0201 3704 HDAudBus - ok
20:36:42.0219 3704 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:36:42.0245 3704 HidBatt - ok
20:36:42.0262 3704 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:36:42.0299 3704 HidBth - ok
20:36:42.0313 3704 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:36:42.0339 3704 HidIr - ok
20:36:42.0361 3704 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:36:42.0422 3704 hidserv - ok
20:36:42.0453 3704 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:36:42.0470 3704 HidUsb - ok
20:36:42.0492 3704 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:36:42.0534 3704 hkmsvc - ok
20:36:42.0575 3704 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:36:42.0612 3704 HomeGroupListener - ok
20:36:42.0638 3704 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:36:42.0661 3704 HomeGroupProvider - ok
20:36:42.0687 3704 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:36:42.0702 3704 HpSAMD - ok
20:36:42.0764 3704 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:36:42.0813 3704 HTTP - ok
20:36:42.0831 3704 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:36:42.0841 3704 hwpolicy - ok
20:36:42.0877 3704 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:36:42.0895 3704 i8042prt - ok
20:36:42.0926 3704 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:36:42.0950 3704 iaStorV - ok
20:36:43.0018 3704 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:36:43.0064 3704 idsvc - ok
20:36:43.0089 3704 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:36:43.0103 3704 iirsp - ok
20:36:43.0147 3704 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:36:43.0202 3704 IKEEXT - ok
20:36:43.0225 3704 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:36:43.0238 3704 intelide - ok
20:36:43.0262 3704 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:36:43.0279 3704 intelppm - ok
20:36:43.0300 3704 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:36:43.0337 3704 IPBusEnum - ok
20:36:43.0363 3704 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:36:43.0400 3704 IpFilterDriver - ok
20:36:43.0440 3704 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:36:43.0478 3704 iphlpsvc - ok
20:36:43.0502 3704 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:36:43.0526 3704 IPMIDRV - ok
20:36:43.0546 3704 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:36:43.0591 3704 IPNAT - ok
20:36:43.0611 3704 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:36:43.0655 3704 IRENUM - ok
20:36:43.0677 3704 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:36:43.0692 3704 isapnp - ok
20:36:43.0718 3704 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:36:43.0740 3704 iScsiPrt - ok
20:36:43.0767 3704 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:36:43.0784 3704 kbdclass - ok
20:36:43.0808 3704 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:36:43.0829 3704 kbdhid - ok
20:36:43.0848 3704 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:36:43.0860 3704 KeyIso - ok
20:36:43.0878 3704 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:36:43.0895 3704 KSecDD - ok
20:36:43.0926 3704 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:36:43.0944 3704 KSecPkg - ok
20:36:43.0964 3704 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:36:44.0008 3704 ksthunk - ok
20:36:44.0045 3704 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:36:44.0106 3704 KtmRm - ok
20:36:44.0151 3704 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:36:44.0192 3704 LanmanServer - ok
20:36:44.0223 3704 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:36:44.0259 3704 LanmanWorkstation - ok
20:36:44.0307 3704 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
20:36:44.0321 3704 lirsgt - ok
20:36:44.0347 3704 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:36:44.0385 3704 lltdio - ok
20:36:44.0415 3704 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:36:44.0462 3704 lltdsvc - ok
20:36:44.0471 3704 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:36:44.0506 3704 lmhosts - ok
20:36:44.0542 3704 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:36:44.0558 3704 LSI_FC - ok
20:36:44.0575 3704 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:36:44.0593 3704 LSI_SAS - ok
20:36:44.0607 3704 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:36:44.0624 3704 LSI_SAS2 - ok
20:36:44.0649 3704 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:36:44.0666 3704 LSI_SCSI - ok
20:36:44.0692 3704 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:36:44.0723 3704 luafv - ok
20:36:44.0782 3704 LVcKap64 (3c7a54ae999841f30e4648e0de9e4b46) C:\Windows\system32\DRIVERS\LVcKap64.sys
20:36:44.0820 3704 LVcKap64 - ok
20:36:44.0893 3704 LVMVDrv (d621d1c9650a5add39c64047fcf860a5) C:\Windows\system32\DRIVERS\LVMVDrv.sys
20:36:44.0940 3704 LVMVDrv - ok
20:36:44.0994 3704 LVPr2Mon (e379cb87bf2dc0787d825d4cb91c27a8) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
20:36:45.0015 3704 LVPr2Mon - ok
20:36:45.0053 3704 LVPrcS64 (df8b20bbec546d94cecf75c48a596aec) c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
20:36:45.0064 3704 LVPrcS64 - ok
20:36:45.0094 3704 LVSrvLauncher (65e0ec0338c9ade32d044a8cc18c147b) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
20:36:45.0113 3704 LVSrvLauncher - ok
20:36:45.0135 3704 LVUSBS64 (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\drivers\LVUSBS64.sys
20:36:45.0148 3704 LVUSBS64 - ok
20:36:45.0176 3704 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
20:36:45.0208 3704 ManyCam - ok
20:36:45.0257 3704 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:36:45.0274 3704 MBAMProtector - ok
20:36:45.0368 3704 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:36:45.0385 3704 MBAMService - ok
20:36:45.0417 3704 mcdevice (3cd0d8fc5fe6f7ae85ac8b818f9029b4) C:\Windows\system32\DRIVERS\mcdevice.sys
20:36:45.0440 3704 mcdevice - ok
20:36:45.0466 3704 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:36:45.0495 3704 Mcx2Svc - ok
20:36:45.0544 3704 MDM (e416e967e3fb6fb1e9ae12b9c7dab526) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
20:36:45.0559 3704 MDM ( UnsignedFile.Multi.Generic ) - warning
20:36:45.0559 3704 MDM - detected UnsignedFile.Multi.Generic (1)
20:36:45.0584 3704 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:36:45.0599 3704 megasas - ok
20:36:45.0626 3704 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:36:45.0648 3704 MegaSR - ok
20:36:45.0670 3704 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:36:45.0713 3704 MMCSS - ok
20:36:45.0730 3704 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:36:45.0773 3704 Modem - ok
20:36:45.0802 3704 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:36:45.0826 3704 monitor - ok
20:36:45.0879 3704 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:36:45.0894 3704 mouclass - ok
20:36:45.0908 3704 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:36:45.0922 3704 mouhid - ok
20:36:45.0950 3704 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:36:45.0966 3704 mountmgr - ok
20:36:46.0035 3704 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:36:46.0058 3704 MozillaMaintenance - ok
20:36:46.0082 3704 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:36:46.0109 3704 mpio - ok
20:36:46.0134 3704 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:36:46.0172 3704 mpsdrv - ok
20:36:46.0217 3704 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:36:46.0269 3704 MpsSvc - ok
20:36:46.0310 3704 MRV6X64U (7e997df71cd2dd5cf0d3d07b8d8e798c) C:\Windows\system32\DRIVERS\WN111x.sys
20:36:46.0342 3704 MRV6X64U - ok
20:36:46.0351 3704 Mrvleap - ok
20:36:46.0378 3704 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:36:46.0414 3704 MRxDAV - ok
20:36:46.0444 3704 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:36:46.0467 3704 mrxsmb - ok
20:36:46.0499 3704 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:36:46.0526 3704 mrxsmb10 - ok
20:36:46.0546 3704 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:36:46.0563 3704 mrxsmb20 - ok
20:36:46.0592 3704 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:36:46.0606 3704 msahci - ok
20:36:46.0634 3704 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:36:46.0655 3704 msdsm - ok
20:36:46.0684 3704 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:36:46.0707 3704 MSDTC - ok
20:36:46.0737 3704 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:36:46.0770 3704 Msfs - ok
20:36:46.0784 3704 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:36:46.0836 3704 mshidkmdf - ok
20:36:46.0850 3704 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:36:46.0884 3704 msisadrv - ok
20:36:46.0919 3704 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:36:46.0961 3704 MSiSCSI - ok
20:36:46.0970 3704 msiserver - ok
20:36:47.0000 3704 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:36:47.0036 3704 MSKSSRV - ok
20:36:47.0064 3704 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:36:47.0107 3704 MSPCLOCK - ok
20:36:47.0123 3704 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:36:47.0167 3704 MSPQM - ok
20:36:47.0199 3704 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:36:47.0221 3704 MsRPC - ok
20:36:47.0249 3704 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:36:47.0259 3704 mssmbios - ok
20:36:47.0280 3704 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:36:47.0322 3704 MSTEE - ok
20:36:47.0335 3704 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:36:47.0348 3704 MTConfig - ok
20:36:47.0386 3704 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
20:36:47.0404 3704 MTsensor - ok
20:36:47.0423 3704 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:36:47.0439 3704 Mup - ok
20:36:47.0475 3704 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:36:47.0516 3704 napagent - ok
20:36:47.0541 3704 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:36:47.0577 3704 NativeWifiP - ok
20:36:47.0623 3704 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:36:47.0647 3704 NDIS - ok
20:36:47.0666 3704 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:36:47.0701 3704 NdisCap - ok
20:36:47.0729 3704 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:36:47.0771 3704 NdisTapi - ok
20:36:47.0813 3704 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:36:47.0852 3704 Ndisuio - ok
20:36:47.0883 3704 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:36:47.0952 3704 NdisWan - ok
20:36:47.0962 3704 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:36:48.0005 3704 NDProxy - ok
20:36:48.0037 3704 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:36:48.0085 3704 NetBIOS - ok
20:36:48.0106 3704 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:36:48.0145 3704 NetBT - ok
20:36:48.0168 3704 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:36:48.0179 3704 Netlogon - ok
20:36:48.0224 3704 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:36:48.0260 3704 Netman - ok
20:36:48.0285 3704 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:36:48.0362 3704 netprofm - ok
20:36:48.0422 3704 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:36:48.0441 3704 NetTcpPortSharing - ok
20:36:48.0481 3704 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:36:48.0500 3704 nfrd960 - ok
20:36:48.0533 3704 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:36:48.0576 3704 NlaSvc - ok
20:36:48.0596 3704 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:36:48.0637 3704 Npfs - ok
20:36:48.0669 3704 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:36:48.0706 3704 nsi - ok
20:36:48.0723 3704 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:36:48.0766 3704 nsiproxy - ok
20:36:48.0863 3704 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:36:48.0923 3704 Ntfs - ok
20:36:48.0982 3704 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:36:49.0026 3704 Null - ok
20:36:49.0410 3704 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:36:49.0616 3704 nvlddmkm - ok
20:36:49.0687 3704 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:36:49.0728 3704 nvraid - ok
20:36:49.0816 3704 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:36:49.0835 3704 nvstor - ok
20:36:49.0906 3704 NVSvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
20:36:49.0935 3704 NVSvc - ok
20:36:50.0065 3704 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:36:50.0104 3704 nvUpdatusService - ok
20:36:50.0184 3704 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:36:50.0201 3704 nv_agp - ok
20:36:50.0229 3704 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:36:50.0259 3704 ohci1394 - ok
20:36:50.0382 3704 OODefragAgent (f5115921cac7a3a025e9db85b5f67604) C:\Program Files\OO Software\Defrag\oodag.exe
20:36:50.0430 3704 OODefragAgent - ok
20:36:50.0506 3704 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:36:50.0529 3704 p2pimsvc - ok
20:36:50.0569 3704 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:36:50.0592 3704 p2psvc - ok
20:36:50.0634 3704 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:36:50.0655 3704 Parport - ok
20:36:50.0679 3704 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:36:50.0697 3704 partmgr - ok
20:36:50.0714 3704 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:36:50.0756 3704 PcaSvc - ok
20:36:50.0784 3704 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:36:50.0810 3704 pci - ok
20:36:50.0822 3704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:36:50.0838 3704 pciide - ok
20:36:50.0864 3704 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:36:50.0887 3704 pcmcia - ok
20:36:50.0928 3704 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:36:50.0945 3704 pcw - ok
20:36:51.0046 3704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:36:51.0115 3704 PEAUTH - ok
20:36:51.0298 3704 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:36:51.0361 3704 PeerDistSvc - ok
20:36:51.0411 3704 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:36:51.0432 3704 PerfHost - ok
20:36:51.0531 3704 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:36:51.0609 3704 pla - ok
20:36:51.0641 3704 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:36:51.0671 3704 PlugPlay - ok
20:36:51.0702 3704 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:36:51.0756 3704 PNRPAutoReg - ok
20:36:51.0967 3704 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:36:51.0986 3704 PNRPsvc - ok
20:36:52.0020 3704 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:36:52.0067 3704 PolicyAgent - ok
20:36:52.0093 3704 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:36:52.0140 3704 Power - ok
20:36:52.0213 3704 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:36:52.0288 3704 PptpMiniport - ok
20:36:52.0319 3704 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:36:52.0343 3704 Processor - ok
20:36:52.0380 3704 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:36:52.0410 3704 ProfSvc - ok
20:36:52.0430 3704 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:36:52.0441 3704 ProtectedStorage - ok
20:36:52.0476 3704 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:36:52.0518 3704 Psched - ok
20:36:52.0607 3704 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:36:52.0694 3704 ql2300 - ok
20:36:52.0768 3704 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:36:52.0791 3704 ql40xx - ok
20:36:52.0829 3704 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:36:53.0014 3704 QWAVE - ok
20:36:53.0095 3704 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:36:53.0221 3704 QWAVEdrv - ok
20:36:53.0241 3704 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:36:53.0280 3704 RasAcd - ok
20:36:53.0313 3704 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:36:53.0352 3704 RasAgileVpn - ok
20:36:53.0368 3704 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:36:53.0513 3704 RasAuto - ok
20:36:53.0558 3704 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:36:53.0605 3704 Rasl2tp - ok
20:36:53.0636 3704 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:36:53.0699 3704 RasMan - ok
20:36:53.0765 3704 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:36:53.0944 3704 RasPppoe - ok
20:36:53.0981 3704 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:36:54.0097 3704 RasSstp - ok
20:36:54.0126 3704 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:36:54.0168 3704 rdbss - ok
20:36:54.0181 3704 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:36:54.0200 3704 rdpbus - ok
20:36:54.0211 3704 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:36:54.0246 3704 RDPCDD - ok
20:36:54.0292 3704 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:36:54.0319 3704 RDPDR - ok
20:36:54.0332 3704 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:36:54.0368 3704 RDPENCDD - ok
20:36:54.0381 3704 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:36:54.0414 3704 RDPREFMP - ok
20:36:54.0464 3704 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:36:54.0512 3704 RdpVideoMiniport - ok
20:36:54.0567 3704 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:36:54.0683 3704 RDPWD - ok
20:36:54.0715 3704 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:36:54.0764 3704 rdyboost - ok
20:36:54.0786 3704 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:36:54.0840 3704 RemoteAccess - ok
20:36:54.0870 3704 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:36:54.0920 3704 RemoteRegistry - ok
20:36:54.0938 3704 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:36:54.0976 3704 RpcEptMapper - ok
20:36:54.0994 3704 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:36:55.0015 3704 RpcLocator - ok
20:36:55.0111 3704 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:36:55.0160 3704 RpcSs - ok
20:36:55.0186 3704 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:36:55.0233 3704 rspndr - ok
20:36:55.0275 3704 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:36:55.0297 3704 RTL8167 - ok
20:36:55.0317 3704 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:36:55.0338 3704 s3cap - ok
20:36:55.0360 3704 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:36:55.0371 3704 SamSs - ok
20:36:55.0392 3704 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:36:55.0411 3704 sbp2port - ok
20:36:55.0439 3704 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:36:55.0490 3704 SCardSvr - ok
20:36:55.0512 3704 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:36:55.0552 3704 scfilter - ok
20:36:55.0614 3704 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:36:55.0667 3704 Schedule - ok
20:36:55.0687 3704 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:36:55.0723 3704 SCPolicySvc - ok
20:36:55.0751 3704 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:36:56.0090 3704 SDRSVC - ok
20:36:56.0137 3704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:36:56.0176 3704 secdrv - ok
20:36:56.0203 3704 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:36:56.0243 3704 seclogon - ok
20:36:56.0272 3704 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:36:56.0327 3704 SENS - ok
20:36:56.0341 3704 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:36:56.0377 3704 SensrSvc - ok
20:36:56.0403 3704 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:36:56.0419 3704 Serenum - ok
20:36:56.0438 3704 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:36:56.0467 3704 Serial - ok
20:36:56.0490 3704 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:36:56.0512 3704 sermouse - ok
20:36:56.0550 3704 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:36:56.0603 3704 SessionEnv - ok
20:36:56.0626 3704 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:36:56.0652 3704 sffdisk - ok
20:36:56.0673 3704 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:36:56.0701 3704 sffp_mmc - ok
20:36:56.0711 3704 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:36:56.0741 3704 sffp_sd - ok
20:36:56.0776 3704 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:36:56.0794 3704 sfloppy - ok
20:36:56.0836 3704 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:36:56.0893 3704 SharedAccess - ok
20:36:56.0925 3704 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:36:56.0975 3704 ShellHWDetection - ok
20:36:57.0049 3704 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:36:57.0067 3704 SiSRaid2 - ok
20:36:57.0087 3704 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:36:57.0102 3704 SiSRaid4 - ok
20:36:57.0223 3704 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:36:57.0236 3704 SkypeUpdate - ok
20:36:57.0266 3704 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:36:57.0323 3704 Smb - ok
20:36:57.0395 3704 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:36:57.0530 3704 SNMPTRAP - ok
20:36:57.0561 3704 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:36:57.0589 3704 spldr - ok
20:36:57.0633 3704 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:36:57.0702 3704 Spooler - ok
20:36:57.0869 3704 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:36:58.0033 3704 sppsvc - ok
20:36:58.0126 3704 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:36:58.0260 3704 sppuinotify - ok
20:36:58.0334 3704 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
20:36:58.0381 3704 sptd - ok
20:36:58.0422 3704 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:36:58.0535 3704 srv - ok
20:36:58.0564 3704 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:36:58.0608 3704 srv2 - ok
20:36:58.0626 3704 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:36:58.0654 3704 srvnet - ok
20:36:58.0698 3704 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
20:36:58.0725 3704 ssadbus - ok
20:36:58.0736 3704 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:36:58.0767 3704 ssadmdfl - ok
20:36:58.0787 3704 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
20:36:59.0124 3704 ssadmdm - ok
20:36:59.0164 3704 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
20:36:59.0184 3704 sscdbus - ok
20:36:59.0198 3704 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:36:59.0212 3704 sscdmdfl - ok
20:36:59.0258 3704 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
20:36:59.0323 3704 sscdmdm - ok
20:36:59.0555 3704 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:36:59.0602 3704 SSDPSRV - ok
20:36:59.0627 3704 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:36:59.0677 3704 SstpSvc - ok
20:36:59.0784 3704 Steam Client Service - ok
20:36:59.0956 3704 Stereo Service (6086b60f2e36d06a063cb07ed0524332) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:36:59.0991 3704 Stereo Service - ok
20:37:00.0013 3704 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:37:00.0027 3704 stexstor - ok
20:37:00.0085 3704 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:37:00.0146 3704 stisvc - ok
20:37:00.0176 3704 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:37:00.0202 3704 storflt - ok
20:37:00.0221 3704 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:37:00.0238 3704 storvsc - ok
20:37:00.0256 3704 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:37:00.0269 3704 swenum - ok
20:37:00.0373 3704 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:37:00.0422 3704 swprv - ok
20:37:00.0446 3704 Synth3dVsc - ok
20:37:00.0550 3704 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:37:00.0598 3704 SysMain - ok
20:37:00.0689 3704 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:37:00.0718 3704 TabletInputService - ok
20:37:00.0741 3704 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:37:00.0793 3704 TapiSrv - ok
20:37:00.0836 3704 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:37:00.0924 3704 TBS - ok
20:37:01.0034 3704 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:37:01.0127 3704 Tcpip - ok
20:37:01.0450 3704 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:37:01.0486 3704 TCPIP6 - ok
20:37:01.0547 3704 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:37:01.0588 3704 tcpipreg - ok
20:37:01.0608 3704 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:37:01.0629 3704 TDPIPE - ok
20:37:01.0660 3704 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:37:01.0723 3704 TDTCP - ok
20:37:01.0749 3704 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:37:01.0790 3704 tdx - ok
20:37:01.0824 3704 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:37:01.0839 3704 TermDD - ok
20:37:01.0876 3704 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:37:01.0925 3704 TermService - ok
20:37:01.0947 3704 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:37:01.0972 3704 Themes - ok
20:37:01.0994 3704 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:37:02.0027 3704 THREADORDER - ok
20:37:02.0045 3704 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:37:02.0097 3704 TrkWks - ok
20:37:02.0149 3704 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:37:02.0188 3704 TrustedInstaller - ok
20:37:02.0218 3704 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:37:02.0254 3704 tssecsrv - ok
20:37:02.0291 3704 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:37:02.0320 3704 TsUsbFlt - ok
20:37:02.0330 3704 tsusbhub - ok
20:37:02.0364 3704 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:37:02.0407 3704 tunnel - ok
20:37:02.0428 3704 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:37:02.0444 3704 uagp35 - ok
20:37:02.0477 3704 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:37:02.0534 3704 udfs - ok
20:37:02.0564 3704 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:37:02.0595 3704 UI0Detect - ok
20:37:02.0622 3704 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:37:02.0639 3704 uliagpkx - ok
20:37:02.0671 3704 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:37:02.0688 3704 umbus - ok
20:37:02.0709 3704 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:37:02.0726 3704 UmPass - ok
20:37:02.0757 3704 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:37:02.0783 3704 UmRdpService - ok
20:37:02.0819 3704 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:37:02.0867 3704 upnphost - ok
20:37:02.0902 3704 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:37:02.0941 3704 usbaudio - ok
20:37:02.0967 3704 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:37:03.0005 3704 usbccgp - ok
20:37:03.0028 3704 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:37:03.0051 3704 usbcir - ok
20:37:03.0068 3704 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:37:03.0087 3704 usbehci - ok
20:37:03.0119 3704 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:37:03.0153 3704 usbhub - ok
20:37:03.0171 3704 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:37:03.0200 3704 usbohci - ok
20:37:03.0233 3704 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:37:03.0266 3704 usbprint - ok
20:37:03.0316 3704 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:37:03.0346 3704 usbscan - ok
20:37:03.0385 3704 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:37:03.0434 3704 USBSTOR - ok
20:37:03.0462 3704 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:37:03.0491 3704 usbuhci - ok
20:37:03.0522 3704 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:37:03.0573 3704 UxSms - ok
20:37:03.0594 3704 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:03.0604 3704 VaultSvc - ok
20:37:03.0626 3704 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
20:37:03.0656 3704 VClone - ok
20:37:03.0687 3704 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:37:03.0700 3704 vdrvroot - ok
20:37:03.0738 3704 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:37:03.0788 3704 vds - ok
20:37:03.0816 3704 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:37:03.0838 3704 vga - ok
20:37:03.0850 3704 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:37:03.0887 3704 VgaSave - ok
20:37:03.0901 3704 VGPU - ok
20:37:03.0937 3704 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:37:03.0960 3704 vhdmp - ok
20:37:04.0039 3704 VIAHdAudAddService (627270f2103d41086bab9675a3315dab) C:\Windows\system32\drivers\viahduaa.sys
20:37:04.0116 3704 VIAHdAudAddService - ok
20:37:04.0143 3704 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:37:04.0160 3704 viaide - ok
20:37:04.0182 3704 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:37:04.0203 3704 vmbus - ok
20:37:04.0225 3704 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:37:04.0245 3704 VMBusHID - ok
20:37:04.0267 3704 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:37:04.0283 3704 volmgr - ok
20:37:04.0328 3704 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:37:04.0343 3704 volmgrx - ok
20:37:04.0500 3704 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:37:04.0524 3704 volsnap - ok
20:37:04.0568 3704 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:37:04.0588 3704 vsmraid - ok
20:37:04.0649 3704 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:37:04.0721 3704 VSS - ok
20:37:04.0783 3704 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:37:04.0811 3704 vwifibus - ok
20:37:04.0848 3704 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:37:04.0888 3704 W32Time - ok
20:37:04.0915 3704 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:37:04.0937 3704 WacomPen - ok
20:37:04.0980 3704 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:05.0021 3704 WANARP - ok
20:37:05.0029 3704 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:05.0060 3704 Wanarpv6 - ok
20:37:05.0121 3704 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:37:05.0181 3704 wbengine - ok
20:37:05.0258 3704 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:37:05.0292 3704 WbioSrvc - ok
20:37:05.0323 3704 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:37:05.0351 3704 wcncsvc - ok
20:37:05.0369 3704 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:37:05.0390 3704 WcsPlugInService - ok
20:37:05.0437 3704 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:37:05.0451 3704 Wd - ok
20:37:05.0486 3704 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:37:05.0516 3704 Wdf01000 - ok
20:37:05.0533 3704 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:37:05.0603 3704 WdiServiceHost - ok
20:37:05.0610 3704 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:37:05.0628 3704 WdiSystemHost - ok
20:37:05.0666 3704 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:37:05.0703 3704 WebClient - ok
20:37:05.0726 3704 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:37:05.0839 3704 Wecsvc - ok
20:37:05.0857 3704 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:37:05.0905 3704 wercplsupport - ok
20:37:05.0929 3704 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:37:05.0973 3704 WerSvc - ok
20:37:06.0025 3704 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:37:06.0065 3704 WfpLwf - ok
20:37:06.0082 3704 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:37:06.0098 3704 WIMMount - ok
20:37:06.0121 3704 WinDefend - ok
20:37:06.0128 3704 WinHttpAutoProxySvc - ok
20:37:06.0177 3704 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:37:06.0213 3704 Winmgmt - ok
20:37:07.0433 3704 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:37:07.0720 3704 WinRM - ok
20:37:07.0830 3704 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:37:07.0862 3704 WinUsb - ok
20:37:07.0912 3704 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:37:07.0945 3704 Wlansvc - ok
20:37:08.0052 3704 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:37:08.0089 3704 wlidsvc - ok
20:37:08.0166 3704 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:37:08.0186 3704 WmiAcpi - ok
20:37:08.0271 3704 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:37:08.0390 3704 wmiApSrv - ok
20:37:08.0436 3704 WMPNetworkSvc - ok
20:37:08.0462 3704 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:37:08.0510 3704 WPCSvc - ok
20:37:08.0565 3704 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:37:08.0584 3704 WPDBusEnum - ok
20:37:08.0605 3704 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:37:08.0690 3704 ws2ifsl - ok
20:37:08.0705 3704 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:37:08.0734 3704 wscsvc - ok
20:37:08.0742 3704 WSearch - ok
20:37:08.0837 3704 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:37:08.0880 3704 wuauserv - ok
20:37:09.0265 3704 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:37:09.0322 3704 WudfPf - ok
20:37:09.0351 3704 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:37:09.0390 3704 WUDFRd - ok
20:37:09.0417 3704 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:37:09.0454 3704 wudfsvc - ok
20:37:09.0488 3704 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:37:09.0523 3704 WwanSvc - ok
20:37:09.0595 3704 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
20:37:09.0804 3704 xusb21 - ok
20:37:09.0902 3704 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:37:10.0255 3704 \Device\Harddisk0\DR0 - ok
20:37:10.0261 3704 Boot (0x1200) (a8daa5bbe0338988c8ec78cc5efacb29) \Device\Harddisk0\DR0\Partition0
20:37:10.0262 3704 \Device\Harddisk0\DR0\Partition0 - ok
20:37:10.0290 3704 Boot (0x1200) (b6bf3c3e04125ad57fa0a93e61f8ae03) \Device\Harddisk0\DR0\Partition1
20:37:10.0292 3704 \Device\Harddisk0\DR0\Partition1 - ok
20:37:10.0316 3704 Boot (0x1200) (0ea0da12b8e6f16b81d487956f25d54e) \Device\Harddisk0\DR0\Partition2
20:37:10.0317 3704 \Device\Harddisk0\DR0\Partition2 - ok
20:37:10.0335 3704 Boot (0x1200) (ab90189e4e14e12dce2196eba134cfe4) \Device\Harddisk0\DR0\Partition3
20:37:10.0337 3704 \Device\Harddisk0\DR0\Partition3 - ok
20:37:10.0339 3704 ============================================================
20:37:10.0339 3704 Scan finished
20:37:10.0339 3704 ============================================================
20:37:10.0353 3940 Detected object count: 1
20:37:10.0353 3940 Actual detected object count: 1
20:37:17.0556 3940 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:37:17.0556 3940 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:37:27.0076 3256 ============================================================
20:37:27.0076 3256 Scan started
20:37:27.0076 3256 Mode: Manual; SigCheck; TDLFS;
20:37:27.0076 3256 ============================================================
20:37:27.0438 3256 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:37:27.0456 3256 1394ohci - ok
20:37:27.0487 3256 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:37:27.0504 3256 ACPI - ok
20:37:27.0531 3256 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:37:27.0543 3256 AcpiPmi - ok
20:37:27.0602 3256 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:37:27.0611 3256 AdobeARMservice - ok
20:37:27.0682 3256 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:37:27.0693 3256 AdobeFlashPlayerUpdateSvc - ok
20:37:27.0739 3256 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:37:27.0754 3256 adp94xx - ok
20:37:27.0784 3256 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:37:27.0797 3256 adpahci - ok
20:37:27.0818 3256 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:37:27.0833 3256 adpu320 - ok
20:37:27.0862 3256 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:37:27.0893 3256 AeLookupSvc - ok
20:37:27.0932 3256 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:37:27.0949 3256 AFD - ok
20:37:27.0971 3256 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:37:27.0981 3256 agp440 - ok
20:37:28.0000 3256 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:37:28.0012 3256 ALG - ok
20:37:28.0042 3256 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:37:28.0051 3256 aliide - ok
20:37:28.0067 3256 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:37:28.0079 3256 amdide - ok
20:37:28.0103 3256 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:37:28.0121 3256 AmdK8 - ok
20:37:28.0140 3256 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:37:28.0150 3256 AmdPPM - ok
20:37:28.0165 3256 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:37:28.0175 3256 amdsata - ok
20:37:28.0199 3256 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:37:28.0211 3256 amdsbs - ok
20:37:28.0224 3256 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:37:28.0233 3256 amdxata - ok
20:37:28.0256 3256 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
20:37:28.0267 3256 androidusb - ok
20:37:28.0330 3256 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:37:28.0340 3256 AntiVirSchedulerService - ok
20:37:28.0368 3256 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:37:28.0377 3256 AntiVirService - ok
20:37:28.0404 3256 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:37:28.0433 3256 AppID - ok
20:37:28.0454 3256 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:37:28.0488 3256 AppIDSvc - ok
20:37:28.0513 3256 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:37:28.0545 3256 Appinfo - ok
20:37:28.0576 3256 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
20:37:28.0587 3256 AppMgmt - ok
20:37:28.0614 3256 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:37:28.0625 3256 arc - ok
20:37:28.0642 3256 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:37:28.0652 3256 arcsas - ok
20:37:28.0667 3256 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:37:28.0699 3256 AsyncMac - ok
20:37:28.0724 3256 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:37:28.0733 3256 atapi - ok
20:37:28.0764 3256 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
20:37:28.0776 3256 atksgt - ok
20:37:28.0820 3256 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:37:28.0855 3256 AudioEndpointBuilder - ok
20:37:28.0866 3256 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:37:28.0906 3256 AudioSrv - ok
20:37:28.0922 3256 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
20:37:28.0932 3256 avgntflt - ok
20:37:28.0950 3256 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
20:37:28.0961 3256 avipbb - ok
20:37:28.0970 3256 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:37:28.0979 3256 avkmgr - ok
20:37:29.0000 3256 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:37:29.0015 3256 AxInstSV - ok
20:37:29.0051 3256 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:37:29.0067 3256 b06bdrv - ok
20:37:29.0095 3256 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:37:29.0108 3256 b57nd60a - ok
20:37:29.0131 3256 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:37:29.0143 3256 BDESVC - ok
20:37:29.0156 3256 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:37:29.0189 3256 Beep - ok
20:37:29.0231 3256 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:37:29.0268 3256 BFE - ok
20:37:29.0310 3256 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:37:29.0354 3256 BITS - ok
20:37:29.0388 3256 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:37:29.0399 3256 blbdrive - ok
20:37:29.0422 3256 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:37:29.0435 3256 bowser - ok
20:37:29.0456 3256 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:37:29.0469 3256 BrFiltLo - ok
20:37:29.0480 3256 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:37:29.0493 3256 BrFiltUp - ok
20:37:29.0519 3256 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:37:29.0548 3256 Browser - ok
20:37:29.0569 3256 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:37:29.0585 3256 Brserid - ok
20:37:29.0601 3256 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:37:29.0614 3256 BrSerWdm - ok
20:37:29.0629 3256 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:37:29.0641 3256 BrUsbMdm - ok
20:37:29.0660 3256 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:37:29.0669 3256 BrUsbSer - ok
20:37:29.0685 3256 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:37:29.0698 3256 BTHMODEM - ok
20:37:29.0726 3256 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:37:29.0758 3256 bthserv - ok
20:37:29.0802 3256 CamDrL64 (6e1641724439e18ce55adee2d347aa19) C:\Windows\system32\DRIVERS\CamDrL64.sys
20:37:29.0822 3256 CamDrL64 - ok
20:37:29.0840 3256 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:37:29.0871 3256 cdfs - ok
20:37:29.0894 3256 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:37:29.0905 3256 cdrom - ok
20:37:29.0924 3256 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:37:29.0954 3256 CertPropSvc - ok
20:37:29.0973 3256 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:37:29.0988 3256 circlass - ok
20:37:30.0012 3256 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:37:30.0027 3256 CLFS - ok
20:37:30.0072 3256 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:37:30.0085 3256 clr_optimization_v2.0.50727_32 - ok
20:37:30.0134 3256 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:37:30.0143 3256 clr_optimization_v2.0.50727_64 - ok
20:37:30.0186 3256 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:37:30.0197 3256 clr_optimization_v4.0.30319_32 - ok
20:37:30.0219 3256 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:37:30.0228 3256 clr_optimization_v4.0.30319_64 - ok
20:37:30.0253 3256 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:37:30.0263 3256 CmBatt - ok
20:37:30.0305 3256 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:37:30.0315 3256 cmdide - ok
20:37:30.0495 3256 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:37:30.0515 3256 CNG - ok
20:37:30.0534 3256 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:37:30.0543 3256 Compbatt - ok
20:37:30.0567 3256 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:37:30.0583 3256 CompositeBus - ok
20:37:30.0591 3256 COMSysApp - ok
20:37:30.0605 3256 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:37:30.0616 3256 crcdisk - ok
20:37:30.0648 3256 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:37:30.0659 3256 CryptSvc - ok
20:37:30.0688 3256 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:37:30.0704 3256 CSC - ok
20:37:30.0745 3256 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
20:37:30.0766 3256 CscService - ok
20:37:30.0799 3256 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:37:30.0840 3256 DcomLaunch - ok
20:37:30.0870 3256 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:37:30.0904 3256 defragsvc - ok
20:37:30.0943 3256 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:37:30.0972 3256 DfsC - ok
20:37:30.0994 3256 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:37:31.0026 3256 Dhcp - ok
20:37:31.0053 3256 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:37:31.0089 3256 discache - ok
20:37:31.0101 3256 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:37:31.0112 3256 Disk - ok
20:37:31.0153 3256 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:37:31.0164 3256 Dnscache - ok
20:37:31.0192 3256 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:37:31.0223 3256 dot3svc - ok
20:37:31.0242 3256 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:37:31.0273 3256 DPS - ok
20:37:31.0295 3256 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:37:31.0306 3256 drmkaud - ok
20:37:31.0334 3256 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:37:31.0349 3256 dtsoftbus01 - ok
20:37:31.0373 3256 dwmrcs - ok
20:37:31.0422 3256 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:37:31.0444 3256 DXGKrnl - ok
20:37:31.0475 3256 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:37:31.0506 3256 EapHost - ok
20:37:31.0619 3256 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:37:31.0660 3256 ebdrv - ok
20:37:31.0763 3256 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:37:31.0773 3256 EFS - ok
20:37:31.0837 3256 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:37:31.0854 3256 ehRecvr - ok
20:37:31.0881 3256 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:37:31.0892 3256 ehSched - ok
20:37:31.0932 3256 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:37:31.0948 3256 elxstor - ok
20:37:31.0976 3256 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:37:31.0986 3256 ErrDev - ok
20:37:32.0020 3256 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:37:32.0056 3256 EventSystem - ok
20:37:32.0075 3256 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:37:32.0111 3256 exfat - ok
20:37:32.0128 3256 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:37:32.0159 3256 fastfat - ok
20:37:32.0201 3256 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:37:32.0218 3256 Fax - ok
20:37:32.0237 3256 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:37:32.0247 3256 fdc - ok
20:37:32.0260 3256 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:37:32.0291 3256 fdPHost - ok
20:37:32.0311 3256 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:37:32.0345 3256 FDResPub - ok
20:37:32.0356 3256 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:37:32.0366 3256 FileInfo - ok
20:37:32.0388 3256 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:37:32.0418 3256 Filetrace - ok
20:37:32.0433 3256 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:37:32.0443 3256 flpydisk - ok
20:37:32.0471 3256 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:37:32.0484 3256 FltMgr - ok
20:37:32.0537 3256 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:37:32.0558 3256 FontCache - ok
20:37:32.0608 3256 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:37:32.0616 3256 FontCache3.0.0.0 - ok
20:37:32.0651 3256 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:37:32.0660 3256 FsDepends - ok
20:37:32.0686 3256 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:37:32.0695 3256 Fs_Rec - ok
20:37:32.0714 3256 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:37:32.0728 3256 fvevol - ok
20:37:32.0745 3256 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:37:32.0755 3256 gagp30kx - ok
20:37:32.0784 3256 GGSAFERDriver - ok
20:37:32.0819 3256 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:37:32.0859 3256 gpsvc - ok
20:37:32.0877 3256 hamachi (7eec4281639dc7e9a67c661efd414f3a) C:\Windows\system32\DRIVERS\hamachi.sys
20:37:32.0886 3256 hamachi - ok
20:37:32.0901 3256 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:37:32.0911 3256 hcw85cir - ok
20:37:32.0950 3256 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:37:32.0965 3256 HdAudAddService - ok
20:37:32.0987 3256 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:37:33.0001 3256 HDAudBus - ok
20:37:33.0014 3256 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:37:33.0024 3256 HidBatt - ok
20:37:33.0040 3256 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:37:33.0053 3256 HidBth - ok
20:37:33.0067 3256 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:37:33.0079 3256 HidIr - ok
20:37:33.0106 3256 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:37:33.0137 3256 hidserv - ok
20:37:33.0157 3256 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:37:33.0167 3256 HidUsb - ok
20:37:33.0187 3256 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:37:33.0218 3256 hkmsvc - ok
20:37:33.0254 3256 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:37:33.0266 3256 HomeGroupListener - ok
20:37:33.0291 3256 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:37:33.0304 3256 HomeGroupProvider - ok
20:37:33.0323 3256 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:37:33.0333 3256 HpSAMD - ok
20:37:33.0383 3256 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:37:33.0420 3256 HTTP - ok
20:37:33.0436 3256 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:37:33.0445 3256 hwpolicy - ok
20:37:33.0472 3256 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:37:33.0486 3256 i8042prt - ok
20:37:33.0521 3256 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:37:33.0535 3256 iaStorV - ok
20:37:33.0609 3256 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:37:33.0629 3256 idsvc - ok
20:37:33.0650 3256 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:37:33.0660 3256 iirsp - ok
20:37:33.0710 3256 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:37:33.0747 3256 IKEEXT - ok
20:37:33.0770 3256 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:37:33.0779 3256 intelide - ok
20:37:33.0799 3256 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:37:33.0810 3256 intelppm - ok
20:37:33.0829 3256 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:37:33.0866 3256 IPBusEnum - ok
20:37:33.0891 3256 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:37:33.0920 3256 IpFilterDriver - ok
20:37:33.0953 3256 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:37:34.0013 3256 iphlpsvc - ok
20:37:34.0039 3256 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:37:34.0067 3256 IPMIDRV - ok
20:37:34.0083 3256 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:37:34.0146 3256 IPNAT - ok
20:37:34.0164 3256 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:37:34.0180 3256 IRENUM - ok
20:37:34.0206 3256 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:37:34.0215 3256 isapnp - ok
20:37:34.0247 3256 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:37:34.0260 3256 iScsiPrt - ok
20:37:34.0279 3256 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:37:34.0289 3256 kbdclass - ok
20:37:34.0312 3256 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:37:34.0322 3256 kbdhid - ok
20:37:34.0343 3256 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:34.0354 3256 KeyIso - ok
20:37:34.0374 3256 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:37:34.0385 3256 KSecDD - ok
20:37:34.0413 3256 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:37:34.0425 3256 KSecPkg - ok
20:37:34.0443 3256 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:37:34.0473 3256 ksthunk - ok
20:37:34.0509 3256 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:37:34.0543 3256 KtmRm - ok
20:37:34.0572 3256 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:37:34.0608 3256 LanmanServer - ok
20:37:34.0640 3256 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:37:34.0681 3256 LanmanWorkstation - ok
20:37:34.0711 3256 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
20:37:34.0719 3256 lirsgt - ok
20:37:34.0734 3256 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:37:34.0764 3256 lltdio - ok
20:37:34.0794 3256 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:37:34.0827 3256 lltdsvc - ok
20:37:34.0834 3256 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:37:34.0869 3256 lmhosts - ok
20:37:34.0902 3256 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:37:34.0912 3256 LSI_FC - ok
20:37:34.0928 3256 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:37:34.0939 3256 LSI_SAS - ok
20:37:34.0952 3256 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:37:34.0962 3256 LSI_SAS2 - ok
20:37:34.0978 3256 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:37:34.0988 3256 LSI_SCSI - ok
20:37:35.0012 3256 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:37:35.0046 3256 luafv - ok
20:37:35.0106 3256 LVcKap64 (3c7a54ae999841f30e4648e0de9e4b46) C:\Windows\system32\DRIVERS\LVcKap64.sys
20:37:35.0128 3256 LVcKap64 - ok
20:37:35.0206 3256 LVMVDrv (d621d1c9650a5add39c64047fcf860a5) C:\Windows\system32\DRIVERS\LVMVDrv.sys
20:37:35.0242 3256 LVMVDrv - ok
20:37:35.0298 3256 LVPr2Mon (e379cb87bf2dc0787d825d4cb91c27a8) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
20:37:35.0307 3256 LVPr2Mon - ok
20:37:35.0343 3256 LVPrcS64 (df8b20bbec546d94cecf75c48a596aec) c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
20:37:35.0353 3256 LVPrcS64 - ok
20:37:35.0373 3256 LVSrvLauncher (65e0ec0338c9ade32d044a8cc18c147b) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
20:37:35.0383 3256 LVSrvLauncher - ok
20:37:35.0397 3256 LVUSBS64 (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\drivers\LVUSBS64.sys
20:37:35.0406 3256 LVUSBS64 - ok
20:37:35.0421 3256 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
20:37:35.0432 3256 ManyCam - ok
20:37:35.0452 3256 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
20:37:35.0462 3256 MBAMProtector - ok
20:37:35.0531 3256 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:37:35.0546 3256 MBAMService - ok
20:37:35.0585 3256 mcdevice (3cd0d8fc5fe6f7ae85ac8b818f9029b4) C:\Windows\system32\DRIVERS\mcdevice.sys
20:37:35.0601 3256 mcdevice - ok
20:37:35.0634 3256 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:37:35.0648 3256 Mcx2Svc - ok
20:37:35.0677 3256 MDM (e416e967e3fb6fb1e9ae12b9c7dab526) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
20:37:35.0684 3256 MDM ( UnsignedFile.Multi.Generic ) - warning
20:37:35.0684 3256 MDM - detected UnsignedFile.Multi.Generic (1)
20:37:35.0705 3256 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:37:35.0714 3256 megasas - ok
20:37:35.0736 3256 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:37:35.0749 3256 MegaSR - ok
20:37:35.0790 3256 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:37:35.0821 3256 MMCSS - ok
20:37:35.0835 3256 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:37:35.0868 3256 Modem - ok
20:37:35.0889 3256 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:37:35.0907 3256 monitor - ok
20:37:35.0934 3256 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:37:35.0944 3256 mouclass - ok
20:37:35.0963 3256 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:37:35.0973 3256 mouhid - ok
20:37:35.0997 3256 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:37:36.0009 3256 mountmgr - ok
20:37:36.0040 3256 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:37:36.0050 3256 MozillaMaintenance - ok
20:37:36.0079 3256 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:37:36.0093 3256 mpio - ok
20:37:36.0114 3256 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:37:36.0145 3256 mpsdrv - ok
20:37:36.0188 3256 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:37:36.0225 3256 MpsSvc - ok
20:37:36.0256 3256 MRV6X64U (7e997df71cd2dd5cf0d3d07b8d8e798c) C:\Windows\system32\DRIVERS\WN111x.sys
20:37:36.0268 3256 MRV6X64U - ok
20:37:36.0274 3256 Mrvleap - ok
20:37:36.0308 3256 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:37:36.0326 3256 MRxDAV - ok
20:37:36.0358 3256 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:37:36.0370 3256 mrxsmb - ok
20:37:36.0404 3256 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:37:36.0417 3256 mrxsmb10 - ok
20:37:36.0428 3256 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:37:36.0440 3256 mrxsmb20 - ok
20:37:36.0464 3256 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:37:36.0474 3256 msahci - ok
20:37:36.0498 3256 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:37:36.0509 3256 msdsm - ok
20:37:36.0540 3256 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:37:36.0552 3256 MSDTC - ok
20:37:36.0576 3256 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:37:36.0609 3256 Msfs - ok
20:37:36.0623 3256 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:37:36.0654 3256 mshidkmdf - ok
20:37:36.0688 3256 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:37:36.0698 3256 msisadrv - ok
20:37:36.0724 3256 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:37:36.0757 3256 MSiSCSI - ok
20:37:36.0763 3256 msiserver - ok
20:37:36.0780 3256 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:37:36.0810 3256 MSKSSRV - ok
20:37:36.0827 3256 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:37:36.0860 3256 MSPCLOCK - ok
20:37:36.0870 3256 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:37:36.0903 3256 MSPQM - ok
20:37:36.0939 3256 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:37:36.0953 3256 MsRPC - ok
20:37:36.0972 3256 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:37:36.0981 3256 mssmbios - ok
20:37:37.0003 3256 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:37:37.0035 3256 MSTEE - ok
20:37:37.0048 3256 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:37:37.0059 3256 MTConfig - ok
20:37:37.0083 3256 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
20:37:37.0095 3256 MTsensor - ok
20:37:37.0106 3256 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:37:37.0116 3256 Mup - ok
20:37:37.0149 3256 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:37:37.0183 3256 napagent - ok
20:37:37.0205 3256 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:37:37.0223 3256 NativeWifiP - ok
20:37:37.0260 3256 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:37:37.0281 3256 NDIS - ok
20:37:37.0296 3256 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:37:37.0327 3256 NdisCap - ok
20:37:37.0336 3256 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:37:37.0370 3256 NdisTapi - ok
20:37:37.0390 3256 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:37:37.0421 3256 Ndisuio - ok
20:37:37.0447 3256 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:37:37.0477 3256 NdisWan - ok
20:37:37.0487 3256 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:37:37.0518 3256 NDProxy - ok
20:37:37.0535 3256 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:37:37.0568 3256 NetBIOS - ok
20:37:37.0586 3256 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:37:37.0621 3256 NetBT - ok
20:37:37.0649 3256 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:37.0659 3256 Netlogon - ok
20:37:37.0688 3256 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:37:37.0722 3256 Netman - ok
20:37:37.0773 3256 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:37:37.0807 3256 netprofm - ok
20:37:37.0866 3256 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:37:37.0876 3256 NetTcpPortSharing - ok
20:37:37.0895 3256 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:37:37.0905 3256 nfrd960 - ok
20:37:37.0939 3256 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:37:37.0971 3256 NlaSvc - ok
20:37:37.0985 3256 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:37:38.0015 3256 Npfs - ok
20:37:38.0030 3256 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:37:38.0060 3256 nsi - ok
20:37:38.0078 3256 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:37:38.0111 3256 nsiproxy - ok
20:37:38.0197 3256 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:37:38.0227 3256 Ntfs - ok
20:37:38.0288 3256 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:37:38.0318 3256 Null - ok
20:37:38.0683 3256 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:37:38.0863 3256 nvlddmkm - ok
20:37:38.0927 3256 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:37:38.0937 3256 nvraid - ok
20:37:38.0957 3256 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:37:38.0969 3256 nvstor - ok
20:37:39.0019 3256 NVSvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe
20:37:39.0040 3256 NVSvc - ok
20:37:39.0151 3256 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:37:39.0187 3256 nvUpdatusService - ok
20:37:39.0265 3256 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:37:39.0276 3256 nv_agp - ok
20:37:39.0302 3256 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:37:39.0313 3256 ohci1394 - ok
20:37:39.0428 3256 OODefragAgent (f5115921cac7a3a025e9db85b5f67604) C:\Program Files\OO Software\Defrag\oodag.exe
20:37:39.0473 3256 OODefragAgent - ok
20:37:39.0571 3256 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:37:39.0585 3256 p2pimsvc - ok
20:37:39.0616 3256 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:37:39.0631 3256 p2psvc - ok
20:37:39.0657 3256 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:37:39.0669 3256 Parport - ok
20:37:39.0693 3256 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:37:39.0703 3256 partmgr - ok
20:37:39.0720 3256 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:37:39.0737 3256 PcaSvc - ok
20:37:39.0759 3256 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:37:39.0771 3256 pci - ok
20:37:39.0781 3256 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:37:39.0791 3256 pciide - ok
20:37:39.0811 3256 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:37:39.0823 3256 pcmcia - ok
20:37:39.0834 3256 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:37:39.0847 3256 pcw - ok
20:37:39.0875 3256 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:37:39.0915 3256 PEAUTH - ok
20:37:39.0973 3256 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
20:37:39.0999 3256 PeerDistSvc - ok
20:37:40.0051 3256 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:37:40.0063 3256 PerfHost - ok
20:37:40.0165 3256 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:37:40.0207 3256 pla - ok
20:37:40.0247 3256 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:37:40.0262 3256 PlugPlay - ok
20:37:40.0283 3256 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:37:40.0293 3256 PNRPAutoReg - ok
20:37:40.0320 3256 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:37:40.0333 3256 PNRPsvc - ok
20:37:40.0363 3256 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:37:40.0399 3256 PolicyAgent - ok
20:37:40.0423 3256 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:37:40.0461 3256 Power - ok
20:37:40.0504 3256 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:37:40.0534 3256 PptpMiniport - ok
20:37:40.0551 3256 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:37:40.0561 3256 Processor - ok
20:37:40.0597 3256 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:37:40.0614 3256 ProfSvc - ok
20:37:40.0637 3256 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:40.0648 3256 ProtectedStorage - ok
20:37:40.0666 3256 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:37:40.0696 3256 Psched - ok
20:37:40.0759 3256 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:37:40.0787 3256 ql2300 - ok
20:37:40.0851 3256 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:37:40.0865 3256 ql40xx - ok
20:37:40.0895 3256 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:37:40.0913 3256 QWAVE - ok
20:37:40.0927 3256 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:37:40.0942 3256 QWAVEdrv - ok
20:37:40.0955 3256 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:37:40.0989 3256 RasAcd - ok
20:37:41.0021 3256 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:37:41.0051 3256 RasAgileVpn - ok
20:37:41.0076 3256 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:37:41.0110 3256 RasAuto - ok
20:37:41.0127 3256 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:37:41.0157 3256 Rasl2tp - ok
20:37:41.0186 3256 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:37:41.0218 3256 RasMan - ok
20:37:41.0232 3256 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:37:41.0265 3256 RasPppoe - ok
20:37:41.0277 3256 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:37:41.0308 3256 RasSstp - ok
20:37:41.0324 3256 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:37:41.0358 3256 rdbss - ok
20:37:41.0369 3256 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:37:41.0383 3256 rdpbus - ok
20:37:41.0395 3256 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:37:41.0425 3256 RDPCDD - ok
20:37:41.0451 3256 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:37:41.0462 3256 RDPDR - ok
20:37:41.0470 3256 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:37:41.0500 3256 RDPENCDD - ok
20:37:41.0507 3256 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:37:41.0540 3256 RDPREFMP - ok
20:37:41.0581 3256 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:37:41.0591 3256 RdpVideoMiniport - ok
20:37:41.0627 3256 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:37:41.0639 3256 RDPWD - ok
20:37:41.0665 3256 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:37:41.0677 3256 rdyboost - ok
20:37:41.0703 3256 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:37:41.0735 3256 RemoteAccess - ok
20:37:41.0763 3256 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:37:41.0795 3256 RemoteRegistry - ok
20:37:41.0813 3256 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:37:41.0845 3256 RpcEptMapper - ok
20:37:41.0861 3256 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:37:41.0876 3256 RpcLocator - ok
20:37:41.0905 3256 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:37:41.0943 3256 RpcSs - ok
20:37:41.0970 3256 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:37:42.0001 3256 rspndr - ok
20:37:42.0033 3256 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:37:42.0046 3256 RTL8167 - ok
20:37:42.0076 3256 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
20:37:42.0087 3256 s3cap - ok
20:37:42.0111 3256 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:42.0122 3256 SamSs - ok
20:37:42.0143 3256 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:37:42.0153 3256 sbp2port - ok
20:37:42.0180 3256 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:37:42.0214 3256 SCardSvr - ok
20:37:42.0237 3256 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:37:42.0266 3256 scfilter - ok
20:37:42.0320 3256 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:37:42.0363 3256 Schedule - ok
20:37:42.0386 3256 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:37:42.0415 3256 SCPolicySvc - ok
20:37:42.0435 3256 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:37:42.0447 3256 SDRSVC - ok
20:37:42.0488 3256 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:37:42.0518 3256 secdrv - ok
20:37:42.0545 3256 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:37:42.0576 3256 seclogon - ok
20:37:42.0607 3256 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:37:42.0640 3256 SENS - ok
20:37:42.0659 3256 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:37:42.0672 3256 SensrSvc - ok
20:37:42.0687 3256 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:37:42.0697 3256 Serenum - ok
20:37:42.0714 3256 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:37:42.0725 3256 Serial - ok
20:37:42.0750 3256 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:37:42.0760 3256 sermouse - ok
20:37:42.0802 3256 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:37:42.0832 3256 SessionEnv - ok
20:37:42.0851 3256 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:37:42.0866 3256 sffdisk - ok
20:37:42.0881 3256 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:37:42.0894 3256 sffp_mmc - ok
20:37:42.0911 3256 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:37:42.0923 3256 sffp_sd - ok
20:37:42.0942 3256 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:37:42.0953 3256 sfloppy - ok
20:37:42.0986 3256 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:37:43.0021 3256 SharedAccess - ok
20:37:43.0056 3256 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:37:43.0088 3256 ShellHWDetection - ok
20:37:43.0107 3256 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:37:43.0116 3256 SiSRaid2 - ok
20:37:43.0137 3256 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:37:43.0146 3256 SiSRaid4 - ok
20:37:43.0199 3256 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:37:43.0209 3256 SkypeUpdate - ok
20:37:43.0225 3256 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:37:43.0255 3256 Smb - ok
20:37:43.0282 3256 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:37:43.0293 3256 SNMPTRAP - ok
20:37:43.0309 3256 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:37:43.0319 3256 spldr - ok
20:37:43.0356 3256 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:37:43.0391 3256 Spooler - ok
20:37:43.0507 3256 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:37:43.0571 3256 sppsvc - ok
20:37:43.0651 3256 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:37:43.0685 3256 sppuinotify - ok
20:37:43.0740 3256 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
20:37:43.0759 3256 sptd - ok
20:37:43.0793 3256 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:37:43.0807 3256 srv - ok
20:37:43.0838 3256 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:37:43.0856 3256 srv2 - ok
20:37:43.0877 3256 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:37:43.0889 3256 srvnet - ok
20:37:43.0917 3256 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
20:37:43.0931 3256 ssadbus - ok
20:37:43.0940 3256 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
20:37:43.0950 3256 ssadmdfl - ok
20:37:43.0964 3256 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
20:37:43.0981 3256 ssadmdm - ok
20:37:44.0005 3256 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
20:37:44.0017 3256 sscdbus - ok
20:37:44.0032 3256 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:37:44.0040 3256 sscdmdfl - ok
20:37:44.0071 3256 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
20:37:44.0081 3256 sscdmdm - ok
20:37:44.0114 3256 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:37:44.0147 3256 SSDPSRV - ok
20:37:44.0162 3256 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:37:44.0196 3256 SstpSvc - ok
20:37:44.0233 3256 Steam Client Service - ok
20:37:44.0279 3256 Stereo Service (6086b60f2e36d06a063cb07ed0524332) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:37:44.0293 3256 Stereo Service - ok
20:37:44.0315 3256 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:37:44.0325 3256 stexstor - ok
20:37:44.0364 3256 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:37:44.0386 3256 stisvc - ok
20:37:44.0412 3256 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
20:37:44.0422 3256 storflt - ok
20:37:44.0438 3256 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
20:37:44.0448 3256 storvsc - ok
20:37:44.0475 3256 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:37:44.0484 3256 swenum - ok
20:37:44.0518 3256 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:37:44.0553 3256 swprv - ok
20:37:44.0562 3256 Synth3dVsc - ok
20:37:44.0635 3256 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:37:44.0668 3256 SysMain - ok
20:37:44.0734 3256 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:37:44.0750 3256 TabletInputService - ok
20:37:44.0777 3256 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:37:44.0810 3256 TapiSrv - ok
20:37:44.0830 3256 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:37:44.0867 3256 TBS - ok
20:37:44.0941 3256 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:37:44.0974 3256 Tcpip - ok
20:37:45.0066 3256 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:37:45.0098 3256 TCPIP6 - ok
20:37:45.0158 3256 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:37:45.0189 3256 tcpipreg - ok
20:37:45.0219 3256 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:37:45.0229 3256 TDPIPE - ok
20:37:45.0255 3256 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:37:45.0264 3256 TDTCP - ok
20:37:45.0293 3256 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:37:45.0323 3256 tdx - ok
20:37:45.0345 3256 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:37:45.0355 3256 TermDD - ok
20:37:45.0387 3256 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:37:45.0423 3256 TermService - ok
20:37:45.0441 3256 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:37:45.0457 3256 Themes - ok
20:37:45.0480 3256 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:37:45.0512 3256 THREADORDER - ok
20:37:45.0533 3256 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:37:45.0567 3256 TrkWks - ok
20:37:45.0610 3256 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:37:45.0641 3256 TrustedInstaller - ok
20:37:45.0680 3256 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:37:45.0709 3256 tssecsrv - ok
20:37:45.0728 3256 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:37:45.0738 3256 TsUsbFlt - ok
20:37:45.0747 3256 tsusbhub - ok
20:37:45.0767 3256 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:37:45.0798 3256 tunnel - ok
20:37:45.0824 3256 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:37:45.0834 3256 uagp35 - ok
20:37:45.0866 3256 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:37:45.0898 3256 udfs - ok
20:37:45.0934 3256 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:37:45.0946 3256 UI0Detect - ok
20:37:45.0967 3256 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:37:45.0977 3256 uliagpkx - ok
20:37:45.0999 3256 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:37:46.0010 3256 umbus - ok
20:37:46.0030 3256 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:37:46.0040 3256 UmPass - ok
20:37:46.0068 3256 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
20:37:46.0082 3256 UmRdpService - ok
20:37:46.0117 3256 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:37:46.0151 3256 upnphost - ok
20:37:46.0180 3256 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:37:46.0193 3256 usbaudio - ok
20:37:46.0220 3256 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:37:46.0231 3256 usbccgp - ok
20:37:46.0257 3256 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:37:46.0271 3256 usbcir - ok
20:37:46.0288 3256 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:37:46.0298 3256 usbehci - ok
20:37:46.0323 3256 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:37:46.0336 3256 usbhub - ok
20:37:46.0349 3256 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:37:46.0362 3256 usbohci - ok
20:37:46.0378 3256 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:37:46.0390 3256 usbprint - ok
20:37:46.0413 3256 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:37:46.0428 3256 usbscan - ok
20:37:46.0450 3256 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:37:46.0461 3256 USBSTOR - ok
20:37:46.0481 3256 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:37:46.0491 3256 usbuhci - ok
20:37:46.0517 3256 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:37:46.0552 3256 UxSms - ok
20:37:46.0572 3256 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:37:46.0583 3256 VaultSvc - ok
20:37:46.0605 3256 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
20:37:46.0619 3256 VClone - ok
20:37:46.0641 3256 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:37:46.0650 3256 vdrvroot - ok
20:37:46.0684 3256 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:37:46.0720 3256 vds - ok
20:37:46.0736 3256 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:37:46.0749 3256 vga - ok
20:37:46.0771 3256 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:37:46.0801 3256 VgaSave - ok
20:37:46.0809 3256 VGPU - ok
20:37:46.0840 3256 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:37:46.0853 3256 vhdmp - ok
20:37:46.0916 3256 VIAHdAudAddService (627270f2103d41086bab9675a3315dab) C:\Windows\system32\drivers\viahduaa.sys
20:37:46.0940 3256 VIAHdAudAddService - ok
20:37:46.0962 3256 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:37:46.0972 3256 viaide - ok
20:37:46.0994 3256 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
20:37:47.0006 3256 vmbus - ok
20:37:47.0019 3256 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
20:37:47.0029 3256 VMBusHID - ok
20:37:47.0047 3256 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:37:47.0057 3256 volmgr - ok
20:37:47.0100 3256 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:37:47.0117 3256 volmgrx - ok
20:37:47.0139 3256 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:37:47.0152 3256 volsnap - ok
20:37:47.0180 3256 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:37:47.0193 3256 vsmraid - ok
20:37:47.0252 3256 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:37:47.0297 3256 VSS - ok
20:37:47.0363 3256 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
20:37:47.0376 3256 vwifibus - ok
20:37:47.0411 3256 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:37:47.0445 3256 W32Time - ok
20:37:47.0461 3256 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:37:47.0473 3256 WacomPen - ok
20:37:47.0501 3256 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:47.0530 3256 WANARP - ok
20:37:47.0537 3256 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:37:47.0570 3256 Wanarpv6 - ok
20:37:47.0638 3256 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:37:47.0665 3256 wbengine - ok
20:37:47.0729 3256 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:37:47.0748 3256 WbioSrvc - ok
20:37:47.0780 3256 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:37:47.0799 3256 wcncsvc - ok
20:37:47.0815 3256 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:37:47.0827 3256 WcsPlugInService - ok
20:37:47.0861 3256 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:37:47.0870 3256 Wd - ok
20:37:47.0907 3256 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:37:47.0925 3256 Wdf01000 - ok
20:37:47.0945 3256 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:37:47.0961 3256 WdiServiceHost - ok
20:37:47.0968 3256 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:37:47.0984 3256 WdiSystemHost - ok
20:37:48.0020 3256 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:37:48.0039 3256 WebClient - ok
20:37:48.0063 3256 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:37:48.0097 3256 Wecsvc - ok
20:37:48.0113 3256 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:37:48.0145 3256 wercplsupport - ok
20:37:48.0158 3256 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:37:48.0191 3256 WerSvc - ok
20:37:48.0221 3256 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:37:48.0254 3256 WfpLwf - ok
20:37:48.0270 3256 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:37:48.0280 3256 WIMMount - ok
20:37:48.0309 3256 WinDefend - ok
20:37:48.0320 3256 WinHttpAutoProxySvc - ok
20:37:48.0367 3256 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:37:48.0399 3256 Winmgmt - ok
20:37:48.0472 3256 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:37:48.0521 3256 WinRM - ok
20:37:48.0603 3256 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:37:48.0618 3256 WinUsb - ok
20:37:48.0665 3256 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:37:48.0688 3256 Wlansvc - ok
20:37:48.0788 3256 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:37:48.0825 3256 wlidsvc - ok
20:37:48.0872 3256 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:37:48.0882 3256 WmiAcpi - ok
20:37:48.0935 3256 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:37:48.0947 3256 wmiApSrv - ok
20:37:48.0992 3256 WMPNetworkSvc - ok
20:37:49.0018 3256 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:37:49.0029 3256 WPCSvc - ok
20:37:49.0052 3256 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:37:49.0065 3256 WPDBusEnum - ok
20:37:49.0086 3256 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:37:49.0121 3256 ws2ifsl - ok
20:37:49.0137 3256 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:37:49.0154 3256 wscsvc - ok
20:37:49.0163 3256 WSearch - ok
20:37:49.0248 3256 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:37:49.0288 3256 wuauserv - ok
20:37:49.0358 3256 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:37:49.0394 3256 WudfPf - ok
20:37:49.0416 3256 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:37:49.0446 3256 WUDFRd - ok
20:37:49.0465 3256 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:37:49.0496 3256 wudfsvc - ok
20:37:49.0520 3256 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:37:49.0539 3256 WwanSvc - ok
20:37:49.0575 3256 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
20:37:49.0585 3256 xusb21 - ok
20:37:49.0642 3256 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:37:50.0004 3256 \Device\Harddisk0\DR0 - ok
20:37:50.0032 3256 Boot (0x1200) (a8daa5bbe0338988c8ec78cc5efacb29) \Device\Harddisk0\DR0\Partition0
20:37:50.0034 3256 \Device\Harddisk0\DR0\Partition0 - ok
20:37:50.0048 3256 Boot (0x1200) (b6bf3c3e04125ad57fa0a93e61f8ae03) \Device\Harddisk0\DR0\Partition1
20:37:50.0049 3256 \Device\Harddisk0\DR0\Partition1 - ok
20:37:50.0073 3256 Boot (0x1200) (0ea0da12b8e6f16b81d487956f25d54e) \Device\Harddisk0\DR0\Partition2
20:37:50.0074 3256 \Device\Harddisk0\DR0\Partition2 - ok
20:37:50.0085 3256 Boot (0x1200) (ab90189e4e14e12dce2196eba134cfe4) \Device\Harddisk0\DR0\Partition3
20:37:50.0086 3256 \Device\Harddisk0\DR0\Partition3 - ok
20:37:50.0089 3256 ============================================================
20:37:50.0089 3256 Scan finished
20:37:50.0089 3256 ============================================================
20:37:50.0096 2804 Detected object count: 1
20:37:50.0096 2804 Actual detected object count: 1
20:37:59.0593 2804 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
20:37:59.0593 2804 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
21.06.2012, 19:54
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2010-4452.BG + Email gehackt? Was tun? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.06.2012, 07:43
| #14 |
| | EXP/CVE-2010-4452.BG + Email gehackt? Was tun? Combofix Logfile: Code:
ATTFilter ComboFix 12-06-21.02 - VuN 21.06.2012 23:11:52.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4095.2898 [GMT 2:00]
ausgeführt von:: c:\users\VuN\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-22 bis 2012-06-22 ))))))))))))))))))))))))))))))
.
.
2012-06-21 18:21 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 18:21 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 18:21 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 18:21 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 18:21 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 18:21 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 18:21 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 18:21 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 18:21 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 18:02 . 2012-06-20 18:02 -------- d-----w- C:\_OTL
2012-06-18 21:04 . 2012-06-18 21:04 -------- d-----w- c:\program files (x86)\ESET
2012-06-17 10:59 . 2012-06-17 10:59 -------- d-----w- c:\program files (x86)\MozBackup
2012-06-16 15:47 . 2012-06-16 15:49 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-16 15:47 . 2012-06-16 15:47 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-06-16 10:15 . 2012-06-16 10:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-16 10:15 . 2012-06-16 10:15 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-16 10:13 . 2012-06-16 10:13 -------- d-----w- c:\program files\Java
2012-06-15 20:48 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3952FE24-B6AD-4A8C-9B15-36A442645FBF}\mpengine.dll
2012-06-14 23:46 . 2012-06-16 19:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 23:46 . 2012-06-16 19:15 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 10:13 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-09 11:53 . 2012-06-09 11:53 -------- d-----w- c:\users\VuN\AppData\Local\Macromedia
2012-05-28 14:35 . 2012-05-28 14:35 -------- d-----w- c:\users\VuN\AppData\Roaming\LolClient2
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-16 10:15 . 2010-12-03 13:32 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-16 10:13 . 2012-05-20 17:05 955840 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-16 10:13 . 2011-09-21 15:03 839096 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-08 19:41 . 2012-04-22 18:20 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 19:41 . 2012-04-22 18:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-05-04 20:19 . 2012-03-30 11:19 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 13:56 . 2011-01-09 14:19 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-10 15:01 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"LDM"="c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2011-10-29 16384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"LogitechCommunicationsManager"="c:\program files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files (x86)\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\VuN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MultiSkypeLauncher.lnk - c:\program files (x86)\MultiSkypeLauncher\MultiSkypeLauncher.exe [2011-6-13 114176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2011-10-29 169472]
NETGEAR WN111 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WN111\wn111.exe [2008-4-1 2502656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 173344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [x]
R3 mcdevice;mcdevice;c:\windows\system32\DRIVERS\mcdevice.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-09-10 3065160]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);c:\windows\system32\DRIVERS\WN111x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 19:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-09-10 4041032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\system32\blank.htm
Trusted Zone: microsoft.com)\fai.music.metaservices
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5e59474200000000000000195b551786
FF - user.js: extensions.BabylonToolbar_i.hardId - 5e59474200000000000000195b551786
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15507
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:43
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1435813945-2107367148-2769172061-1000\Software\SecuROM\License information*]
"datasecu"=hex:46,7c,e3,d9,f1,1f,06,3c,ee,5a,38,35,7a,53,ce,81,4c,b8,ca,59,a1,
45,75,f1,a8,aa,13,43,91,3e,1a,db,3e,d3,68,3f,47,ae,f7,ce,7e,c1,8f,1e,03,88,\
"rkeysecu"=hex:bb,6e,1e,e3,89,67,51,33,1d,60,84,81,bd,19,c6,ad
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="1C8132558822EDDB8A195AE2E7AD8737831FD61C9003A75EC0E34609D115486D59EBAF42C3CF08E1CC5D4F9978875D00D3F22EBB76F61DC21280986B90CACD608810CFCF0347C9DFE0809FCC61FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555A6A0AC4980AC7933A6171C11EC38DE3DF1C22A6820FA928B7B8A2F2B94B79A85578F722EF01069BDD75B49853746505AAC75EB2B85E2AC74007E8A4AB5B9C006262FE9559B4B1B2E5B139C71C9EE96BB12233F2BE3D06114D429CF800ABA97DD2DF10DBB4CB7F1062CD56918B3F9F5106F88113E55194D30C5417609FB1F19C6DBAE7A215D66DB957A3719DFE0C476595495B3137586B3A366B45AF678BCDD1064EBB69A2DDAEEC039FC770441A0C633156CDAA665D7F9DC89A4B72D725F251D3CEA28159E8C61FE9F233593C8513649C965A1CDC9BC285CCA63B265DC4652E49C1A9A4B976890DEA9D6666FEE92BADECE0D83B04BDE6F3A047BCF2BB3236C7406A0BDD0044EFBFD947A83CFAE8E6CC6C421644A95D49F20D9A9FB61741F9DE83957A40C5211C61265A469BF08E7096C8E1608EB5BAE2F4C2FDB83BA21D2B476BBCBC6B3747A3962E1A1571EFEB2714C55931737CEEDB7912D3919C13C4FA5E45940FED860C4BF4D16ED721C1B78297784742125AB0977D44219D352D396878E1EA90F5B92A269C0503C43C2E7B6D914CBC89602AB6950129F092E1C729F93E25E32177209B46A43A474B66A75DDD05922534CEB106CC75739480626AB562965AFB52126C5959A6B6A309B4456D37F963D0D7C599E6508C4C8CB1E4793984D2D6BC79655505076E4BBBD285123EFF8AC9820C30F201ADE934BBB9CAEC33AA366302D4831B2E41D727720F3697880F790766D24AADFC3BF8C82F58B5ADB82F9CFDF5E68C0FBC7D3E5420E7AB673C5D8CBDA87039BAF11BD8D730A5A217C2BBD3C210A10DB3F6001A982719DB73A769BFA0CB52A26E2A41489663D5BA9C9640113DD913932910B31386369214072B966CF18F3C5E05393A10768064373EF517C4F440B44448E98932354C7AD76C8AC818F4DF16738DC67E720CB132ECC1B088A81C6BE73E8D5CB7D0D88934F55ECE1D914C113066BE0200B03A5C49ADBFC14A9CB9AAAEE49085D66B0768676AB125D804A4C6E790FC42ED6F04EAD69994BF3FC663B80C1624E7968D7D811779BEF97AAB38950000BEE77B8C16319E252C01CCB9AE526DB07D0BFC564B0D30B9C43FD30645A38B91BCC57C1DEC682B02719F100C91D3410DC3FC3614ABFA64D79CAF28E86E1582E4D519A29479C98DF8B1852296626F916DDCC8E43918D92BED0C9C9E6D7871AC5876D83480D4D42E449020AF9788CF509D7AE1B1757E5574495094CFD29F8174D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-22 08:24:45 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-22 06:24
.
Vor Suchlauf: 12 Verzeichnis(se), 65.805.144.064 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 63.997.652.992 Bytes frei
.
- - End Of File - - 71F7615C8D48DABD861F3C6159FE9952
|
|
22.06.2012, 10:44
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/CVE-2010-4452.BG + Email gehackt? Was tun? Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Firefox::
FF - ProfilePath - c:\users\VuN\AppData\Roaming\Mozilla\Firefox\Profiles\6etmbr70.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109958&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 5e59474200000000000000195b551786
FF - user.js: extensions.BabylonToolbar_i.hardId - 5e59474200000000000000195b551786
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15507
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:43
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu EXP/CVE-2010-4452.BG + Email gehackt? Was tun? |
| 7-zip, bho, dateisystem, desktop, device driver, email, email gehackt, error, exp/cve-2010-4452.bg, fehler, flash player, google, helper.exe, heuristiks/extra, heuristiks/shuriken, hijack, hijackthis, jdownloader, langs, league of legends, logfile, mozilla, mp3, msvcr80.dll, netgear, nt.dll, nvidia update, plug-in, programm, realtek, registry, scan, searchscopes, security, software, svchost.exe, teamspeak, usb, usb 2.0, verweise, vista, warnung, windows |
Button.
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
