| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: S.M.A.R.T. Repair & Google Redirect-Trojaner/VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
03.07.2012, 23:21
| #1 |
 |  S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus Hallo allerseits, ich habe ein Problem mit meinem Laptop! Und zwar sind bei mir ganz plötzlich alle Programme abgestürzt und ich bekam jede Menge Fehlermeldungen à la "Teile der Festplatte sind defekt", "Schreib- und Lesefehler in C:\" usw. (den genauen Wortlaut weiß ich leider nicht mehr). Gleichzeitig hat sich das Programm S.M.A.R.T. Repair / Data Revocery geöffnet, einen Systemcheck durchgeführt und sämtliche Fehler gefunden. Daraufhin hab ich mir einige Anleitungen durchgelesen (u.a. in diesem Forum), wie man dieses Programm wieder entfernt. Nach mehreren Neustarts waren dann auch alle Dateien auf meinem Computer wieder sichtbar, jedoch bekam ich nach jedem Neustart eine Meldung von AntiVir, dass sich auf den Laufwerken C:, D: und W: ein Virus befindet (BOO/TDss.O). Mittlerweile bin ich auf avast Antivirus umgestiegen und habe eine Startzeitüberprüfung durchführen lassen. Dabei kam die Meldung "Datei MBR 0 ist infiziert von MBR:Alureon-L [Rtk]". Mir ist außerdem noch aufgefallen, dass ich mitunter auf Websiten wie z.B. haveme.com weitergeleitet werde, wenn ich auf ein Suchergebnis bei Google klicke. Hier sind meine Logs: defogger defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:49 on 03/07/2012 (Patrick)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL OTL.txt Code:
ATTFilter OTL logfile created on: 7/3/2012 11:54:56 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Patrick\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.79 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 65.09% Memory free 7.59 Gb Paging File | 6.17 Gb Available in Paging File | 81.33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 172.79 Gb Total Space | 103.44 Gb Free Space | 59.86% Space Free | Partition Type: NTFS Drive D: | 113.19 Gb Total Space | 8.45 Gb Free Space | 7.46% Space Free | Partition Type: NTFS Drive W: | 12.00 Gb Total Space | 3.84 Gb Free Space | 31.97% Space Free | Partition Type: NTFS Computer Name: PATRICKS | User Name: Patrick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/03 23:52:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe PRC - [2012/06/28 14:51:53 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/06/28 14:51:51 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/06/28 14:51:48 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe PRC - [2012/01/08 10:39:06 | 000,035,328 | ---- | M] (NirSoft) -- C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009/10/01 06:01:32 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/10/01 06:01:30 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/07/10 00:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/06/28 14:51:53 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012/06/28 14:51:48 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV:64bit: - [2010/01/08 13:34:01 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 03:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr) SRV - [2012/06/18 14:45:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/12/16 16:26:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0) SRV - [2011/12/16 16:26:22 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer) SRV - [2011/12/01 21:55:08 | 000,069,632 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Connectify\ConnectifyService.exe -- (Connectify) SRV - [2011/07/29 21:31:40 | 001,249,064 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer) SRV - [2011/05/29 04:12:16 | 000,075,136 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010/10/13 20:36:44 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009/10/01 06:01:32 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009/10/01 06:01:30 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/07/10 00:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/07/03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/07/03 18:21:52 | 000,266,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2) DRV:64bit: - [2012/07/03 18:21:52 | 000,142,128 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:64bit: - [2012/07/03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/07/03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/07/03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/07/03 18:21:52 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012/07/03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/06/27 22:33:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis) DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.) DRV:64bit: - [2012/02/24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:64bit: - [2012/02/24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:64bit: - [2012/01/18 14:04:14 | 000,031,344 | ---- | M] (Connectify) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cnnctfy2.sys -- (cnnctfy2) DRV:64bit: - [2011/12/08 06:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2011/12/08 06:22:36 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) DRV:64bit: - [2011/12/08 06:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2011/12/08 06:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2011/12/08 06:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2011/12/08 06:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) DRV:64bit: - [2011/12/08 06:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) DRV:64bit: - [2011/12/08 06:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb) DRV:64bit: - [2011/12/08 06:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter) DRV:64bit: - [2011/06/27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/04 16:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/09/02 09:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt) DRV:64bit: - [2010/09/02 09:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet) DRV:64bit: - [2010/03/04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/02/10 09:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/01/28 04:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/01/08 13:55:30 | 006,232,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010/01/08 13:55:30 | 006,232,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010/01/08 12:41:42 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd) DRV:64bit: - [2010/01/08 12:40:57 | 000,160,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/01/07 21:51:38 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2009/12/16 04:12:25 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009/12/05 03:50:22 | 000,087,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EUCR6SK.sys -- (EUCR) DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009/08/28 10:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 23:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/26 23:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2011/01/04 16:11:16 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006/07/24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F1A148D2-8D6B-4736-91DD-AED78EACF3C8} IE:64bit: - HKLM\..\SearchScopes\{F1A148D2-8D6B-4736-91DD-AED78EACF3C8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {A7172603-AD3C-4D75-B502-E98AC72B540D} IE - HKLM\..\SearchScopes\{A7172603-AD3C-4D75-B502-E98AC72B540D}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msmiq.com/(S(cmjgqi45joflms55soqm2oiq))/default.aspx?language=de-de IE - HKCU\..\SearchScopes,DefaultScope = {A7172603-AD3C-4D75-B502-E98AC72B540D} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Patrick\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/15 04:57:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/03 23:17:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/18 14:45:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 00:32:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/28 19:54:16 | 000,000,000 | ---D | M] [2011/02/02 09:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions [2011/02/02 09:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/09/17 23:24:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012/07/03 19:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\55rk036k.default\extensions [2012/05/11 03:31:02 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\55rk036k.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2010/09/18 02:03:30 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\55rk036k.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC} [2012/05/29 00:52:33 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\55rk036k.default\extensions\battlefieldheroespatcher@ea.com [2012/05/18 19:45:48 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Patrick\AppData\Roaming\mozilla\Firefox\Profiles\55rk036k.default\extensions\ich@maltegoetz.de [2011/12/19 19:13:47 | 000,000,933 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\55rk036k.default\searchplugins\11-suche.xml [2011/12/19 19:13:47 | 000,002,419 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\55rk036k.default\searchplugins\englische-ergebnisse.xml [2012/06/28 22:52:00 | 000,001,018 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\55rk036k.default\searchplugins\facebook.xml [2011/12/19 19:13:47 | 000,010,525 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\55rk036k.default\searchplugins\gmx-suche.xml [2011/12/19 19:13:47 | 000,002,457 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\55rk036k.default\searchplugins\lastminute.xml [2011/12/19 19:13:47 | 000,005,508 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\55rk036k.default\searchplugins\webde-suche.xml [2011/01/21 18:25:38 | 000,004,140 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\55rk036k.default\searchplugins\youtube.xml [2012/05/21 15:02:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/01/21 00:47:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2012/03/15 04:57:48 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012/06/26 21:44:09 | 000,626,986 | ---- | M] () (No name found) -- C:\USERS\PATRICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\55RK036K.DEFAULT\EXTENSIONS\{62760FD6-B943-48C9-AB09-F99C6FE96088}.XPI [2012/06/05 01:31:15 | 000,020,995 | ---- | M] () (No name found) -- C:\USERS\PATRICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\55RK036K.DEFAULT\EXTENSIONS\{8A8C1ADA-2504-45C6-A2D2-265591ABBD00}.XPI [2011/10/31 15:41:07 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\PATRICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\55RK036K.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012/05/19 11:37:06 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\PATRICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\55RK036K.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2012/07/03 19:11:28 | 000,045,005 | ---- | M] () (No name found) -- C:\USERS\PATRICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\55RK036K.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI [2012/05/04 01:24:33 | 000,363,268 | ---- | M] () (No name found) -- C:\USERS\PATRICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\55RK036K.DEFAULT\EXTENSIONS\CLIENT@ANONYMOX.NET.XPI [2012/03/07 18:57:05 | 000,072,222 | ---- | M] () (No name found) -- C:\USERS\PATRICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\55RK036K.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI [2012/06/18 14:45:04 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/03/08 13:06:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/08/31 12:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll [2012/03/11 18:35:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/03/11 18:35:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/03/11 18:35:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/03/11 18:35:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/03/11 18:35:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/03/11 18:35:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011/10/14 02:43:20 | 000,437,925 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15060 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [$Volumouse$] C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe (NirSoft) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [aswasOutExt64.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe (AVAST Software) O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefox.lnk = C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.10 192.168.1.130 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE079886-8D4C-4805-9951-B9B08F64DE77}: NameServer = 192.168.1.10 192.168.1.130 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8573EAE-4D38-4DC9-844F-192F0435BB95}: DhcpNameServer = 192.168.1.10 192.168.1.130 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"1031" /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast") O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/03 23:52:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2012/07/03 19:44:16 | 000,142,128 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFW.sys [2012/07/03 19:44:06 | 000,266,776 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswNdis2.sys [2012/07/03 19:44:05 | 000,019,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswKbd.sys [2012/07/03 19:44:05 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\windows\SysNative\drivers\aswNdis.sys [2012/07/03 19:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2012/07/03 19:16:24 | 000,355,856 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys [2012/07/03 19:16:24 | 000,025,232 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys [2012/07/03 19:16:18 | 000,059,728 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys [2012/07/03 19:16:18 | 000,054,072 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys [2012/07/03 19:16:17 | 000,958,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys [2012/07/03 19:16:16 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe [2012/07/03 19:16:16 | 000,071,064 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2012/07/03 19:15:51 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2012/07/03 19:15:50 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2012/07/03 19:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012/07/03 19:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012/07/03 04:14:57 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Malwarebytes [2012/07/03 04:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/07/03 04:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/07/03 01:30:14 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012/07/01 23:48:34 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Spotify [2012/07/01 23:48:22 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Roaming\Spotify [2012/06/27 08:18:13 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Simple_Plan-Get_Your_Heart_On-(CN_Retail)-2012-iUKoO [2012/06/23 14:47:32 | 000,000,000 | ---D | C] -- C:\Users\Patrick\AppData\Local\Macromedia [2012/06/20 18:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/06/12 04:53:05 | 000,000,000 | ---D | C] -- C:\Users\Patrick\Desktop\Mash-Up Your Bootz Party [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/03 23:56:05 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/07/03 23:52:55 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Patrick\Desktop\OTL.exe [2012/07/03 23:49:35 | 000,000,000 | ---- | M] () -- C:\Users\Patrick\defogger_reenable [2012/07/03 23:29:20 | 000,050,477 | ---- | M] () -- C:\Users\Patrick\Desktop\Defogger.exe [2012/07/03 23:24:28 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/03 23:24:28 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/03 23:17:08 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2012/07/03 22:31:07 | 000,000,936 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1234592865-2256707453-3612337758-1000UA.job [2012/07/03 22:30:34 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/07/03 22:30:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/07/03 22:29:58 | 3055,697,920 | -HS- | M] () -- C:\hiberfil.sys [2012/07/03 19:31:40 | 000,001,932 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2012/07/03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys [2012/07/03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys [2012/07/03 18:21:52 | 000,266,776 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswNdis2.sys [2012/07/03 18:21:52 | 000,142,128 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFW.sys [2012/07/03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2012/07/03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys [2012/07/03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys [2012/07/03 18:21:52 | 000,019,600 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswKbd.sys [2012/07/03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys [2012/07/03 18:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2012/07/03 18:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2012/07/03 18:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe [2012/07/03 01:31:17 | 000,000,914 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1234592865-2256707453-3612337758-1000Core.job [2012/07/02 22:34:25 | 000,225,759 | ---- | M] () -- C:\Users\Patrick\Desktop\Reportff833bee-0091-4eb3-85ae-652f6fb55562.pdf [2012/06/28 03:04:34 | 000,020,165 | ---- | M] () -- C:\Users\Patrick\Desktop\Klausurtermine_Technik_SS_12_Stand_180612.pdf [2012/06/27 22:33:54 | 000,012,368 | ---- | M] (ALWIL Software) -- C:\windows\SysNative\drivers\aswNdis.sys [2012/06/27 04:35:10 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/06/27 04:35:10 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/06/27 04:35:10 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/06/27 04:35:10 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/06/27 04:35:09 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/06/27 03:14:17 | 000,011,751 | ---- | M] () -- C:\Users\Patrick\Documents\Zulassungsantrag.pdf [2012/06/21 05:06:35 | 000,921,126 | ---- | M] () -- C:\Users\Patrick\Desktop\abc.png [2012/06/15 12:31:47 | 000,001,063 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/15 12:24:26 | 002,267,328 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/06/14 02:04:47 | 408,258,604 | ---- | M] () -- C:\Users\Patrick\Desktop\Video_MFS_I.wmv [2012/06/12 03:55:27 | 008,938,527 | ---- | M] () -- C:\Users\Patrick\Desktop\Mashup-Germany - Brave new world.mp3 [2012/06/10 19:50:00 | 001,768,169 | ---- | M] () -- C:\Users\Patrick\Desktop\20120610_194959.jpg [2012/06/10 19:40:36 | 001,582,290 | ---- | M] () -- C:\Users\Patrick\Desktop\20120610_194036.jpg [2012/06/05 02:02:38 | 000,007,606 | ---- | M] () -- C:\Users\Patrick\AppData\Local\resmon.resmoncfg [2012/06/05 01:32:56 | 000,001,524 | ---- | M] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefox.lnk [2012/06/04 15:50:11 | 277,480,778 | ---- | M] () -- C:\Users\Patrick\Desktop\Mashup-Germany - BACK TO THE FUTURE PROMO MIX.mp3 [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/03 23:49:35 | 000,000,000 | ---- | C] () -- C:\Users\Patrick\defogger_reenable [2012/07/03 23:29:21 | 000,050,477 | ---- | C] () -- C:\Users\Patrick\Desktop\Defogger.exe [2012/07/03 19:31:40 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2012/07/03 19:16:16 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt [2012/07/02 22:34:25 | 000,225,759 | ---- | C] () -- C:\Users\Patrick\Desktop\Reportff833bee-0091-4eb3-85ae-652f6fb55562.pdf [2012/07/01 23:48:34 | 000,001,813 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012/06/28 03:04:33 | 000,020,165 | ---- | C] () -- C:\Users\Patrick\Desktop\Klausurtermine_Technik_SS_12_Stand_180612.pdf [2012/06/27 03:14:17 | 000,011,751 | ---- | C] () -- C:\Users\Patrick\Documents\Zulassungsantrag.pdf [2012/06/21 05:06:30 | 000,921,126 | ---- | C] () -- C:\Users\Patrick\Desktop\abc.png [2012/06/21 03:57:29 | 001,582,290 | ---- | C] () -- C:\Users\Patrick\Desktop\20120610_194036.jpg [2012/06/21 03:57:28 | 001,768,169 | ---- | C] () -- C:\Users\Patrick\Desktop\20120610_194959.jpg [2012/06/15 12:31:42 | 000,001,063 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012/06/14 02:03:01 | 408,258,604 | ---- | C] () -- C:\Users\Patrick\Desktop\Video_MFS_I.wmv [2012/06/12 03:55:22 | 008,938,527 | ---- | C] () -- C:\Users\Patrick\Desktop\Mashup-Germany - Brave new world.mp3 [2012/06/05 01:32:15 | 000,001,524 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Firefox.lnk [2012/06/04 15:48:53 | 277,480,778 | ---- | C] () -- C:\Users\Patrick\Desktop\Mashup-Germany - BACK TO THE FUTURE PROMO MIX.mp3 [2012/03/26 00:01:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\svcdotnet.inc [2012/03/22 19:06:39 | 000,000,012 | ---- | C] () -- C:\ProgramData\svcdotnet.cfg [2012/01/21 18:43:03 | 000,000,000 | ---- | C] () -- C:\Users\Patrick\AppData\Local\{61060088-DC20-4A8A-A017-10DBA0868E3D} [2011/12/13 20:59:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2011/12/13 20:56:04 | 000,005,632 | ---- | C] () -- C:\windows\SysWow64\drivers\StarOpen.sys [2011/06/25 09:47:25 | 000,554,496 | ---- | C] () -- C:\windows\SysWow64\dvmsg.dll [2011/05/29 04:12:18 | 000,270,240 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2011/05/29 04:12:16 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe [2011/02/02 09:53:00 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2011/01/04 16:10:58 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2011/01/04 16:10:56 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2011/01/04 16:10:56 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2011/01/04 16:10:56 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2011/01/04 16:10:56 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2010/12/08 16:10:07 | 000,110,592 | ---- | C] () -- C:\windows\SysWow64\mlfcache.dat [2010/12/01 02:07:30 | 000,000,091 | ---- | C] () -- C:\windows\wininit.ini [2010/11/24 17:28:27 | 000,003,584 | ---- | C] () -- C:\Users\Patrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/09/18 00:43:34 | 000,000,056 | ---- | C] () -- C:\windows\SysWow64\ezsidmv.dat [2010/09/17 21:52:28 | 000,007,606 | ---- | C] () -- C:\Users\Patrick\AppData\Local\resmon.resmoncfg [2010/09/15 19:25:17 | 000,000,000 | ---- | C] () -- C:\Users\Patrick\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2012/07/03 18:57:48 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Amazon [2012/03/13 17:53:03 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\avidemux [2010/10/11 12:00:23 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Canon [2011/07/01 11:08:16 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Dev-Cpp [2012/07/03 22:32:50 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Dropbox [2010/12/27 15:30:48 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\FRITZ! [2012/05/07 02:39:03 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ICQ [2011/06/18 06:46:18 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\IrfanView [2011/12/14 02:52:05 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Jumping Bytes [2011/03/27 16:21:37 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Leadertech [2012/07/03 18:59:53 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Mobile Master [2011/04/19 14:18:50 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\ROUTE 66 Sync [2012/02/03 03:16:03 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Samsung [2012/07/03 02:53:03 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Spotify [2011/12/02 18:11:42 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\SumatraPDF [2012/05/21 14:54:21 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Systweak [2012/04/10 00:19:44 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Temp [2011/02/02 09:52:59 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Thunderbird [2011/07/16 01:21:28 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\Tobit [2011/12/04 19:05:32 | 000,000,000 | ---D | M] -- C:\Users\Patrick\AppData\Roaming\TS3Client [2012/07/03 01:31:17 | 000,000,914 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1234592865-2256707453-3612337758-1000Core.job [2012/07/03 22:31:07 | 000,000,936 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1234592865-2256707453-3612337758-1000UA.job [2012/05/27 00:41:51 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 7/3/2012 11:54:56 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Patrick\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.79 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 65.09% Memory free
7.59 Gb Paging File | 6.17 Gb Available in Paging File | 81.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172.79 Gb Total Space | 103.44 Gb Free Space | 59.86% Space Free | Partition Type: NTFS
Drive D: | 113.19 Gb Total Space | 8.45 Gb Free Space | 7.46% Space Free | Partition Type: NTFS
Drive W: | 12.00 Gb Total Space | 3.84 Gb Free Space | 31.97% Space Free | Partition Type: NTFS
Computer Name: PATRICKS | User Name: Patrick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F95954E-5A28-49F5-BC89-2350789D54D8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2258A3F6-8D3D-4926-9D6C-39D60C0E3B1F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27E62B77-5E5C-428D-BA86-DBAF2C7EA0AD}" = lport=53 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{32012793-B903-434D-A472-B14120D86321}" = lport=2869 | protocol=6 | dir=in | app=system |
"{38F3F51A-F3C7-4FB5-B46E-0CCBBBE47A60}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{40994B19-2AFC-4D10-8D54-79A6094CC409}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{40C74C30-0EE6-403F-AFFD-2B7BBDBC35F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{40F2A0D5-4DDD-436B-A70D-CEA212B5A410}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{42B1F363-A074-43AC-AF1A-13FDD64CF7D7}" = rport=2869 | protocol=6 | dir=out | app=system |
"{45156B6E-361A-44DB-A0A0-D36372AC3CC8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45628868-B2E7-427E-ACCB-B144D7814E76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F30DD4E-5567-4728-8328-25D545C7B8E8}" = lport=1317 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{5EADCC62-DDD5-4690-8262-29D06F24B3DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F808B67-10D3-4FD8-9E15-FE3AB3A4238C}" = lport=547 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{642D49FA-22CF-438D-977F-63C7DBF17333}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77E4ED91-466B-4BE4-A7AC-7FDBCC826F3B}" = lport=1900 | protocol=17 | dir=in | app=c:\windows\system32\svchost.exe |
"{785C1319-E93F-484E-BAFF-94F466BFB856}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7A874133-A79E-4B29-B324-1F8431BAF464}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A9F68FF-F2FB-4AB8-B53B-A3F94E5934CD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{916DC5A5-19AF-4379-8A6E-28B3391504F3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9BF2C326-CD36-478A-9614-A391525EB6CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A96CA2E8-4C50-4969-916B-63A3D61D546A}" = lport=1303 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{B04A8B7A-6B26-4DB6-A4F5-922FF412B6B0}" = lport=67 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{B1410378-B77E-4CCC-B4FA-D7ABCB193158}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B6049468-539C-40E6-8F9B-CF46460315F2}" = rport=1900 | protocol=17 | dir=out | app=c:\windows\system32\svchost.exe |
"{B72A21AB-3742-4A0C-880B-228C8CDC00F7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B9D79949-E6E4-4003-831F-6771370A233E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC4EA1F0-C587-4DCE-820C-0F1385391853}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C805B6FB-F203-406E-B6ED-680E2EF13953}" = lport=68 | protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectifynetservices.exe |
"{D53F8EEE-14AB-4BAF-97F3-3A8B855E82C8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D8A596E2-BE21-4158-A1E4-C768FABD3B98}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FD305BFB-4F83-4409-9956-D10269704312}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040AFA5E-91EF-4D15-8BEF-0EA5CD3ACDD5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{06784D33-3824-487C-B2E6-509870E983C8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0E5DF8F8-6B00-4663-AD1F-E3B2FDA38F24}" = dir=in | app=c:\programdata\tversity\media server\mediaserver.exe |
"{12D252BB-D561-43F6-A339-608631ABFBF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{183E5EE4-E8FD-48E0-B23B-370B79824710}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C818C7E-DE18-4005-BEBA-0CB6710FA470}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1D02DEC2-D1D0-4EC1-A17F-3324643975D0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{254AE622-F809-4A40-AAE9-466044B6032B}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{2A9ACE52-7C08-4211-A746-E7B810B73E1C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{2CF0B08D-75BE-49EF-AD6F-EED025FA0E55}" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"{31771D89-5FDB-4DA1-A328-3535DC542D14}" = protocol=6 | dir=in | app=c:\program files (x86)\phoner\phoner.exe |
"{3C083D36-D88C-4DD2-A4E1-034231281FDA}" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"{40569683-8A10-4BC9-AA42-2EF1D0E80B13}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{42059D30-25EC-4608-90D9-82E5E2E07835}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{43B572BE-9CA4-444B-9888-A9E3B757ED0B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4700C536-4022-49AD-A667-F47687CB76D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{494B3F4D-4AAC-497D-81B2-7A32AB8A5817}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{4BB5E217-5B68-4196-803A-36F38CEEB7BA}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{505B0D36-79BD-4C72-9A3D-678C9C4E099F}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{52419412-0F3F-4C24-AC94-EF9505251245}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53C937CF-C6BC-42B5-8469-417B3508A097}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{54BBDEDD-441E-45DB-9712-C01300385787}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{581942BE-B789-4513-9E66-604A3B432038}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{593416DE-E7FA-49B6-A191-60E47A0DC8DC}" = dir=out | app=c:\windows\system32\svchost.exe |
"{5E61029C-8A4D-4E1D-ACD8-7B22A073E419}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{64642D57-F49C-45C6-8937-93C2FFFBE898}" = protocol=6 | dir=in | app=c:\spiele\ea sports\fifa 12\game\fifa.exe |
"{69E0B37F-75E7-4B45-B541-D581BE671620}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6ED263DA-8211-4C8A-B1E9-303C53D99FEC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70E8F109-8441-4E18-B06B-D2F810671BBE}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{729DCAB6-D4B3-4CCC-B802-221ABBECC7A9}" = protocol=17 | dir=in | app=c:\program files (x86)\phoner\phoner.exe |
"{742A5ED9-1078-461A-A85B-E7F221E35ECF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{764E0312-9C09-4072-A3CB-8726FBED6A1F}" = protocol=6 | dir=in | app=c:\users\patrick\appdata\roaming\spotify\spotify.exe |
"{76996AF6-3079-497F-8C0C-66CCD5F46CC7}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{7775D4A1-A4A7-4D8B-9FF9-793BA3B7DE6A}" = protocol=6 | dir=in | app=c:\users\patrick\appdata\roaming\dropbox\bin\dropbox.exe |
"{80CE7F12-3F56-4176-8C33-3D9C96756008}" = protocol=17 | dir=in | app=c:\users\patrick\appdata\roaming\dropbox\bin\dropbox.exe |
"{83A31069-9841-4EB0-895E-AF9D29C8F70E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8544D0C1-2C9E-42D8-8414-BCC32F63BE26}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{87ED0B6D-B2A9-4544-8835-E25CA9EB1065}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8ACBF5C3-C19E-462B-9F97-F77F47B4C396}" = protocol=6 | dir=out | app=system |
"{90F7E6BE-E671-462B-9182-0EBC841FF6B0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{921561DE-C7B5-4E4E-B181-BA074B610FFB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{946DC4F3-2654-47C8-AE48-22F0041DA1D2}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{9B08F6E7-B76F-4C4D-89CD-0ABACAE9EE91}" = protocol=6 | dir=in | app=c:\users\patrick\appdata\roaming\dropbox\bin\dropbox.exe |
"{9E9E41B6-6B95-4ED2-A8D0-3AE082715A30}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A0046EAE-0B30-4216-9C90-BE86A5793D14}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{A11EFC29-2721-4D4E-8E55-A3A9548DDE62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5E39896-138A-44EC-835D-5952649DDC4B}" = protocol=17 | dir=in | app=c:\users\patrick\appdata\roaming\spotify\spotify.exe |
"{A83AB83B-0CC7-4596-B851-3FA17232E7A2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A91C62F1-50A3-4F9D-B8FD-F21AE4EEDC02}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{AA496294-1B59-4885-8010-75AA8D981E3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B0A97DA0-A29B-4168-8070-003C158CC3A7}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{BB52DAEF-C098-4F9F-922B-CD3F52064135}" = protocol=17 | dir=in | app=c:\users\patrick\appdata\roaming\dropbox\bin\dropbox.exe |
"{C012925E-FCDD-4248-8A09-09A6A5FBB72E}" = protocol=6 | dir=in | app=c:\program files (x86)\tobit radio.fx\server\rfx-server.exe |
"{C1269B1F-4653-41CA-BDF0-76D6725D4426}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{C296E607-7803-4F3E-A753-D6DDCBB068D3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C4F795CF-AE88-466B-80CD-92EE41EC261B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C51AA26E-865C-41E4-B262-E465221446E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C558AA1A-BBCA-4DE8-BC25-36F6F3336949}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{C8679FD4-B64D-4BAA-AD17-CEC13EC8EAAF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C927B300-6C72-4E14-BD44-46502A504867}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CA387D85-9449-4861-9855-33461C54D74E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CCF7E5EC-8B97-4DF1-A739-839EF4A3A857}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD5DDBA5-8006-408C-A02D-C2E6B2EF6502}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CEB94370-0021-496E-8B26-8498FB2B690D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D0A141A6-1C78-43B6-B707-79DCDCD3BF02}" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"{D4684870-1D6E-4B96-8389-17E142C66C58}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D5A374CB-C670-4BD5-9B96-6DB32D93CA0D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D95C10C2-B238-4897-98EC-F9E3D5F48538}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DCBE78B8-8E99-4CFC-8199-44E7D45E774D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{DF07891F-A506-4DC2-BAE8-10305C82EA2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E2234F3B-CA5A-4030-A3D4-CD0DFAE360A7}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{E4E79D17-0CFC-449C-96CD-E5EC26BD7A3F}" = protocol=17 | dir=in | app=c:\program files (x86)\tobit radio.fx\client\rfx-client.exe |
"{E8CBC97C-1550-4412-B28E-2E86A8F7A3F8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{EA96B202-3BFA-4FAF-B8E7-56615717E727}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB4C8D38-900F-4AA2-A172-F33BA8576C30}" = protocol=17 | dir=in | app=c:\spiele\ea sports\fifa 12\game\fifa.exe |
"{EE4E6687-457F-4D3F-B315-4DDDC88F1681}" = dir=in | app=c:\users\patrick\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{F34490C5-B8B3-46A7-AE58-5B3336EBD8F7}" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"{F5FD63E9-2347-4944-987E-D2CF63FEA90C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F83A81C7-E524-4992-A4F6-CFCEB92EFFD5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{03A9AFD1-CA45-4D4A-9ADE-0B94D3EC9943}C:\spiele\ea sports\fifa 11 demo\game\fifa.exe" = protocol=6 | dir=in | app=c:\spiele\ea sports\fifa 11 demo\game\fifa.exe |
"TCP Query User{03EEFC47-1E37-4A12-83D1-9645E8DEFA27}C:\program files (x86)\phoner\phoner.exe" = protocol=6 | dir=in | app=c:\program files (x86)\phoner\phoner.exe |
"TCP Query User{04622A22-F5CC-40A4-9BCB-0DF791A75F91}C:\spiele\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\spiele\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{12E4986E-6089-4AEC-9ABC-CBCF2639B8D4}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{1DF90C7E-6CDF-4163-9025-CBFB6056AC74}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{2ED775BF-A5F7-4018-9679-F268F0FA5475}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{2FFE6613-7772-4A22-8BB6-E3682AAEC5C8}C:\spiele\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe |
"TCP Query User{42FA406C-AAF2-498A-9DFE-96CA78E3BEA9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{5E97DC46-BEB6-4AB4-BFD9-4E687E9AD64E}C:\program files (x86)\connectify\connectify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
"TCP Query User{7D57DB70-C9AB-498C-B97D-EFDA47D681E9}C:\program files (x86)\fritz!dsl\fritzdsl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\fritz!dsl\fritzdsl.exe |
"TCP Query User{82BBC8B8-109F-442E-B5C4-832DB6ED7B4F}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{899E46D0-1759-45E1-90F3-86316716BB43}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{92445DF0-EB79-4D49-8494-597412E8670A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{B3015727-66B0-46C7-BAFA-6A5089CE833D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{BF55D25E-7E4E-4A82-BFA2-11D535CEA39B}C:\users\patrick\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\patrick\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C5917837-099A-4BD7-AD14-A9817489FF80}C:\program files (x86)\route 66\route 66 sync\route66sync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\route66sync.exe |
"TCP Query User{C99A21DF-9DFC-424F-B84E-18CA10E3CB85}C:\program files (x86)\route 66\route 66 sync\sync9loader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\sync9loader.exe |
"UDP Query User{060D5D71-A37E-4BF7-B11A-6A8A89B70A9A}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{16B7D19D-2B3A-4E2C-80F0-B6F13A420871}C:\program files (x86)\route 66\route 66 sync\route66sync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\route66sync.exe |
"UDP Query User{1E80B157-0A93-4FCF-AC90-BF10C249BB1D}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{2995AF03-3AA8-4D3A-990C-D43F74072CF2}C:\program files (x86)\fritz!dsl\fritzdsl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\fritz!dsl\fritzdsl.exe |
"UDP Query User{2B7612FE-9D65-49FC-9C71-D06AFB8CF6DB}C:\program files (x86)\phoner\phoner.exe" = protocol=17 | dir=in | app=c:\program files (x86)\phoner\phoner.exe |
"UDP Query User{3BA9C4EC-3AED-45E0-9785-83C3BBE48E44}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{44D180DF-9960-4C37-85FC-A394DAE34D37}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{918A09AD-1239-4BD2-8994-CDC6E32BD4A9}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{9FD53F91-DC0A-4101-94E5-23E1A3CE64C8}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{B7598F0E-FD70-4CA9-99CA-3F8A46B9F864}C:\spiele\ea sports\fifa 11 demo\game\fifa.exe" = protocol=17 | dir=in | app=c:\spiele\ea sports\fifa 11 demo\game\fifa.exe |
"UDP Query User{BFA27188-4C98-4851-A3E2-89F8A754E553}C:\spiele\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\spiele\tmnationsforever\tmforever.exe |
"UDP Query User{D8ED2EEE-80D7-4046-8BB3-CFC579823C38}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{DBBE0797-8BC7-4E05-8486-CB1B69C3271B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{E1299DC7-D555-40BA-8CD5-5DE6D18C8222}C:\users\patrick\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\patrick\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F343A8BB-7583-49C6-AE0C-6E698B1C2ACE}C:\program files (x86)\route 66\route 66 sync\sync9loader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\route 66\route 66 sync\sync9loader.exe |
"UDP Query User{F84EC18F-74F1-406E-8775-189E9E2A0E30}C:\spiele\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\spiele\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{F9A44067-33D9-4D42-9472-470E948AC309}C:\program files (x86)\connectify\connectify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\connectify\connectify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2905D974-FADA-0FB1-7EB5-9427ED6F7A9E}" = ATI Catalyst Install Manager
"{2AAA4D8F-225B-C276-16A5-864DF9734D86}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7F973C87231D745EBF31E772CC38BB9B185D3819" = Windows Driver Package - ENE (EUCR) USB (12/04/2009 5.89.0.64)
"Connectify" = Connectify
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = msi Software Install
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C26A812-7DF7-BFA0-1D34-43D238037F61}" = CCC Help Chinese Traditional
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230EECD6-C4EE-5F4B-69D1-17AAAC75A54A}" = Catalyst Control Center Core Implementation
"{24762012-C6C8-4AAD-A02D-71A009FA1683}" = Adobe Flash Player 10 ActiveX
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BCA1AE7-5643-515F-D0DF-CFFD9020593E}" = Catalyst Control Center Graphics Full New
"{30884ACA-08CD-6523-075F-04D218DDB79C}" = Catalyst Control Center Localization All
"{349BCF52-CFD0-42E9-5BC6-CAE57588D71E}" = CCC Help Czech
"{3738545D-C7BF-7E5D-ED5B-53FE01C966AA}" = CCC Help Danish
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC7D217-D49D-AF05-DC3E-0F05F91EA746}" = ccc-core-static
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E76E61B-150E-AFDB-C841-C12016986170}" = CCC Help French
"{3EDD63B9-5A19-2182-63AE-BF79BA637F85}" = Catalyst Control Center Graphics Light
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4877FA7F-687F-947C-5983-5B40E492A7C7}" = CCC Help Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521C9534-FE23-7DFD-82F7-F6E6CB3F8ACA}" = CCC Help Polish
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56BB8142-1794-0F23-6FE4-963F119D2083}" = Catalyst Control Center Graphics Full Existing
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6152EB38-DBA1-8B60-5E64-5D4115576599}" = CCC Help Norwegian
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6EAE176F-51F5-7F9A-7F7E-BC921531D796}" = CCC Help Japanese
"{6ECF91F0-002A-14F7-331C-3798C975B976}" = CCC Help German
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C25C80B-7F10-E662-6926-2A939761F5C8}" = Catalyst Control Center Graphics Previews Vista
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89202060-93AB-672C-477D-E8DEF46E8103}" = CCC Help Greek
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D73BCB1-DD24-816B-BF13-EA08DDF48D7C}" = Catalyst Control Center InstallProxy
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_HOMESTUDENTR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_HOMESTUDENTR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0410-1000-0000000FF1CE}_HOMESTUDENTR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0C0A-1000-0000000FF1CE}_HOMESTUDENTR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{99750819-BDCB-7E89-E1B5-3A9C7D731BF5}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A310F46C-7E91-7CDD-1421-1AE260CE12EB}" = CCC Help Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA659DC5-F577-4364-903D-20C16DD4BDB3}" = Catalyst Control Center - Branding
"{BB9994D6-E795-6CC9-5CB2-D695FB21A746}" = PX Profile Update
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE1A2C04-6F14-4A16-B290-003769418AD9}" = ROUTE 66 Sync
"{BF54932F-23F6-3A4E-60EA-7AFF366CA8B8}" = CCC Help Hungarian
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5D7039E-0803-4FE8-976D-156DE1147E4F}" = ArcSoft Print Creations
"{C61DCDF8-D186-4386-F594-8E7A68D2D32D}" = CCC Help Spanish
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C6CD710D-1923-B80F-65C2-138DBDE28BC9}" = CCC Help Korean
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2C67402-46F1-4A17-5319-937E8A62F43D}" = CCC Help Chinese Standard
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E067DFD3-10DE-7D9B-24A0-CA55943AC43C}" = CCC Help Dutch
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1213853-C66B-B2A9-6AB4-34EC78702F1B}" = CCC Help Finnish
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E797EB9D-9E94-9136-B02D-8187E25FED44}" = CCC Help Thai
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F42B419C-78BD-024D-6617-27F09E22A1CF}" = CCC Help Portuguese
"{F5BCB227-3314-7F4B-19A3-9238615380F6}" = CCC Help English
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F932C96E-5C6C-20E8-EBAF-1DA5819EF0D1}" = CCC Help Swedish
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"avast" = avast! Internet Security
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"bwin Poker JPC_is1" = bwin Poker JPC 1.0.0
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"FKL 4" = Family Keylogger v4.88 (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{BE1A2C04-6F14-4A16-B290-003769418AD9}" = ROUTE 66 Sync
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"New C Series Screensaver" = New C Series Screensaver
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"SumatraPDF" = SumatraPDF
"TmNationsForever_is1" = TmNationsForever
"TVersity Codec Pack" = TVersity Codec Pack 1.7
"TVersity Media Server" = TVersity Media Server 1.9.7
"VLC media player" = VLC media player 2.0.1
"Volumouse" = NirSoft Volumouse
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (Patrick)
"CodeBlocks" = CodeBlocks
"Dropbox" = Dropbox
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 6/10/2012 10:10:30 AM | Computer Name = PatrickS | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 6/17/2012 1:08:00 PM | Computer Name = PatrickS | Source = Google Update | ID = 20
Description =
Error - 6/18/2012 8:43:39 AM | Computer Name = PatrickS | Source = Google Update | ID = 20
Description =
Error - 6/19/2012 10:22:06 AM | Computer Name = PatrickS | Source = Google Update | ID = 20
Description =
Error - 6/19/2012 12:05:15 PM | Computer Name = PatrickS | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 6/19/2012 12:07:51 PM | Computer Name = PatrickS | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
Error - 6/20/2012 9:38:45 AM | Computer Name = PatrickS | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: APSDaemon.exe, Version: 2.1.19.1,
Zeitstempel: 0x4f3a19cc Name des fehlerhaften Moduls: APSDaemon_main.dll, Version:
2.1.19.1, Zeitstempel: 0x4f3de559 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000082f0
ID
des fehlerhaften Prozesses: 0xfa0 Startzeit der fehlerhaften Anwendung: 0x01cd4d9d4a6fc4a6
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Common Files\Apple\Apple Application
Support\APSDaemon.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Common
Files\Apple\Apple Application Support\APSDaemon_main.dll Berichtskennung: 4147d00b-badd-11e1-81e9-fc78a10dc9d3
Error - 6/22/2012 12:02:56 PM | Computer Name = PatrickS | Source = Google Update | ID = 20
Description =
Error - 6/24/2012 10:30:14 AM | Computer Name = PatrickS | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 6/24/2012 10:32:31 AM | Computer Name = PatrickS | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\microsoft\search enhancement pack\search helper\searchhelper.dll". Fehler
in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
pack\search helper\searchhelper.dll" in Zeile 2. Ungültige XML-Syntax.
[ Cisco AnyConnect VPN Client Events ]
Error - 10/12/2010 7:51:36 AM | Computer Name = PatrickS | Source = vpnui | ID = 67108866
Description = Function: CTransportWinInet::SendRequest File: .\CTransportWinInet.cpp
Line:
1313 Invoked Function: CTransportWinInet::SendRequest Return Code: 12002 (0x00002EE2)
Description:
Das Zeitlimit für den Vorgang wurde erreicht.
Error - 10/12/2010 7:51:36 AM | Computer Name = PatrickS | Source = vpnui | ID = 67108866
Description = Function: ConnectIfc::connect File: .\ConnectIfc.cpp Line: 349 Invoked
Function: CTransport::SendRequest Return Code: -29949906 (0xFE37002E) Description:
CTRANSPORT_ERROR_TIMEOUT
Error - 10/12/2010 7:51:36 AM | Computer Name = PatrickS | Source = vpnui | ID = 67108866
Description = Function: ConnectIfc::TranslateStatusCode File: .\ConnectIfc.cpp Line:
2703 Invoked Function: ConnectIfc::TranslateStatusCode Return Code: -29949906 (0xFE37002E)
Description:
timeout
Error - 10/12/2010 7:51:36 AM | Computer Name = PatrickS | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::connect File: .\ConnectMgr.cpp Line: 989 Invoked
Function: ConnectIfc::connect Return Code: -29949906 (0xFE37002E) Description: CTRANSPORT_ERROR_TIMEOUT
Error - 10/12/2010 7:51:36 AM | Computer Name = PatrickS | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1208
Invoked
Function: ConnectMgr :: processIfcData Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Unrecognized content type (Unknown) received.
Error - 10/12/2010 7:51:36 AM | Computer Name = PatrickS | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1234
Invoked
Function: ConnectMgr :: processIfcData Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Unable to process response from tserver1.rheinahrcampus.de.
Error - 10/12/2010 7:51:36 AM | Computer Name = PatrickS | Source = vpnui | ID = 67108866
Description = Function: ConnectMgr::processIfcData File: .\ConnectMgr.cpp Line: 1315
Invoked
Function: ConnectMgr::processIfcData Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED Unable to contact tserver1.rheinahrcampus.de.
Error - 10/12/2010 8:07:39 AM | Computer Name = PatrickS | Source = vpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
Error - 10/12/2010 8:07:39 AM | Computer Name = PatrickS | Source = vpnagent | ID = 67108866
Description = Function: CMainThread::getDownloaderMessage File: .\MainThread.cpp Line:
964 Invoked Function: CVpnMgr::processEvents Return Code: 0 (0x00000000) Description:
fatal error, stopping service
Error - 10/12/2010 8:07:39 AM | Computer Name = PatrickS | Source = vpnagent | ID = 67108866
Description = Function: service_main_NT File: .\Agent.cpp Line: 674 Invoked Function:
WaitForSingleObject Return Code: 6 (0x00000006) Description: Das Handle ist ungültig.
[ System Events ]
Error - 7/3/2012 3:09:19 PM | Computer Name = PatrickS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen vflt
Error - 7/3/2012 3:11:24 PM | Computer Name = PatrickS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 7/3/2012 3:11:24 PM | Computer Name = PatrickS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 7/3/2012 4:30:02 PM | Computer Name = PatrickS | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?07.?2012 um 21:22:02 unerwartet heruntergefahren.
Error - 7/3/2012 4:29:54 PM | Computer Name = PatrickS | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 7/3/2012 4:30:11 PM | Computer Name = PatrickS | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen vflt
Error - 7/3/2012 4:32:27 PM | Computer Name = PatrickS | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMProtector" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 7/3/2012 4:32:27 PM | Computer Name = PatrickS | Source = Service Control Manager | ID = 7001
Description = Der Dienst "MBAMService" ist vom Dienst "MBAMProtector" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%2
Error - 7/3/2012 4:32:31 PM | Computer Name = PatrickS | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{DE079886-8D4C-4805-9951-B9B08F64DE77} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 7/3/2012 4:32:39 PM | Computer Name = PatrickS | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{DE079886-8D4C-4805-9951-B9B08F64DE77} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
< End of report >
|
|
04.07.2012, 07:47
| #2 |
  |  S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus Hi,
__________________Fix für OTL:
 Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
:Commands
[emptytemp]
[Reboot]
Schauen wir mal nach.. TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Stelle den Killer wir folgt ein:  Dann den Scan starten durch (Start Scan). Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten... aswMBR Folge den Anweisungen hier. Kurzanleitung: Von http://filepony.de/download-aswmbr/ die aswMBR.exe runterladen und auf dem Desktop speichern.
chris
__________________ |
|
04.07.2012, 10:16
| #3 |
| | S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus OTL-Fix-Log
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Patrick
->Temp folder emptied: 5004164 bytes
->Temporary Internet Files folder emptied: 32246978 bytes
->Java cache emptied: 45884813 bytes
->FireFox cache emptied: 331757098 bytes
->Flash cache emptied: 384830 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95810578 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36049904 bytes
RecycleBin emptied: 3192623049 bytes
Total Files Cleaned = 3,567.00 mb
OTL by OldTimer - Version 3.2.53.1 log created on 07042012_085517
Hab (aus Versehen) 2x den Scan durchgeführt.. Code:
ATTFilter 10:54:10.0250 3572 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
10:54:12.0044 3572 ============================================================
10:54:12.0044 3572 Current date / time: 2012/07/04 10:54:12.0044
10:54:12.0044 3572 SystemInfo:
10:54:12.0044 3572
10:54:12.0044 3572 OS Version: 6.1.7601 ServicePack: 1.0
10:54:12.0044 3572 Product type: Workstation
10:54:12.0044 3572 ComputerName: PATRICKS
10:54:12.0044 3572 UserName: Patrick
10:54:12.0044 3572 Windows directory: C:\windows
10:54:12.0044 3572 System windows directory: C:\windows
10:54:12.0044 3572 Running under WOW64
10:54:12.0044 3572 Processor architecture: Intel x64
10:54:12.0044 3572 Number of processors: 4
10:54:12.0044 3572 Page size: 0x1000
10:54:12.0044 3572 Boot type: Normal boot
10:54:12.0044 3572 ============================================================
10:54:12.0528 3572 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:54:12.0544 3572 ============================================================
10:54:12.0544 3572 \Device\Harddisk0\DR0:
10:54:12.0544 3572 MBR partitions:
10:54:12.0544 3572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x15997000
10:54:12.0544 3572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x171C9800, BlocksNum 0xE2602B0
10:54:12.0544 3572 ============================================================
10:54:12.0590 3572 C: <-> \Device\Harddisk0\DR0\Partition0
10:54:12.0637 3572 D: <-> \Device\Harddisk0\DR0\Partition1
10:54:12.0637 3572 ============================================================
10:54:12.0637 3572 Initialize success
10:54:12.0637 3572 ============================================================
10:55:01.0403 3060 ============================================================
10:55:01.0403 3060 Scan started
10:55:01.0403 3060 Mode: Manual; SigCheck; TDLFS;
10:55:01.0403 3060 ============================================================
10:55:01.0715 3060 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
10:55:01.0824 3060 1394ohci - ok
10:55:01.0933 3060 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:55:03.0634 3060 ACDaemon - ok
10:55:03.0712 3060 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
10:55:03.0727 3060 ACPI - ok
10:55:03.0790 3060 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
10:55:03.0836 3060 AcpiPmi - ok
10:55:03.0961 3060 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:55:03.0977 3060 AdobeARMservice - ok
10:55:04.0055 3060 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
10:55:04.0086 3060 adp94xx - ok
10:55:04.0148 3060 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
10:55:04.0180 3060 adpahci - ok
10:55:04.0226 3060 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
10:55:04.0258 3060 adpu320 - ok
10:55:04.0289 3060 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
10:55:04.0351 3060 AeLookupSvc - ok
10:55:04.0445 3060 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
10:55:04.0492 3060 AFD - ok
10:55:04.0554 3060 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
10:55:04.0570 3060 agp440 - ok
10:55:04.0616 3060 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
10:55:04.0663 3060 ALG - ok
10:55:04.0726 3060 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
10:55:04.0741 3060 aliide - ok
10:55:04.0788 3060 AMD External Events Utility (9f5027a7a304a33de3077f523635553a) C:\windows\system32\atiesrxx.exe
10:55:04.0819 3060 AMD External Events Utility - ok
10:55:04.0835 3060 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
10:55:04.0866 3060 amdide - ok
10:55:04.0897 3060 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
10:55:04.0944 3060 AmdK8 - ok
10:55:05.0272 3060 amdkmdag (0c3480807a602519b970088ffb112a70) C:\windows\system32\DRIVERS\atipmdag.sys
10:55:05.0459 3060 amdkmdag - ok
10:55:05.0615 3060 amdkmdap (f031616862c873086b1f3c2b97ee35d5) C:\windows\system32\DRIVERS\atikmpag.sys
10:55:05.0662 3060 amdkmdap - ok
10:55:05.0693 3060 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
10:55:05.0724 3060 AmdPPM - ok
10:55:05.0771 3060 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
10:55:05.0802 3060 amdsata - ok
10:55:05.0864 3060 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
10:55:05.0896 3060 amdsbs - ok
10:55:05.0942 3060 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
10:55:05.0958 3060 amdxata - ok
10:55:06.0036 3060 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\windows\system32\Drivers\ssadadb.sys
10:55:06.0067 3060 androidusb - ok
10:55:06.0114 3060 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
10:55:06.0176 3060 AppID - ok
10:55:06.0223 3060 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
10:55:06.0301 3060 AppIDSvc - ok
10:55:06.0379 3060 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
10:55:06.0426 3060 Appinfo - ok
10:55:06.0566 3060 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:55:06.0582 3060 Apple Mobile Device - ok
10:55:06.0629 3060 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
10:55:06.0644 3060 arc - ok
10:55:06.0660 3060 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
10:55:06.0676 3060 arcsas - ok
10:55:06.0691 3060 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
10:55:06.0707 3060 ArcSoftKsUFilter - ok
10:55:06.0769 3060 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\windows\system32\drivers\aswFsBlk.sys
10:55:06.0785 3060 aswFsBlk - ok
10:55:06.0832 3060 aswFW (f3cfbc0aa2b8bd665a2ccf1ba9e65919) C:\windows\system32\drivers\aswFW.sys
10:55:06.0832 3060 aswFW - ok
10:55:06.0878 3060 aswKbd (c42d45089fd2ec63d13571362c258dc6) C:\windows\system32\drivers\aswKbd.sys
10:55:06.0894 3060 aswKbd - ok
10:55:06.0910 3060 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\windows\system32\drivers\aswMonFlt.sys
10:55:06.0925 3060 aswMonFlt - ok
10:55:06.0956 3060 aswNdis (518b8d447a1975ab46da093a2e743256) C:\windows\system32\DRIVERS\aswNdis.sys
10:55:06.0972 3060 aswNdis - ok
10:55:07.0003 3060 aswNdis2 (80a43cef831664c404c73564ccf4b8b1) C:\windows\system32\drivers\aswNdis2.sys
10:55:07.0019 3060 aswNdis2 - ok
10:55:07.0050 3060 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\windows\System32\Drivers\aswrdr2.sys
10:55:07.0066 3060 aswRdr - ok
10:55:07.0159 3060 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\windows\system32\drivers\aswSnx.sys
10:55:07.0190 3060 aswSnx - ok
10:55:07.0222 3060 aswSP (3610ca74a69e380424f0452dec5c1317) C:\windows\system32\drivers\aswSP.sys
10:55:07.0237 3060 aswSP - ok
10:55:07.0268 3060 aswTdi (87de3e31cb0091d22351349869324065) C:\windows\system32\drivers\aswTdi.sys
10:55:07.0268 3060 aswTdi - ok
10:55:07.0315 3060 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
10:55:07.0393 3060 AsyncMac - ok
10:55:07.0456 3060 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
10:55:07.0471 3060 atapi - ok
10:55:07.0674 3060 athr (a5e770426d18f8ef332a593f3289da91) C:\windows\system32\DRIVERS\athrx.sys
10:55:07.0799 3060 athr - ok
10:55:07.0986 3060 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\windows\system32\drivers\AtiHdmi.sys
10:55:08.0017 3060 AtiHdmiService - ok
10:55:08.0360 3060 atikmdag (0c3480807a602519b970088ffb112a70) C:\windows\system32\DRIVERS\atikmdag.sys
10:55:08.0548 3060 atikmdag - ok
10:55:08.0766 3060 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
10:55:08.0875 3060 AudioEndpointBuilder - ok
10:55:08.0875 3060 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
10:55:08.0922 3060 AudioSrv - ok
10:55:09.0140 3060 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:55:09.0156 3060 avast! Antivirus - ok
10:55:09.0203 3060 avast! Firewall (465a17095eb3b9e101429b669f495d01) C:\Program Files\AVAST Software\Avast\afwServ.exe
10:55:09.0218 3060 avast! Firewall - ok
10:55:09.0265 3060 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
10:55:09.0343 3060 AxInstSV - ok
10:55:09.0452 3060 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
10:55:09.0515 3060 b06bdrv - ok
10:55:09.0577 3060 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
10:55:09.0624 3060 b57nd60a - ok
10:55:09.0686 3060 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
10:55:09.0749 3060 BDESVC - ok
10:55:09.0780 3060 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
10:55:09.0874 3060 Beep - ok
10:55:09.0998 3060 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
10:55:10.0092 3060 BFE - ok
10:55:10.0201 3060 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
10:55:10.0295 3060 BITS - ok
10:55:10.0373 3060 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
10:55:10.0420 3060 blbdrive - ok
10:55:10.0544 3060 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:55:10.0576 3060 Bonjour Service - ok
10:55:10.0638 3060 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
10:55:10.0669 3060 bowser - ok
10:55:10.0716 3060 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
10:55:10.0778 3060 BrFiltLo - ok
10:55:10.0794 3060 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
10:55:10.0810 3060 BrFiltUp - ok
10:55:10.0872 3060 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
10:55:10.0966 3060 Browser - ok
10:55:11.0012 3060 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
10:55:11.0044 3060 Brserid - ok
10:55:11.0075 3060 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
10:55:11.0122 3060 BrSerWdm - ok
10:55:11.0153 3060 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
10:55:11.0200 3060 BrUsbMdm - ok
10:55:11.0215 3060 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
10:55:11.0246 3060 BrUsbSer - ok
10:55:11.0293 3060 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
10:55:11.0340 3060 BTHMODEM - ok
10:55:11.0387 3060 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
10:55:11.0465 3060 bthserv - ok
10:55:11.0512 3060 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
10:55:11.0574 3060 cdfs - ok
10:55:11.0636 3060 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
10:55:11.0699 3060 cdrom - ok
10:55:11.0777 3060 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
10:55:11.0855 3060 CertPropSvc - ok
10:55:11.0902 3060 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
10:55:11.0933 3060 circlass - ok
10:55:11.0995 3060 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
10:55:12.0042 3060 CLFS - ok
10:55:12.0136 3060 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:55:12.0167 3060 clr_optimization_v2.0.50727_32 - ok
10:55:12.0229 3060 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:55:12.0260 3060 clr_optimization_v2.0.50727_64 - ok
10:55:12.0370 3060 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:55:12.0401 3060 clr_optimization_v4.0.30319_32 - ok
10:55:12.0463 3060 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:55:12.0479 3060 clr_optimization_v4.0.30319_64 - ok
10:55:12.0526 3060 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
10:55:12.0572 3060 CmBatt - ok
10:55:12.0604 3060 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
10:55:12.0619 3060 cmdide - ok
10:55:12.0682 3060 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
10:55:12.0744 3060 CNG - ok
10:55:12.0822 3060 cnnctfy2 (040ff3b09f26926a3792e047db0f47dd) C:\windows\system32\DRIVERS\cnnctfy2.sys
10:55:12.0853 3060 cnnctfy2 - ok
10:55:12.0884 3060 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
10:55:12.0916 3060 Compbatt - ok
10:55:12.0962 3060 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
10:55:12.0994 3060 CompositeBus - ok
10:55:13.0025 3060 COMSysApp - ok
10:55:13.0118 3060 Connectify (4dbc76cfc9a53d7f39bfc2dc8d505b0d) C:\Program Files (x86)\Connectify\ConnectifyService.exe
10:55:13.0150 3060 Connectify ( UnsignedFile.Multi.Generic ) - warning
10:55:13.0150 3060 Connectify - detected UnsignedFile.Multi.Generic (1)
10:55:13.0196 3060 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
10:55:13.0212 3060 crcdisk - ok
10:55:13.0290 3060 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
10:55:13.0368 3060 CryptSvc - ok
10:55:13.0477 3060 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
10:55:13.0555 3060 DcomLaunch - ok
10:55:13.0618 3060 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
10:55:13.0696 3060 defragsvc - ok
10:55:13.0743 3060 de_serv - ok
10:55:13.0805 3060 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
10:55:13.0883 3060 DfsC - ok
10:55:13.0914 3060 dgderdrv - ok
10:55:13.0977 3060 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\windows\system32\DRIVERS\ssudbus.sys
10:55:14.0008 3060 dg_ssudbus - ok
10:55:14.0070 3060 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
10:55:14.0164 3060 Dhcp - ok
10:55:14.0211 3060 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
10:55:14.0289 3060 discache - ok
10:55:14.0335 3060 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
10:55:14.0367 3060 Disk - ok
10:55:14.0413 3060 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
10:55:14.0460 3060 Dnscache - ok
10:55:14.0507 3060 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
10:55:14.0569 3060 dot3svc - ok
10:55:14.0632 3060 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
10:55:14.0694 3060 DPS - ok
10:55:14.0741 3060 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
10:55:14.0803 3060 drmkaud - ok
10:55:14.0913 3060 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
10:55:14.0959 3060 DXGKrnl - ok
10:55:15.0022 3060 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
10:55:15.0147 3060 EapHost - ok
10:55:15.0412 3060 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
10:55:15.0552 3060 ebdrv - ok
10:55:15.0708 3060 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
10:55:15.0771 3060 EFS - ok
10:55:15.0895 3060 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
10:55:15.0958 3060 ehRecvr - ok
10:55:16.0005 3060 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
10:55:16.0036 3060 ehSched - ok
10:55:16.0145 3060 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
10:55:16.0192 3060 elxstor - ok
10:55:16.0239 3060 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
10:55:16.0285 3060 ErrDev - ok
10:55:16.0348 3060 EUCR (89d11159b361dd1eac5dd4e9895c04a4) C:\windows\system32\DRIVERS\EUCR6SK.SYS
10:55:16.0363 3060 EUCR - ok
10:55:16.0441 3060 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
10:55:16.0535 3060 EventSystem - ok
10:55:16.0582 3060 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
10:55:16.0675 3060 exfat - ok
10:55:16.0707 3060 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
10:55:16.0800 3060 fastfat - ok
10:55:16.0894 3060 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
10:55:17.0003 3060 Fax - ok
10:55:17.0034 3060 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
10:55:17.0081 3060 fdc - ok
10:55:17.0112 3060 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
10:55:17.0175 3060 fdPHost - ok
10:55:17.0206 3060 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
10:55:17.0268 3060 FDResPub - ok
10:55:17.0299 3060 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
10:55:17.0315 3060 FileInfo - ok
10:55:17.0346 3060 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
10:55:17.0471 3060 Filetrace - ok
10:55:17.0611 3060 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:55:17.0674 3060 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:55:17.0674 3060 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:55:17.0705 3060 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
10:55:17.0752 3060 flpydisk - ok
10:55:17.0830 3060 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
10:55:17.0861 3060 FltMgr - ok
10:55:17.0986 3060 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
10:55:18.0033 3060 FontCache - ok
10:55:18.0111 3060 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:55:18.0126 3060 FontCache3.0.0.0 - ok
10:55:18.0189 3060 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
10:55:18.0220 3060 FsDepends - ok
10:55:18.0251 3060 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
10:55:18.0267 3060 Fs_Rec - ok
10:55:18.0345 3060 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
10:55:18.0376 3060 fvevol - ok
10:55:18.0423 3060 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
10:55:18.0438 3060 gagp30kx - ok
10:55:18.0501 3060 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
10:55:18.0516 3060 GEARAspiWDM - ok
10:55:18.0610 3060 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
10:55:18.0688 3060 gpsvc - ok
10:55:18.0797 3060 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:55:18.0828 3060 gupdate - ok
10:55:18.0859 3060 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:55:18.0875 3060 gupdatem - ok
10:55:18.0953 3060 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:55:18.0969 3060 gusvc - ok
10:55:19.0062 3060 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
10:55:19.0093 3060 hcw85cir - ok
10:55:19.0187 3060 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
10:55:19.0234 3060 HdAudAddService - ok
10:55:19.0296 3060 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
10:55:19.0343 3060 HDAudBus - ok
10:55:19.0405 3060 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
10:55:19.0437 3060 HECIx64 - ok
10:55:19.0452 3060 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
10:55:19.0499 3060 HidBatt - ok
10:55:19.0530 3060 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
10:55:19.0561 3060 HidBth - ok
10:55:19.0608 3060 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
10:55:19.0655 3060 HidIr - ok
10:55:19.0702 3060 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
10:55:19.0764 3060 hidserv - ok
10:55:19.0842 3060 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
10:55:19.0858 3060 HidUsb - ok
10:55:19.0905 3060 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
10:55:20.0029 3060 hkmsvc - ok
10:55:20.0076 3060 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
10:55:20.0092 3060 HomeGroupListener - ok
10:55:20.0154 3060 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
10:55:20.0217 3060 HomeGroupProvider - ok
10:55:20.0279 3060 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
10:55:20.0326 3060 HpSAMD - ok
10:55:20.0435 3060 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
10:55:20.0529 3060 HTTP - ok
10:55:20.0560 3060 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
10:55:20.0575 3060 hwpolicy - ok
10:55:20.0638 3060 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
10:55:20.0685 3060 i8042prt - ok
10:55:20.0747 3060 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
10:55:20.0778 3060 iaStor - ok
10:55:20.0903 3060 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:55:20.0919 3060 IAStorDataMgrSvc - ok
10:55:21.0012 3060 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
10:55:21.0043 3060 iaStorV - ok
10:55:21.0184 3060 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:55:21.0231 3060 idsvc - ok
10:55:21.0277 3060 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
10:55:21.0293 3060 iirsp - ok
10:55:21.0402 3060 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
10:55:21.0480 3060 IKEEXT - ok
10:55:21.0558 3060 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\windows\system32\DRIVERS\Impcd.sys
10:55:21.0605 3060 Impcd - ok
10:55:21.0823 3060 IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\windows\system32\drivers\RTKVHD64.sys
10:55:21.0886 3060 IntcAzAudAddService - ok
10:55:22.0057 3060 IntcDAud (da24c1f66ee1b5a92e045376d7a44b58) C:\windows\system32\DRIVERS\IntcDAud.sys
10:55:22.0135 3060 IntcDAud - ok
10:55:22.0167 3060 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
10:55:22.0182 3060 intelide - ok
10:55:22.0713 3060 intelkmd (31d1aff484d8a0906cf8d44251ec390f) C:\windows\system32\DRIVERS\igdpmd64.sys
10:55:22.0947 3060 intelkmd - ok
10:55:23.0103 3060 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
10:55:23.0149 3060 intelppm - ok
10:55:23.0181 3060 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
10:55:23.0290 3060 IPBusEnum - ok
10:55:23.0321 3060 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
10:55:23.0399 3060 IpFilterDriver - ok
10:55:23.0493 3060 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
10:55:23.0602 3060 iphlpsvc - ok
10:55:23.0633 3060 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
10:55:23.0664 3060 IPMIDRV - ok
10:55:23.0711 3060 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
10:55:23.0773 3060 IPNAT - ok
10:55:23.0961 3060 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
10:55:24.0007 3060 iPod Service - ok
10:55:24.0054 3060 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
10:55:24.0101 3060 IRENUM - ok
10:55:24.0163 3060 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
10:55:24.0195 3060 isapnp - ok
10:55:24.0257 3060 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
10:55:24.0288 3060 iScsiPrt - ok
10:55:24.0304 3060 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
10:55:24.0319 3060 kbdclass - ok
10:55:24.0382 3060 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
10:55:24.0429 3060 kbdhid - ok
10:55:24.0475 3060 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:55:24.0507 3060 KeyIso - ok
10:55:24.0538 3060 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
10:55:24.0553 3060 KSecDD - ok
10:55:24.0600 3060 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
10:55:24.0631 3060 KSecPkg - ok
10:55:24.0663 3060 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
10:55:24.0725 3060 ksthunk - ok
10:55:24.0772 3060 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
10:55:24.0850 3060 KtmRm - ok
10:55:24.0912 3060 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
10:55:25.0021 3060 LanmanServer - ok
10:55:25.0068 3060 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
10:55:25.0162 3060 LanmanWorkstation - ok
10:55:25.0209 3060 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
10:55:25.0287 3060 lltdio - ok
10:55:25.0349 3060 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
10:55:25.0443 3060 lltdsvc - ok
10:55:25.0474 3060 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
10:55:25.0536 3060 lmhosts - ok
10:55:25.0661 3060 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:55:25.0692 3060 LMS - ok
10:55:25.0755 3060 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
10:55:25.0786 3060 LSI_FC - ok
10:55:25.0801 3060 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
10:55:25.0817 3060 LSI_SAS - ok
10:55:25.0848 3060 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
10:55:25.0864 3060 LSI_SAS2 - ok
10:55:25.0895 3060 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
10:55:25.0911 3060 LSI_SCSI - ok
10:55:25.0942 3060 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
10:55:26.0004 3060 luafv - ok
10:55:26.0035 3060 MBAMProtector - ok
10:55:26.0145 3060 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:55:26.0176 3060 MBAMService - ok
10:55:26.0238 3060 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
10:55:26.0285 3060 Mcx2Svc - ok
10:55:26.0301 3060 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
10:55:26.0316 3060 megasas - ok
10:55:26.0363 3060 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
10:55:26.0394 3060 MegaSR - ok
10:55:26.0472 3060 Micro Star SCM (71c6748ee8de938532057ef10b4b7e44) C:\Program Files (x86)\System Control Manager\MSIService.exe
10:55:26.0488 3060 Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
10:55:26.0488 3060 Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
10:55:26.0550 3060 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
10:55:26.0613 3060 MMCSS - ok
10:55:26.0644 3060 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
10:55:26.0722 3060 Modem - ok
10:55:26.0753 3060 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
10:55:26.0815 3060 monitor - ok
10:55:26.0878 3060 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
10:55:26.0893 3060 mouclass - ok
10:55:26.0925 3060 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
10:55:26.0971 3060 mouhid - ok
10:55:27.0018 3060 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
10:55:27.0049 3060 mountmgr - ok
10:55:27.0127 3060 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:55:27.0159 3060 MozillaMaintenance - ok
10:55:27.0205 3060 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
10:55:27.0237 3060 mpio - ok
10:55:27.0268 3060 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
10:55:27.0346 3060 mpsdrv - ok
10:55:27.0439 3060 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
10:55:27.0549 3060 MpsSvc - ok
10:55:27.0595 3060 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
10:55:27.0642 3060 MRxDAV - ok
10:55:27.0673 3060 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
10:55:27.0736 3060 mrxsmb - ok
10:55:27.0798 3060 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
10:55:27.0861 3060 mrxsmb10 - ok
10:55:27.0892 3060 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
10:55:27.0939 3060 mrxsmb20 - ok
10:55:27.0985 3060 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
10:55:28.0001 3060 msahci - ok
10:55:28.0048 3060 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
10:55:28.0079 3060 msdsm - ok
10:55:28.0126 3060 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
10:55:28.0173 3060 MSDTC - ok
10:55:28.0219 3060 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
10:55:28.0282 3060 Msfs - ok
10:55:28.0297 3060 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
10:55:28.0407 3060 mshidkmdf - ok
10:55:28.0438 3060 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
10:55:28.0453 3060 msisadrv - ok
10:55:28.0500 3060 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
10:55:28.0578 3060 MSiSCSI - ok
10:55:28.0578 3060 msiserver - ok
10:55:28.0609 3060 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
10:55:28.0656 3060 MSKSSRV - ok
10:55:28.0656 3060 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
10:55:28.0734 3060 MSPCLOCK - ok
10:55:28.0734 3060 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
10:55:28.0797 3060 MSPQM - ok
10:55:28.0859 3060 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
10:55:28.0906 3060 MsRPC - ok
10:55:28.0937 3060 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
10:55:28.0953 3060 mssmbios - ok
10:55:28.0984 3060 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
10:55:29.0031 3060 MSTEE - ok
10:55:29.0046 3060 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
10:55:29.0093 3060 MTConfig - ok
10:55:29.0124 3060 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
10:55:29.0140 3060 Mup - ok
10:55:29.0218 3060 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
10:55:29.0280 3060 napagent - ok
10:55:29.0358 3060 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
10:55:29.0421 3060 NativeWifiP - ok
10:55:29.0530 3060 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
10:55:29.0592 3060 NDIS - ok
10:55:29.0608 3060 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
10:55:29.0686 3060 NdisCap - ok
10:55:29.0717 3060 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
10:55:29.0779 3060 NdisTapi - ok
10:55:29.0842 3060 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
10:55:29.0935 3060 Ndisuio - ok
10:55:29.0982 3060 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
10:55:30.0076 3060 NdisWan - ok
10:55:30.0123 3060 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
10:55:30.0185 3060 NDProxy - ok
10:55:30.0247 3060 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
10:55:30.0325 3060 NetBIOS - ok
10:55:30.0372 3060 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
10:55:30.0450 3060 NetBT - ok
10:55:30.0497 3060 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:55:30.0528 3060 Netlogon - ok
10:55:30.0591 3060 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
10:55:30.0684 3060 Netman - ok
10:55:30.0747 3060 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
10:55:30.0840 3060 netprofm - ok
10:55:30.0918 3060 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:55:30.0934 3060 NetTcpPortSharing - ok
10:55:30.0996 3060 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
10:55:31.0012 3060 nfrd960 - ok
10:55:31.0090 3060 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
10:55:31.0168 3060 NlaSvc - ok
10:55:31.0183 3060 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
10:55:31.0230 3060 Npfs - ok
10:55:31.0261 3060 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
10:55:31.0324 3060 nsi - ok
10:55:31.0339 3060 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
10:55:31.0417 3060 nsiproxy - ok
10:55:31.0589 3060 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
10:55:31.0667 3060 Ntfs - ok
10:55:31.0807 3060 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
10:55:31.0885 3060 Null - ok
10:55:31.0948 3060 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
10:55:31.0995 3060 nvraid - ok
10:55:32.0057 3060 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
10:55:32.0088 3060 nvstor - ok
10:55:32.0135 3060 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
10:55:32.0151 3060 nv_agp - ok
10:55:32.0307 3060 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:55:32.0353 3060 odserv - ok
10:55:32.0385 3060 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
10:55:32.0431 3060 ohci1394 - ok
10:55:32.0494 3060 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:55:32.0525 3060 ose - ok
10:55:32.0587 3060 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
10:55:32.0650 3060 p2pimsvc - ok
10:55:32.0697 3060 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
10:55:32.0759 3060 p2psvc - ok
10:55:32.0790 3060 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
10:55:32.0837 3060 Parport - ok
10:55:32.0884 3060 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
10:55:32.0899 3060 partmgr - ok
10:55:32.0962 3060 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
10:55:32.0993 3060 PcaSvc - ok
10:55:33.0196 3060 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
10:55:33.0243 3060 pci - ok
10:55:33.0383 3060 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
10:55:33.0399 3060 pciide - ok
10:55:33.0461 3060 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
10:55:33.0523 3060 pcmcia - ok
10:55:33.0539 3060 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
10:55:33.0555 3060 pcw - ok
10:55:34.0194 3060 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
10:55:34.0303 3060 PEAUTH - ok
10:55:34.0647 3060 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
10:55:34.0693 3060 PerfHost - ok
10:55:34.0896 3060 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
10:55:34.0990 3060 pla - ok
10:55:35.0068 3060 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
10:55:35.0115 3060 PlugPlay - ok
10:55:35.0161 3060 PnkBstrA - ok
10:55:35.0208 3060 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
10:55:35.0239 3060 PNRPAutoReg - ok
10:55:35.0317 3060 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
10:55:35.0349 3060 PNRPsvc - ok
10:55:35.0442 3060 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
10:55:35.0598 3060 PolicyAgent - ok
10:55:35.0661 3060 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
10:55:35.0770 3060 Power - ok
10:55:35.0863 3060 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
10:55:35.0910 3060 PptpMiniport - ok
10:55:35.0957 3060 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
10:55:35.0973 3060 Processor - ok
10:55:36.0035 3060 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
10:55:36.0113 3060 ProfSvc - ok
10:55:36.0144 3060 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:55:36.0175 3060 ProtectedStorage - ok
10:55:36.0238 3060 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
10:55:36.0347 3060 Psched - ok
10:55:36.0503 3060 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
10:55:36.0581 3060 ql2300 - ok
10:55:36.0721 3060 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
10:55:36.0753 3060 ql40xx - ok
10:55:36.0815 3060 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
10:55:36.0877 3060 QWAVE - ok
10:55:36.0893 3060 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
10:55:36.0940 3060 QWAVEdrv - ok
10:55:36.0955 3060 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
10:55:37.0002 3060 RasAcd - ok
10:55:37.0049 3060 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
10:55:37.0111 3060 RasAgileVpn - ok
10:55:37.0158 3060 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
10:55:37.0283 3060 RasAuto - ok
10:55:37.0361 3060 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
10:55:37.0455 3060 Rasl2tp - ok
10:55:37.0533 3060 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
10:55:37.0626 3060 RasMan - ok
10:55:37.0689 3060 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
10:55:37.0751 3060 RasPppoe - ok
10:55:37.0767 3060 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
10:55:37.0845 3060 RasSstp - ok
10:55:37.0938 3060 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
10:55:38.0047 3060 rdbss - ok
10:55:38.0094 3060 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
10:55:38.0110 3060 rdpbus - ok
10:55:38.0157 3060 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
10:55:38.0235 3060 RDPCDD - ok
10:55:38.0250 3060 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
10:55:38.0313 3060 RDPENCDD - ok
10:55:38.0328 3060 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
10:55:38.0406 3060 RDPREFMP - ok
10:55:38.0453 3060 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
10:55:38.0515 3060 RDPWD - ok
10:55:38.0609 3060 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
10:55:38.0625 3060 rdyboost - ok
10:55:38.0671 3060 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
10:55:38.0734 3060 RemoteAccess - ok
10:55:38.0796 3060 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
10:55:38.0859 3060 RemoteRegistry - ok
10:55:38.0890 3060 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
10:55:38.0968 3060 RpcEptMapper - ok
10:55:38.0999 3060 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
10:55:39.0015 3060 RpcLocator - ok
10:55:39.0093 3060 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
10:55:39.0171 3060 RpcSs - ok
10:55:39.0217 3060 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
10:55:39.0295 3060 rspndr - ok
10:55:39.0327 3060 RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\windows\system32\drivers\RtHDMIVX.sys
10:55:39.0358 3060 RTHDMIAzAudService - ok
10:55:39.0436 3060 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
10:55:39.0467 3060 RTL8167 - ok
10:55:39.0514 3060 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:55:39.0529 3060 SamSs - ok
10:55:39.0654 3060 SamsungAllShareV2.0 (8325093bdae38247a8482ab0a1bc37ce) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
10:55:39.0685 3060 SamsungAllShareV2.0 - ok
10:55:39.0732 3060 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
10:55:39.0779 3060 sbp2port - ok
10:55:39.0826 3060 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
10:55:39.0873 3060 SCardSvr - ok
10:55:39.0904 3060 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
10:55:39.0997 3060 scfilter - ok
10:55:40.0107 3060 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
10:55:40.0216 3060 Schedule - ok
10:55:40.0263 3060 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
10:55:40.0309 3060 SCPolicySvc - ok
10:55:40.0356 3060 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
10:55:40.0372 3060 sdbus - ok
10:55:40.0434 3060 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
10:55:40.0481 3060 SDRSVC - ok
10:55:40.0621 3060 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:55:40.0653 3060 SeaPort - ok
10:55:40.0699 3060 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
10:55:40.0793 3060 secdrv - ok
10:55:40.0824 3060 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
10:55:40.0902 3060 seclogon - ok
10:55:40.0949 3060 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
10:55:41.0027 3060 SENS - ok
10:55:41.0105 3060 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
10:55:41.0183 3060 SensrSvc - ok
10:55:41.0230 3060 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
10:55:41.0261 3060 Serenum - ok
10:55:41.0292 3060 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
10:55:41.0339 3060 Serial - ok
10:55:41.0401 3060 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
10:55:41.0433 3060 sermouse - ok
10:55:41.0495 3060 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
10:55:41.0573 3060 SessionEnv - ok
10:55:41.0604 3060 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
10:55:41.0651 3060 sffdisk - ok
10:55:41.0682 3060 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
10:55:41.0729 3060 sffp_mmc - ok
10:55:41.0745 3060 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
10:55:41.0791 3060 sffp_sd - ok
10:55:41.0823 3060 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
10:55:41.0869 3060 sfloppy - ok
10:55:41.0947 3060 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
10:55:42.0057 3060 SharedAccess - ok
10:55:42.0119 3060 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
10:55:42.0213 3060 ShellHWDetection - ok
10:55:42.0353 3060 SimpleSlideShowServer (002efe99e9117d8c9feb17ce9cc6af82) C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
10:55:42.0369 3060 SimpleSlideShowServer - ok
10:55:42.0415 3060 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
10:55:42.0431 3060 SiSRaid2 - ok
10:55:42.0478 3060 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
10:55:42.0493 3060 SiSRaid4 - ok
10:55:42.0634 3060 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:55:42.0665 3060 SkypeUpdate - ok
10:55:42.0696 3060 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
10:55:42.0774 3060 Smb - ok
10:55:42.0946 3060 smserial (7ae8bca90539ecbde87ac45ba1436be3) C:\windows\system32\DRIVERS\SmSerl64.sys
10:55:43.0008 3060 smserial - ok
10:55:43.0071 3060 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
10:55:43.0117 3060 SNMPTRAP - ok
10:55:43.0149 3060 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
10:55:43.0164 3060 spldr - ok
10:55:43.0258 3060 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
10:55:43.0320 3060 Spooler - ok
10:55:43.0617 3060 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
10:55:43.0788 3060 sppsvc - ok
10:55:43.0929 3060 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
10:55:44.0022 3060 sppuinotify - ok
10:55:44.0131 3060 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
10:55:44.0163 3060 srv - ok
10:55:44.0241 3060 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
10:55:44.0272 3060 srv2 - ok
10:55:44.0319 3060 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
10:55:44.0365 3060 srvnet - ok
10:55:44.0459 3060 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\windows\system32\DRIVERS\ssadbus.sys
10:55:44.0490 3060 ssadbus - ok
10:55:44.0521 3060 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\windows\system32\DRIVERS\ssadmdfl.sys
10:55:44.0537 3060 ssadmdfl - ok
10:55:44.0599 3060 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\windows\system32\DRIVERS\ssadmdm.sys
10:55:44.0646 3060 ssadmdm - ok
10:55:44.0693 3060 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\windows\system32\DRIVERS\ssadserd.sys
10:55:44.0740 3060 ssadserd - ok
10:55:44.0833 3060 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\windows\system32\DRIVERS\sscdbus.sys
10:55:44.0865 3060 sscdbus - ok
10:55:44.0865 3060 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\windows\system32\DRIVERS\sscdmdfl.sys
10:55:44.0880 3060 sscdmdfl - ok
10:55:44.0911 3060 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\windows\system32\DRIVERS\sscdmdm.sys
10:55:44.0943 3060 sscdmdm - ok
10:55:44.0974 3060 sscdserd (05ffa552f578e27ab2d41b6828db477f) C:\windows\system32\DRIVERS\sscdserd.sys
10:55:45.0005 3060 sscdserd - ok
10:55:45.0067 3060 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
10:55:45.0161 3060 SSDPSRV - ok
10:55:45.0192 3060 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
10:55:45.0239 3060 SstpSvc - ok
10:55:45.0301 3060 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\windows\system32\DRIVERS\ssudmdm.sys
10:55:45.0333 3060 ssudmdm - ok
10:55:45.0411 3060 ssudserd (dfb8e60fcad331662a25c1133e6902bb) C:\windows\system32\DRIVERS\ssudserd.sys
10:55:45.0442 3060 ssudserd - ok
10:55:45.0473 3060 StarOpen - ok
10:55:45.0504 3060 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
10:55:45.0520 3060 stexstor - ok
10:55:45.0645 3060 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
10:55:45.0707 3060 stisvc - ok
10:55:45.0738 3060 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
10:55:45.0754 3060 swenum - ok
10:55:45.0832 3060 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
10:55:45.0894 3060 swprv - ok
10:55:46.0003 3060 SynTP (8f63178d1db81bb79270ae55ecdd8321) C:\windows\system32\DRIVERS\SynTP.sys
10:55:46.0019 3060 SynTP - ok
10:55:46.0206 3060 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
10:55:46.0300 3060 SysMain - ok
10:55:46.0471 3060 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
10:55:46.0518 3060 TabletInputService - ok
10:55:46.0596 3060 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
10:55:46.0674 3060 TapiSrv - ok
10:55:46.0705 3060 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
10:55:46.0783 3060 TBS - ok
10:55:47.0002 3060 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
10:55:47.0080 3060 Tcpip - ok
10:55:47.0423 3060 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
10:55:47.0485 3060 TCPIP6 - ok
10:55:47.0641 3060 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
10:55:47.0735 3060 tcpipreg - ok
10:55:47.0751 3060 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
10:55:47.0782 3060 TDPIPE - ok
10:55:47.0829 3060 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
10:55:47.0860 3060 TDTCP - ok
10:55:47.0922 3060 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
10:55:48.0000 3060 tdx - ok
10:55:48.0047 3060 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
10:55:48.0078 3060 TermDD - ok
10:55:48.0141 3060 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
10:55:48.0203 3060 TermService - ok
10:55:48.0250 3060 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\windows\System32\Drivers\TFsExDisk.sys
10:55:48.0265 3060 TFsExDisk - ok
10:55:48.0297 3060 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
10:55:48.0375 3060 Themes - ok
10:55:48.0421 3060 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
10:55:48.0468 3060 THREADORDER - ok
10:55:48.0546 3060 TlntSvr (519cb7d7f697f4ba47de05845c20f158) C:\windows\System32\tlntsvr.exe
10:55:48.0593 3060 TlntSvr - ok
10:55:48.0655 3060 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
10:55:48.0733 3060 TrkWks - ok
10:55:48.0827 3060 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
10:55:48.0889 3060 TrustedInstaller - ok
10:55:48.0936 3060 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
10:55:48.0983 3060 tssecsrv - ok
10:55:49.0108 3060 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
10:55:49.0139 3060 TsUsbFlt - ok
10:55:49.0264 3060 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
10:55:49.0357 3060 tunnel - ok
10:55:49.0545 3060 TVersityMediaServer (06bccb3bf0d06adccc4ebc8ef682dd59) C:\ProgramData\TVersity\Media Server\MediaServer.exe
10:55:49.0607 3060 TVersityMediaServer - ok
10:55:49.0810 3060 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
10:55:49.0825 3060 uagp35 - ok
10:55:49.0919 3060 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
10:55:50.0044 3060 udfs - ok
10:55:50.0075 3060 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
10:55:50.0122 3060 UI0Detect - ok
10:55:50.0184 3060 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
10:55:50.0200 3060 uliagpkx - ok
10:55:50.0278 3060 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
10:55:50.0293 3060 umbus - ok
10:55:50.0340 3060 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
10:55:50.0371 3060 UmPass - ok
10:55:50.0652 3060 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:55:50.0730 3060 UNS - ok
10:55:50.0902 3060 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
10:55:51.0042 3060 upnphost - ok
10:55:51.0105 3060 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
10:55:51.0136 3060 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
10:55:51.0136 3060 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
10:55:51.0183 3060 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
10:55:51.0214 3060 usbccgp - ok
10:55:51.0261 3060 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
10:55:51.0292 3060 usbcir - ok
10:55:51.0339 3060 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
10:55:51.0370 3060 usbehci - ok
10:55:51.0432 3060 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
10:55:51.0479 3060 usbhub - ok
10:55:51.0510 3060 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
10:55:51.0541 3060 usbohci - ok
10:55:51.0588 3060 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
10:55:51.0619 3060 usbprint - ok
10:55:51.0682 3060 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
10:55:51.0729 3060 usbscan - ok
10:55:51.0791 3060 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
10:55:51.0822 3060 USBSTOR - ok
10:55:51.0931 3060 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
10:55:51.0963 3060 usbuhci - ok
10:55:52.0041 3060 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
10:55:52.0072 3060 usbvideo - ok
10:55:52.0119 3060 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
10:55:52.0197 3060 UxSms - ok
10:55:52.0259 3060 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:55:52.0275 3060 VaultSvc - ok
10:55:52.0353 3060 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
10:55:52.0368 3060 vdrvroot - ok
10:55:52.0446 3060 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
10:55:52.0555 3060 vds - ok
10:55:52.0618 3060 vflt (00c7df4f50962ba218ab60d32869100b) C:\windows\system32\DRIVERS\vfilter.sys
10:55:52.0649 3060 vflt ( UnsignedFile.Multi.Generic ) - warning
10:55:52.0649 3060 vflt - detected UnsignedFile.Multi.Generic (1)
10:55:52.0711 3060 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
10:55:52.0743 3060 vga - ok
10:55:52.0758 3060 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
10:55:52.0821 3060 VgaSave - ok
10:55:52.0883 3060 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
10:55:52.0914 3060 vhdmp - ok
10:55:52.0945 3060 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
10:55:52.0961 3060 viaide - ok
10:55:52.0992 3060 vnet (a99ca064ad11266fe7067a79bf78bbb5) C:\windows\system32\DRIVERS\virtualnet.sys
10:55:53.0023 3060 vnet ( UnsignedFile.Multi.Generic ) - warning
10:55:53.0023 3060 vnet - detected UnsignedFile.Multi.Generic (1)
10:55:53.0086 3060 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
10:55:53.0101 3060 volmgr - ok
10:55:53.0179 3060 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
10:55:53.0195 3060 volmgrx - ok
10:55:53.0273 3060 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
10:55:53.0304 3060 volsnap - ok
10:55:53.0304 3060 vpnva - ok
10:55:53.0367 3060 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
10:55:53.0398 3060 vsmraid - ok
10:55:53.0538 3060 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
10:55:53.0647 3060 VSS - ok
10:55:53.0819 3060 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
10:55:53.0866 3060 vwifibus - ok
10:55:53.0897 3060 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
10:55:53.0944 3060 vwififlt - ok
10:55:53.0991 3060 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
10:55:54.0022 3060 vwifimp - ok
10:55:54.0084 3060 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
10:55:54.0209 3060 W32Time - ok
10:55:54.0225 3060 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
10:55:54.0271 3060 WacomPen - ok
10:55:54.0365 3060 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
10:55:54.0443 3060 WANARP - ok
10:55:54.0459 3060 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
10:55:54.0521 3060 Wanarpv6 - ok
10:55:54.0646 3060 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
10:55:54.0739 3060 wbengine - ok
10:55:54.0895 3060 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
10:55:54.0942 3060 WbioSrvc - ok
10:55:55.0020 3060 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
10:55:55.0114 3060 wcncsvc - ok
10:55:55.0145 3060 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
10:55:55.0161 3060 WcsPlugInService - ok
10:55:55.0239 3060 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
10:55:55.0254 3060 Wd - ok
10:55:55.0301 3060 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
10:55:55.0332 3060 Wdf01000 - ok
10:55:55.0363 3060 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
10:55:55.0395 3060 WdiServiceHost - ok
10:55:55.0410 3060 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
10:55:55.0441 3060 WdiSystemHost - ok
10:55:55.0504 3060 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
10:55:55.0551 3060 WebClient - ok
10:55:55.0597 3060 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
10:55:55.0660 3060 Wecsvc - ok
10:55:55.0691 3060 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
10:55:55.0753 3060 wercplsupport - ok
10:55:55.0800 3060 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
10:55:55.0863 3060 WerSvc - ok
10:55:55.0956 3060 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
10:55:55.0987 3060 WfpLwf - ok
10:55:56.0003 3060 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
10:55:56.0019 3060 WIMMount - ok
10:55:56.0050 3060 WinDefend - ok
10:55:56.0065 3060 WinHttpAutoProxySvc - ok
10:55:56.0143 3060 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
10:55:56.0190 3060 Winmgmt - ok
10:55:56.0331 3060 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
10:55:56.0455 3060 WinRM - ok
10:55:56.0658 3060 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
10:55:56.0689 3060 WinUsb - ok
10:55:56.0783 3060 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
10:55:56.0830 3060 Wlansvc - ok
10:55:56.0877 3060 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
10:55:56.0908 3060 WmiAcpi - ok
10:55:56.0986 3060 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
10:55:57.0033 3060 wmiApSrv - ok
10:55:57.0126 3060 WMPNetworkSvc - ok
10:55:57.0157 3060 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
10:55:57.0204 3060 WPCSvc - ok
10:55:57.0251 3060 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
10:55:57.0267 3060 WPDBusEnum - ok
10:55:57.0298 3060 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
10:55:57.0360 3060 ws2ifsl - ok
10:55:57.0407 3060 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
10:55:57.0438 3060 wscsvc - ok
10:55:57.0438 3060 WSearch - ok
10:55:57.0625 3060 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
10:55:57.0719 3060 wuauserv - ok
10:55:57.0875 3060 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
10:55:57.0937 3060 WudfPf - ok
10:55:57.0969 3060 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
10:55:58.0047 3060 WUDFRd - ok
10:55:58.0093 3060 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
10:55:58.0140 3060 wudfsvc - ok
10:55:58.0187 3060 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
10:55:58.0249 3060 WwanSvc - ok
10:55:58.0327 3060 MBR (0x1B8) (77a4fe43427b9d4037d059eb3f6742a3) \Device\Harddisk0\DR0
10:55:58.0359 3060 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
10:55:58.0359 3060 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
10:55:58.0468 3060 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:55:58.0468 3060 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:55:58.0483 3060 Boot (0x1200) (50a0b6b96dde02ffa90b00ef4b9e76d4) \Device\Harddisk0\DR0\Partition0
10:55:58.0499 3060 \Device\Harddisk0\DR0\Partition0 - ok
10:55:58.0515 3060 Boot (0x1200) (bf218d235dd6e5ac320a49273e5e8a8f) \Device\Harddisk0\DR0\Partition1
10:55:58.0515 3060 \Device\Harddisk0\DR0\Partition1 - ok
10:55:58.0515 3060 ============================================================
10:55:58.0515 3060 Scan finished
10:55:58.0515 3060 ============================================================
10:55:58.0546 2560 Detected object count: 8
10:55:58.0546 2560 Actual detected object count: 8
10:58:05.0639 2560 Connectify ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:05.0639 2560 Connectify ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:58:05.0639 2560 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:05.0639 2560 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:58:05.0639 2560 Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:05.0639 2560 Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:58:05.0655 2560 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:05.0655 2560 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:58:05.0655 2560 vflt ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:05.0655 2560 vflt ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:58:05.0655 2560 vnet ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:05.0655 2560 vnet ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:58:06.0606 2560 \Device\Harddisk0\DR0\# - copied to quarantine
10:58:06.0606 2560 \Device\Harddisk0\DR0 - copied to quarantine
10:58:06.0700 2560 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
10:58:06.0700 2560 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
10:58:06.0700 2560 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
10:58:06.0700 2560 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
10:58:06.0700 2560 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
10:58:06.0700 2560 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
10:58:12.0285 2560 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
10:58:12.0581 2560 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
10:58:12.0705 2560 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
10:58:12.0776 2560 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
10:58:12.0875 2560 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
10:58:13.0011 2560 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
10:58:13.0090 2560 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
10:58:13.0209 2560 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
10:58:13.0219 2560 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
10:58:13.0229 2560 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
10:58:13.0229 2560 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
10:58:13.0302 2560 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
10:58:13.0381 2560 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
10:58:16.0821 2560 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
10:58:19.0291 2560 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
10:58:19.0380 2560 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
10:58:19.0480 2560 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
10:58:19.0670 2560 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
10:58:19.0750 2560 \Device\Harddisk0\DR0 - processing error
10:58:31.0158 2560 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
10:58:31.0173 2560 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:58:31.0173 2560 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
10:59:05.0899 4988 ============================================================
10:59:05.0899 4988 Scan started
10:59:05.0899 4988 Mode: Manual; SigCheck; TDLFS;
10:59:05.0899 4988 ============================================================
10:59:06.0071 4988 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
10:59:06.0117 4988 1394ohci - ok
10:59:06.0273 4988 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:59:06.0289 4988 ACDaemon - ok
10:59:06.0383 4988 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
10:59:06.0414 4988 ACPI - ok
10:59:06.0492 4988 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
10:59:06.0523 4988 AcpiPmi - ok
10:59:06.0663 4988 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:59:06.0695 4988 AdobeARMservice - ok
10:59:06.0773 4988 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
10:59:06.0819 4988 adp94xx - ok
10:59:06.0851 4988 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
10:59:06.0866 4988 adpahci - ok
10:59:06.0897 4988 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
10:59:06.0913 4988 adpu320 - ok
10:59:06.0960 4988 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
10:59:07.0007 4988 AeLookupSvc - ok
10:59:07.0100 4988 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
10:59:07.0131 4988 AFD - ok
10:59:07.0178 4988 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
10:59:07.0209 4988 agp440 - ok
10:59:07.0256 4988 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
10:59:07.0272 4988 ALG - ok
10:59:07.0287 4988 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
10:59:07.0303 4988 aliide - ok
10:59:07.0334 4988 AMD External Events Utility (9f5027a7a304a33de3077f523635553a) C:\windows\system32\atiesrxx.exe
10:59:07.0350 4988 AMD External Events Utility - ok
10:59:07.0365 4988 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
10:59:07.0381 4988 amdide - ok
10:59:07.0428 4988 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
10:59:07.0459 4988 AmdK8 - ok
10:59:07.0880 4988 amdkmdag (0c3480807a602519b970088ffb112a70) C:\windows\system32\DRIVERS\atipmdag.sys
10:59:07.0974 4988 amdkmdag - ok
10:59:08.0130 4988 amdkmdap (f031616862c873086b1f3c2b97ee35d5) C:\windows\system32\DRIVERS\atikmpag.sys
10:59:08.0161 4988 amdkmdap - ok
10:59:08.0192 4988 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
10:59:08.0208 4988 AmdPPM - ok
10:59:08.0286 4988 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
10:59:08.0317 4988 amdsata - ok
10:59:08.0348 4988 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
10:59:08.0364 4988 amdsbs - ok
10:59:08.0379 4988 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
10:59:08.0395 4988 amdxata - ok
10:59:08.0442 4988 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\windows\system32\Drivers\ssadadb.sys
10:59:08.0457 4988 androidusb - ok
10:59:08.0520 4988 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
10:59:08.0567 4988 AppID - ok
10:59:08.0582 4988 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
10:59:08.0645 4988 AppIDSvc - ok
10:59:08.0691 4988 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
10:59:08.0738 4988 Appinfo - ok
10:59:08.0910 4988 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:59:08.0925 4988 Apple Mobile Device - ok
10:59:08.0972 4988 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
10:59:08.0988 4988 arc - ok
10:59:09.0019 4988 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
10:59:09.0035 4988 arcsas - ok
10:59:09.0081 4988 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
10:59:09.0097 4988 ArcSoftKsUFilter - ok
10:59:09.0113 4988 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\windows\system32\drivers\aswFsBlk.sys
10:59:09.0144 4988 aswFsBlk - ok
10:59:09.0175 4988 aswFW (f3cfbc0aa2b8bd665a2ccf1ba9e65919) C:\windows\system32\drivers\aswFW.sys
10:59:09.0191 4988 aswFW - ok
10:59:09.0222 4988 aswKbd (c42d45089fd2ec63d13571362c258dc6) C:\windows\system32\drivers\aswKbd.sys
10:59:09.0237 4988 aswKbd - ok
10:59:09.0269 4988 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\windows\system32\drivers\aswMonFlt.sys
10:59:09.0284 4988 aswMonFlt - ok
10:59:09.0300 4988 aswNdis (518b8d447a1975ab46da093a2e743256) C:\windows\system32\DRIVERS\aswNdis.sys
10:59:09.0315 4988 aswNdis - ok
10:59:09.0362 4988 aswNdis2 (80a43cef831664c404c73564ccf4b8b1) C:\windows\system32\drivers\aswNdis2.sys
10:59:09.0378 4988 aswNdis2 - ok
10:59:09.0409 4988 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\windows\System32\Drivers\aswrdr2.sys
10:59:09.0425 4988 aswRdr - ok
10:59:09.0518 4988 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\windows\system32\drivers\aswSnx.sys
10:59:09.0565 4988 aswSnx - ok
10:59:09.0612 4988 aswSP (3610ca74a69e380424f0452dec5c1317) C:\windows\system32\drivers\aswSP.sys
10:59:09.0627 4988 aswSP - ok
10:59:09.0659 4988 aswTdi (87de3e31cb0091d22351349869324065) C:\windows\system32\drivers\aswTdi.sys
10:59:09.0674 4988 aswTdi - ok
10:59:09.0705 4988 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
10:59:09.0752 4988 AsyncMac - ok
10:59:09.0799 4988 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
10:59:09.0830 4988 atapi - ok
10:59:10.0127 4988 athr (a5e770426d18f8ef332a593f3289da91) C:\windows\system32\DRIVERS\athrx.sys
10:59:10.0173 4988 athr - ok
10:59:10.0361 4988 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\windows\system32\drivers\AtiHdmi.sys
10:59:10.0376 4988 AtiHdmiService - ok
10:59:10.0813 4988 atikmdag (0c3480807a602519b970088ffb112a70) C:\windows\system32\DRIVERS\atikmdag.sys
10:59:10.0907 4988 atikmdag - ok
10:59:11.0141 4988 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
10:59:11.0203 4988 AudioEndpointBuilder - ok
10:59:11.0203 4988 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
10:59:11.0265 4988 AudioSrv - ok
10:59:11.0499 4988 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:59:11.0531 4988 avast! Antivirus - ok
10:59:11.0562 4988 avast! Firewall (465a17095eb3b9e101429b669f495d01) C:\Program Files\AVAST Software\Avast\afwServ.exe
10:59:11.0593 4988 avast! Firewall - ok
10:59:11.0640 4988 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
10:59:11.0671 4988 AxInstSV - ok
10:59:11.0780 4988 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
10:59:11.0811 4988 b06bdrv - ok
10:59:11.0843 4988 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
10:59:11.0858 4988 b57nd60a - ok
10:59:11.0905 4988 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
10:59:11.0921 4988 BDESVC - ok
10:59:11.0936 4988 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
10:59:11.0983 4988 Beep - ok
10:59:12.0077 4988 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
10:59:12.0155 4988 BFE - ok
10:59:12.0264 4988 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
10:59:12.0326 4988 BITS - ok
10:59:12.0404 4988 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
10:59:12.0435 4988 blbdrive - ok
10:59:12.0576 4988 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:59:12.0591 4988 Bonjour Service - ok
10:59:12.0638 4988 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
10:59:12.0685 4988 bowser - ok
10:59:12.0716 4988 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
10:59:12.0747 4988 BrFiltLo - ok
10:59:12.0763 4988 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
10:59:12.0779 4988 BrFiltUp - ok
10:59:12.0857 4988 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
10:59:12.0935 4988 Browser - ok
10:59:12.0981 4988 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
10:59:12.0997 4988 Brserid - ok
10:59:13.0028 4988 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
10:59:13.0044 4988 BrSerWdm - ok
10:59:13.0059 4988 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
10:59:13.0075 4988 BrUsbMdm - ok
10:59:13.0075 4988 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
10:59:13.0091 4988 BrUsbSer - ok
10:59:13.0122 4988 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
10:59:13.0137 4988 BTHMODEM - ok
10:59:13.0184 4988 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
10:59:13.0247 4988 bthserv - ok
10:59:13.0262 4988 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
10:59:13.0309 4988 cdfs - ok
10:59:13.0371 4988 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
10:59:13.0418 4988 cdrom - ok
10:59:13.0465 4988 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
10:59:13.0512 4988 CertPropSvc - ok
10:59:13.0527 4988 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
10:59:13.0543 4988 circlass - ok
10:59:13.0605 4988 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
10:59:13.0621 4988 CLFS - ok
10:59:13.0730 4988 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:59:13.0746 4988 clr_optimization_v2.0.50727_32 - ok
10:59:13.0839 4988 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:59:13.0871 4988 clr_optimization_v2.0.50727_64 - ok
10:59:13.0980 4988 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:59:14.0011 4988 clr_optimization_v4.0.30319_32 - ok
10:59:14.0058 4988 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:59:14.0073 4988 clr_optimization_v4.0.30319_64 - ok
10:59:14.0105 4988 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
10:59:14.0136 4988 CmBatt - ok
10:59:14.0183 4988 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
10:59:14.0214 4988 cmdide - ok
10:59:14.0323 4988 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
10:59:14.0370 4988 CNG - ok
10:59:14.0417 4988 cnnctfy2 (040ff3b09f26926a3792e047db0f47dd) C:\windows\system32\DRIVERS\cnnctfy2.sys
10:59:14.0448 4988 cnnctfy2 - ok
10:59:14.0479 4988 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
10:59:14.0495 4988 Compbatt - ok
10:59:14.0526 4988 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
10:59:14.0557 4988 CompositeBus - ok
10:59:14.0557 4988 COMSysApp - ok
10:59:14.0651 4988 Connectify (4dbc76cfc9a53d7f39bfc2dc8d505b0d) C:\Program Files (x86)\Connectify\ConnectifyService.exe
10:59:14.0651 4988 Connectify ( UnsignedFile.Multi.Generic ) - warning
10:59:14.0651 4988 Connectify - detected UnsignedFile.Multi.Generic (1)
10:59:14.0682 4988 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
10:59:14.0697 4988 crcdisk - ok
10:59:14.0775 4988 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
10:59:14.0838 4988 CryptSvc - ok
10:59:14.0947 4988 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
10:59:14.0994 4988 DcomLaunch - ok
10:59:15.0072 4988 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
10:59:15.0119 4988 defragsvc - ok
10:59:15.0150 4988 de_serv - ok
10:59:15.0212 4988 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
10:59:15.0259 4988 DfsC - ok
10:59:15.0259 4988 dgderdrv - ok
10:59:15.0321 4988 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\windows\system32\DRIVERS\ssudbus.sys
10:59:15.0337 4988 dg_ssudbus - ok
10:59:15.0415 4988 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
10:59:15.0477 4988 Dhcp - ok
10:59:15.0509 4988 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
10:59:15.0571 4988 discache - ok
10:59:15.0618 4988 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
10:59:15.0649 4988 Disk - ok
10:59:15.0743 4988 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
10:59:15.0774 4988 Dnscache - ok
10:59:15.0836 4988 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
10:59:15.0914 4988 dot3svc - ok
10:59:15.0961 4988 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
10:59:16.0039 4988 DPS - ok
10:59:16.0055 4988 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
10:59:16.0086 4988 drmkaud - ok
10:59:16.0195 4988 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
10:59:16.0226 4988 DXGKrnl - ok
10:59:16.0273 4988 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
10:59:16.0335 4988 EapHost - ok
10:59:16.0632 4988 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
10:59:16.0694 4988 ebdrv - ok
10:59:16.0866 4988 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
10:59:16.0881 4988 EFS - ok
10:59:17.0022 4988 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
10:59:17.0053 4988 ehRecvr - ok
10:59:17.0084 4988 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
10:59:17.0100 4988 ehSched - ok
10:59:17.0225 4988 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
10:59:17.0256 4988 elxstor - ok
10:59:17.0318 4988 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
10:59:17.0365 4988 ErrDev - ok
10:59:17.0381 4988 EUCR (89d11159b361dd1eac5dd4e9895c04a4) C:\windows\system32\DRIVERS\EUCR6SK.SYS
10:59:17.0396 4988 EUCR - ok
10:59:17.0474 4988 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
10:59:17.0568 4988 EventSystem - ok
10:59:17.0599 4988 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
10:59:17.0646 4988 exfat - ok
10:59:17.0677 4988 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
10:59:17.0724 4988 fastfat - ok
10:59:17.0817 4988 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
10:59:17.0864 4988 Fax - ok
10:59:17.0880 4988 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
10:59:17.0895 4988 fdc - ok
10:59:17.0927 4988 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
10:59:17.0973 4988 fdPHost - ok
10:59:17.0989 4988 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
10:59:18.0036 4988 FDResPub - ok
10:59:18.0067 4988 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
10:59:18.0083 4988 FileInfo - ok
10:59:18.0145 4988 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
10:59:18.0207 4988 Filetrace - ok
10:59:18.0395 4988 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:59:18.0410 4988 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
10:59:18.0410 4988 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
10:59:18.0426 4988 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
10:59:18.0457 4988 flpydisk - ok
10:59:18.0551 4988 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
10:59:18.0582 4988 FltMgr - ok
10:59:18.0722 4988 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
10:59:18.0769 4988 FontCache - ok
10:59:18.0863 4988 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:59:18.0894 4988 FontCache3.0.0.0 - ok
10:59:18.0941 4988 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
10:59:18.0956 4988 FsDepends - ok
10:59:19.0003 4988 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
10:59:19.0034 4988 Fs_Rec - ok
10:59:19.0097 4988 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
10:59:19.0128 4988 fvevol - ok
10:59:19.0159 4988 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
10:59:19.0175 4988 gagp30kx - ok
10:59:19.0221 4988 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
10:59:19.0237 4988 GEARAspiWDM - ok
10:59:19.0346 4988 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
10:59:19.0424 4988 gpsvc - ok
10:59:19.0580 4988 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:59:19.0596 4988 gupdate - ok
10:59:19.0611 4988 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:59:19.0627 4988 gupdatem - ok
10:59:19.0674 4988 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:59:19.0689 4988 gusvc - ok
10:59:19.0721 4988 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
10:59:19.0736 4988 hcw85cir - ok
10:59:19.0799 4988 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
10:59:19.0830 4988 HdAudAddService - ok
10:59:19.0861 4988 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
10:59:19.0877 4988 HDAudBus - ok
10:59:19.0908 4988 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
10:59:19.0923 4988 HECIx64 - ok
10:59:19.0939 4988 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
10:59:19.0955 4988 HidBatt - ok
10:59:19.0970 4988 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
10:59:19.0986 4988 HidBth - ok
10:59:20.0001 4988 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
10:59:20.0017 4988 HidIr - ok
10:59:20.0048 4988 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
10:59:20.0095 4988 hidserv - ok
10:59:20.0142 4988 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
10:59:20.0173 4988 HidUsb - ok
10:59:20.0235 4988 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
10:59:20.0298 4988 hkmsvc - ok
10:59:20.0360 4988 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
10:59:20.0376 4988 HomeGroupListener - ok
10:59:20.0454 4988 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
10:59:20.0501 4988 HomeGroupProvider - ok
10:59:20.0547 4988 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
10:59:20.0579 4988 HpSAMD - ok
10:59:20.0688 4988 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
10:59:20.0750 4988 HTTP - ok
10:59:20.0797 4988 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
10:59:20.0828 4988 hwpolicy - ok
10:59:20.0875 4988 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
10:59:20.0906 4988 i8042prt - ok
10:59:20.0984 4988 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys
10:59:21.0015 4988 iaStor - ok
10:59:21.0156 4988 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:59:21.0171 4988 IAStorDataMgrSvc - ok
10:59:21.0265 4988 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
10:59:21.0312 4988 iaStorV - ok
10:59:21.0468 4988 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:59:21.0499 4988 idsvc - ok
10:59:21.0546 4988 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
10:59:21.0561 4988 iirsp - ok
10:59:21.0671 4988 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
10:59:21.0749 4988 IKEEXT - ok
10:59:21.0764 4988 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\windows\system32\DRIVERS\Impcd.sys
10:59:21.0780 4988 Impcd - ok
10:59:21.0983 4988 IntcAzAudAddService (e9befd8c6a1db3b544b61647dda35f62) C:\windows\system32\drivers\RTKVHD64.sys
10:59:22.0045 4988 IntcAzAudAddService - ok
10:59:22.0217 4988 IntcDAud (da24c1f66ee1b5a92e045376d7a44b58) C:\windows\system32\DRIVERS\IntcDAud.sys
10:59:22.0248 4988 IntcDAud - ok
10:59:22.0310 4988 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
10:59:22.0326 4988 intelide - ok
10:59:22.0903 4988 intelkmd (31d1aff484d8a0906cf8d44251ec390f) C:\windows\system32\DRIVERS\igdpmd64.sys
10:59:23.0012 4988 intelkmd - ok
10:59:23.0168 4988 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
10:59:23.0199 4988 intelppm - ok
10:59:23.0246 4988 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
10:59:23.0309 4988 IPBusEnum - ok
10:59:23.0355 4988 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
10:59:23.0402 4988 IpFilterDriver - ok
10:59:23.0496 4988 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
10:59:23.0558 4988 iphlpsvc - ok
10:59:23.0621 4988 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
10:59:23.0636 4988 IPMIDRV - ok
10:59:23.0683 4988 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
10:59:23.0745 4988 IPNAT - ok
10:59:23.0886 4988 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
10:59:23.0933 4988 iPod Service - ok
10:59:23.0948 4988 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
10:59:23.0979 4988 IRENUM - ok
10:59:24.0042 4988 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
10:59:24.0057 4988 isapnp - ok
10:59:24.0135 4988 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
10:59:24.0167 4988 iScsiPrt - ok
10:59:24.0198 4988 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
10:59:24.0213 4988 kbdclass - ok
10:59:24.0291 4988 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
10:59:24.0323 4988 kbdhid - ok
10:59:24.0369 4988 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:59:24.0401 4988 KeyIso - ok
10:59:24.0463 4988 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
10:59:24.0494 4988 KSecDD - ok
10:59:24.0557 4988 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
10:59:24.0588 4988 KSecPkg - ok
10:59:24.0619 4988 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
10:59:24.0650 4988 ksthunk - ok
10:59:24.0713 4988 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
10:59:24.0775 4988 KtmRm - ok
10:59:24.0853 4988 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
10:59:24.0915 4988 LanmanServer - ok
10:59:24.0962 4988 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
10:59:25.0009 4988 LanmanWorkstation - ok
10:59:25.0040 4988 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
10:59:25.0087 4988 lltdio - ok
10:59:25.0165 4988 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
10:59:25.0227 4988 lltdsvc - ok
10:59:25.0259 4988 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
10:59:25.0305 4988 lmhosts - ok
10:59:25.0446 4988 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:59:25.0477 4988 LMS - ok
10:59:25.0539 4988 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
10:59:25.0555 4988 LSI_FC - ok
10:59:25.0586 4988 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
10:59:25.0602 4988 LSI_SAS - ok
10:59:25.0617 4988 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
10:59:25.0617 4988 LSI_SAS2 - ok
10:59:25.0649 4988 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
10:59:25.0664 4988 LSI_SCSI - ok
10:59:25.0695 4988 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
10:59:25.0742 4988 luafv - ok
10:59:25.0742 4988 MBAMProtector - ok
10:59:25.0867 4988 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:59:25.0898 4988 MBAMService - ok
10:59:25.0961 4988 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
10:59:25.0992 4988 Mcx2Svc - ok
10:59:26.0007 4988 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
10:59:26.0023 4988 megasas - ok
10:59:26.0085 4988 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
10:59:26.0117 4988 MegaSR - ok
10:59:26.0210 4988 Micro Star SCM (71c6748ee8de938532057ef10b4b7e44) C:\Program Files (x86)\System Control Manager\MSIService.exe
10:59:26.0226 4988 Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
10:59:26.0226 4988 Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
10:59:26.0273 4988 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
10:59:26.0335 4988 MMCSS - ok
10:59:26.0335 4988 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
10:59:26.0382 4988 Modem - ok
10:59:26.0413 4988 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
10:59:26.0444 4988 monitor - ok
10:59:26.0475 4988 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
10:59:26.0507 4988 mouclass - ok
10:59:26.0522 4988 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
10:59:26.0538 4988 mouhid - ok
10:59:26.0600 4988 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
10:59:26.0616 4988 mountmgr - ok
10:59:26.0694 4988 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:59:26.0709 4988 MozillaMaintenance - ok
10:59:26.0772 4988 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
10:59:26.0803 4988 mpio - ok
10:59:26.0834 4988 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
10:59:26.0881 4988 mpsdrv - ok
10:59:27.0006 4988 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
10:59:27.0084 4988 MpsSvc - ok
10:59:27.0162 4988 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
10:59:27.0193 4988 MRxDAV - ok
10:59:27.0271 4988 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
10:59:27.0302 4988 mrxsmb - ok
10:59:27.0380 4988 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
10:59:27.0411 4988 mrxsmb10 - ok
10:59:27.0489 4988 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
10:59:27.0521 4988 mrxsmb20 - ok
10:59:27.0583 4988 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
10:59:27.0614 4988 msahci - ok
10:59:27.0692 4988 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
10:59:27.0723 4988 msdsm - ok
10:59:27.0801 4988 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
10:59:27.0817 4988 MSDTC - ok
10:59:27.0864 4988 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
10:59:27.0926 4988 Msfs - ok
10:59:27.0989 4988 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
10:59:28.0035 4988 mshidkmdf - ok
10:59:28.0098 4988 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
10:59:28.0129 4988 msisadrv - ok
10:59:28.0176 4988 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
10:59:28.0223 4988 MSiSCSI - ok
10:59:28.0223 4988 msiserver - ok
10:59:28.0254 4988 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
10:59:28.0285 4988 MSKSSRV - ok
10:59:28.0301 4988 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
10:59:28.0347 4988 MSPCLOCK - ok
10:59:28.0347 4988 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
10:59:28.0394 4988 MSPQM - ok
10:59:28.0472 4988 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
10:59:28.0488 4988 MsRPC - ok
10:59:28.0535 4988 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
10:59:28.0550 4988 mssmbios - ok
10:59:28.0566 4988 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
10:59:28.0613 4988 MSTEE - ok
10:59:28.0628 4988 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
10:59:28.0644 4988 MTConfig - ok
10:59:28.0659 4988 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
10:59:28.0675 4988 Mup - ok
10:59:28.0784 4988 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
10:59:28.0831 4988 napagent - ok
10:59:28.0878 4988 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
10:59:28.0925 4988 NativeWifiP - ok
10:59:29.0065 4988 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
10:59:29.0096 4988 NDIS - ok
10:59:29.0143 4988 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
10:59:29.0190 4988 NdisCap - ok
10:59:29.0205 4988 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
10:59:29.0252 4988 NdisTapi - ok
10:59:29.0315 4988 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
10:59:29.0377 4988 Ndisuio - ok
10:59:29.0455 4988 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
10:59:29.0517 4988 NdisWan - ok
10:59:29.0595 4988 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
10:59:29.0642 4988 NDProxy - ok
10:59:29.0705 4988 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
10:59:29.0767 4988 NetBIOS - ok
10:59:29.0861 4988 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
10:59:29.0939 4988 NetBT - ok
10:59:29.0985 4988 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:59:30.0017 4988 Netlogon - ok
10:59:30.0079 4988 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
10:59:30.0141 4988 Netman - ok
10:59:30.0204 4988 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
10:59:30.0266 4988 netprofm - ok
10:59:30.0360 4988 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:59:30.0391 4988 NetTcpPortSharing - ok
10:59:30.0438 4988 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
10:59:30.0469 4988 nfrd960 - ok
10:59:30.0547 4988 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
10:59:30.0609 4988 NlaSvc - ok
10:59:30.0641 4988 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
10:59:30.0687 4988 Npfs - ok
10:59:30.0703 4988 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
10:59:30.0750 4988 nsi - ok
10:59:30.0765 4988 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
10:59:30.0812 4988 nsiproxy - ok
10:59:30.0984 4988 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
10:59:31.0031 4988 Ntfs - ok
10:59:31.0202 4988 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
10:59:31.0265 4988 Null - ok
10:59:31.0343 4988 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
10:59:31.0374 4988 nvraid - ok
10:59:31.0452 4988 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
10:59:31.0483 4988 nvstor - ok
10:59:31.0530 4988 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
10:59:31.0545 4988 nv_agp - ok
10:59:31.0733 4988 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:59:31.0764 4988 odserv - ok
10:59:31.0826 4988 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
10:59:31.0857 4988 ohci1394 - ok
10:59:31.0904 4988 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:59:31.0920 4988 ose - ok
10:59:31.0982 4988 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
10:59:32.0029 4988 p2pimsvc - ok
10:59:32.0076 4988 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
10:59:32.0091 4988 p2psvc - ok
10:59:32.0138 4988 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
10:59:32.0169 4988 Parport - ok
10:59:32.0232 4988 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
10:59:32.0247 4988 partmgr - ok
10:59:32.0294 4988 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
10:59:32.0341 4988 PcaSvc - ok
10:59:32.0419 4988 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
10:59:32.0450 4988 pci - ok
10:59:32.0497 4988 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
10:59:32.0528 4988 pciide - ok
10:59:32.0575 4988 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
10:59:32.0606 4988 pcmcia - ok
10:59:32.0622 4988 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
10:59:32.0637 4988 pcw - ok
10:59:32.0700 4988 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
10:59:32.0762 4988 PEAUTH - ok
10:59:32.0871 4988 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
10:59:32.0887 4988 PerfHost - ok
10:59:33.0090 4988 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
10:59:33.0168 4988 pla - ok
10:59:33.0277 4988 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
10:59:33.0308 4988 PlugPlay - ok
10:59:33.0324 4988 PnkBstrA - ok
10:59:33.0355 4988 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
10:59:33.0371 4988 PNRPAutoReg - ok
10:59:33.0417 4988 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
10:59:33.0433 4988 PNRPsvc - ok
10:59:33.0542 4988 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
10:59:33.0605 4988 PolicyAgent - ok
10:59:33.0651 4988 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
10:59:33.0698 4988 Power - ok
10:59:33.0807 4988 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
10:59:33.0870 4988 PptpMiniport - ok
10:59:33.0901 4988 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
10:59:33.0917 4988 Processor - ok
10:59:33.0995 4988 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
10:59:34.0057 4988 ProfSvc - ok
10:59:34.0104 4988 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:59:34.0135 4988 ProtectedStorage - ok
10:59:34.0197 4988 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
10:59:34.0260 4988 Psched - ok
10:59:34.0400 4988 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
10:59:34.0463 4988 ql2300 - ok
10:59:34.0634 4988 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
10:59:34.0650 4988 ql40xx - ok
10:59:34.0712 4988 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
10:59:34.0759 4988 QWAVE - ok
10:59:34.0775 4988 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
10:59:34.0790 4988 QWAVEdrv - ok
10:59:34.0806 4988 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
10:59:34.0853 4988 RasAcd - ok
10:59:34.0884 4988 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
10:59:34.0931 4988 RasAgileVpn - ok
10:59:34.0962 4988 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
10:59:35.0009 4988 RasAuto - ok
10:59:35.0071 4988 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
10:59:35.0118 4988 Rasl2tp - ok
10:59:35.0196 4988 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
10:59:35.0258 4988 RasMan - ok
10:59:35.0305 4988 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
10:59:35.0352 4988 RasPppoe - ok
10:59:35.0383 4988 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
10:59:35.0430 4988 RasSstp - ok
10:59:35.0508 4988 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
10:59:35.0570 4988 rdbss - ok
10:59:35.0586 4988 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
10:59:35.0601 4988 rdpbus - ok
10:59:35.0617 4988 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
10:59:35.0664 4988 RDPCDD - ok
10:59:35.0679 4988 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
10:59:35.0711 4988 RDPENCDD - ok
10:59:35.0726 4988 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
10:59:35.0773 4988 RDPREFMP - ok
10:59:35.0835 4988 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
10:59:35.0867 4988 RDPWD - ok
10:59:35.0945 4988 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
10:59:35.0976 4988 rdyboost - ok
10:59:36.0007 4988 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
10:59:36.0069 4988 RemoteAccess - ok
10:59:36.0116 4988 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
10:59:36.0163 4988 RemoteRegistry - ok
10:59:36.0179 4988 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
10:59:36.0225 4988 RpcEptMapper - ok
10:59:36.0257 4988 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
10:59:36.0272 4988 RpcLocator - ok
10:59:36.0366 4988 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
10:59:36.0428 4988 RpcSs - ok
10:59:36.0459 4988 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
10:59:36.0506 4988 rspndr - ok
10:59:36.0553 4988 RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\windows\system32\drivers\RtHDMIVX.sys
10:59:36.0584 4988 RTHDMIAzAudService - ok
10:59:36.0662 4988 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
10:59:36.0709 4988 RTL8167 - ok
10:59:36.0756 4988 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:59:36.0771 4988 SamSs - ok
10:59:36.0881 4988 SamsungAllShareV2.0 (8325093bdae38247a8482ab0a1bc37ce) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
10:59:36.0912 4988 SamsungAllShareV2.0 - ok
10:59:36.0974 4988 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
10:59:36.0990 4988 sbp2port - ok
10:59:37.0037 4988 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
10:59:37.0099 4988 SCardSvr - ok
10:59:37.0146 4988 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
10:59:37.0193 4988 scfilter - ok
10:59:37.0317 4988 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
10:59:37.0395 4988 Schedule - ok
10:59:37.0442 4988 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
10:59:37.0489 4988 SCPolicySvc - ok
10:59:37.0551 4988 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
10:59:37.0567 4988 sdbus - ok
10:59:37.0629 4988 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
10:59:37.0661 4988 SDRSVC - ok
10:59:37.0785 4988 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:59:37.0817 4988 SeaPort - ok
10:59:37.0832 4988 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
10:59:37.0879 4988 secdrv - ok
10:59:37.0941 4988 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
10:59:38.0004 4988 seclogon - ok
10:59:38.0035 4988 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
10:59:38.0097 4988 SENS - ok
10:59:38.0113 4988 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
10:59:38.0129 4988 SensrSvc - ok
10:59:38.0160 4988 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
10:59:38.0175 4988 Serenum - ok
10:59:38.0207 4988 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
10:59:38.0222 4988 Serial - ok
10:59:38.0269 4988 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
10:59:38.0300 4988 sermouse - ok
10:59:38.0378 4988 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
10:59:38.0441 4988 SessionEnv - ok
10:59:38.0487 4988 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
10:59:38.0503 4988 sffdisk - ok
10:59:38.0519 4988 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
10:59:38.0534 4988 sffp_mmc - ok
10:59:38.0534 4988 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
10:59:38.0565 4988 sffp_sd - ok
10:59:38.0597 4988 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
10:59:38.0612 4988 sfloppy - ok
10:59:38.0690 4988 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
10:59:38.0753 4988 SharedAccess - ok
10:59:38.0831 4988 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
10:59:38.0893 4988 ShellHWDetection - ok
10:59:38.0987 4988 SimpleSlideShowServer (002efe99e9117d8c9feb17ce9cc6af82) C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
10:59:39.0002 4988 SimpleSlideShowServer - ok
10:59:39.0049 4988 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
10:59:39.0065 4988 SiSRaid2 - ok
10:59:39.0111 4988 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
10:59:39.0127 4988 SiSRaid4 - ok
10:59:39.0252 4988 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:59:39.0267 4988 SkypeUpdate - ok
10:59:39.0299 4988 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
10:59:39.0345 4988 Smb - ok
10:59:39.0470 4988 smserial (7ae8bca90539ecbde87ac45ba1436be3) C:\windows\system32\DRIVERS\SmSerl64.sys
10:59:39.0517 4988 smserial - ok
10:59:39.0548 4988 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
10:59:39.0564 4988 SNMPTRAP - ok
10:59:39.0579 4988 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
10:59:39.0595 4988 spldr - ok
10:59:39.0689 4988 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
10:59:39.0767 4988 Spooler - ok
10:59:40.0063 4988 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
10:59:40.0141 4988 sppsvc - ok
10:59:40.0297 4988 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
10:59:40.0359 4988 sppuinotify - ok
10:59:40.0453 4988 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
10:59:40.0484 4988 srv - ok
10:59:40.0562 4988 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
10:59:40.0609 4988 srv2 - ok
10:59:40.0640 4988 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
10:59:40.0656 4988 srvnet - ok
10:59:40.0718 4988 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\windows\system32\DRIVERS\ssadbus.sys
10:59:40.0749 4988 ssadbus - ok
10:59:40.0796 4988 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\windows\system32\DRIVERS\ssadmdfl.sys
10:59:40.0812 4988 ssadmdfl - ok
10:59:40.0874 4988 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\windows\system32\DRIVERS\ssadmdm.sys
10:59:40.0905 4988 ssadmdm - ok
10:59:40.0937 4988 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\windows\system32\DRIVERS\ssadserd.sys
10:59:40.0952 4988 ssadserd - ok
10:59:40.0999 4988 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\windows\system32\DRIVERS\sscdbus.sys
10:59:41.0030 4988 sscdbus - ok
10:59:41.0030 4988 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\windows\system32\DRIVERS\sscdmdfl.sys
10:59:41.0046 4988 sscdmdfl - ok
10:59:41.0077 4988 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\windows\system32\DRIVERS\sscdmdm.sys
10:59:41.0093 4988 sscdmdm - ok
10:59:41.0124 4988 sscdserd (05ffa552f578e27ab2d41b6828db477f) C:\windows\system32\DRIVERS\sscdserd.sys
10:59:41.0124 4988 sscdserd - ok
10:59:41.0202 4988 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
10:59:41.0264 4988 SSDPSRV - ok
10:59:41.0280 4988 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
10:59:41.0327 4988 SstpSvc - ok
10:59:41.0405 4988 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\windows\system32\DRIVERS\ssudmdm.sys
10:59:41.0436 4988 ssudmdm - ok
10:59:41.0498 4988 ssudserd (dfb8e60fcad331662a25c1133e6902bb) C:\windows\system32\DRIVERS\ssudserd.sys
10:59:41.0529 4988 ssudserd - ok
10:59:41.0545 4988 StarOpen - ok
10:59:41.0576 4988 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
10:59:41.0592 4988 stexstor - ok
10:59:41.0685 4988 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
10:59:41.0732 4988 stisvc - ok
10:59:41.0779 4988 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
10:59:41.0810 4988 swenum - ok
10:59:41.0888 4988 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
10:59:41.0951 4988 swprv - ok
10:59:41.0982 4988 SynTP (8f63178d1db81bb79270ae55ecdd8321) C:\windows\system32\DRIVERS\SynTP.sys
10:59:41.0997 4988 SynTP - ok
10:59:42.0185 4988 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
10:59:42.0247 4988 SysMain - ok
10:59:42.0419 4988 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
10:59:42.0465 4988 TabletInputService - ok
10:59:42.0543 4988 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
10:59:42.0590 4988 TapiSrv - ok
10:59:42.0637 4988 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
10:59:42.0684 4988 TBS - ok
10:59:42.0918 4988 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
10:59:42.0965 4988 Tcpip - ok
10:59:43.0292 4988 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
10:59:43.0339 4988 TCPIP6 - ok
10:59:43.0511 4988 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
10:59:43.0557 4988 tcpipreg - ok
10:59:43.0589 4988 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
10:59:43.0604 4988 TDPIPE - ok
10:59:43.0651 4988 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
10:59:43.0682 4988 TDTCP - ok
10:59:43.0745 4988 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
10:59:43.0791 4988 tdx - ok
10:59:43.0854 4988 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
10:59:43.0885 4988 TermDD - ok
10:59:43.0947 4988 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
10:59:44.0010 4988 TermService - ok
10:59:44.0072 4988 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\windows\System32\Drivers\TFsExDisk.sys
10:59:44.0103 4988 TFsExDisk - ok
10:59:44.0135 4988 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
10:59:44.0150 4988 Themes - ok
10:59:44.0197 4988 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
10:59:44.0259 4988 THREADORDER - ok
10:59:44.0291 4988 TlntSvr (519cb7d7f697f4ba47de05845c20f158) C:\windows\System32\tlntsvr.exe
10:59:44.0306 4988 TlntSvr - ok
10:59:44.0353 4988 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
10:59:44.0400 4988 TrkWks - ok
10:59:44.0509 4988 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
10:59:44.0571 4988 TrustedInstaller - ok
10:59:44.0618 4988 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
10:59:44.0681 4988 tssecsrv - ok
10:59:44.0743 4988 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
10:59:44.0759 4988 TsUsbFlt - ok
10:59:44.0837 4988 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
10:59:44.0899 4988 tunnel - ok
10:59:45.0102 4988 TVersityMediaServer (06bccb3bf0d06adccc4ebc8ef682dd59) C:\ProgramData\TVersity\Media Server\MediaServer.exe
10:59:45.0149 4988 TVersityMediaServer - ok
10:59:45.0336 4988 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
10:59:45.0367 4988 uagp35 - ok
10:59:45.0429 4988 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
10:59:45.0507 4988 udfs - ok
10:59:45.0539 4988 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
10:59:45.0554 4988 UI0Detect - ok
10:59:45.0601 4988 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
10:59:45.0632 4988 uliagpkx - ok
10:59:45.0695 4988 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
10:59:45.0726 4988 umbus - ok
10:59:45.0741 4988 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
10:59:45.0773 4988 UmPass - ok
10:59:46.0069 4988 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:59:46.0131 4988 UNS - ok
10:59:46.0319 4988 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
10:59:46.0381 4988 upnphost - ok
10:59:46.0443 4988 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
10:59:46.0459 4988 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
10:59:46.0459 4988 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
10:59:46.0521 4988 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
10:59:46.0537 4988 usbccgp - ok
10:59:46.0599 4988 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
10:59:46.0631 4988 usbcir - ok
10:59:46.0693 4988 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
10:59:46.0724 4988 usbehci - ok
10:59:46.0755 4988 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
10:59:46.0771 4988 usbhub - ok
10:59:46.0833 4988 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
10:59:46.0865 4988 usbohci - ok
10:59:46.0896 4988 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
10:59:46.0911 4988 usbprint - ok
10:59:46.0974 4988 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
10:59:47.0021 4988 usbscan - ok
10:59:47.0052 4988 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
10:59:47.0067 4988 USBSTOR - ok
10:59:47.0083 4988 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
10:59:47.0099 4988 usbuhci - ok
10:59:47.0161 4988 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
10:59:47.0208 4988 usbvideo - ok
10:59:47.0239 4988 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
10:59:47.0301 4988 UxSms - ok
10:59:47.0348 4988 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:59:47.0379 4988 VaultSvc - ok
10:59:47.0426 4988 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
10:59:47.0457 4988 vdrvroot - ok
10:59:47.0551 4988 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
10:59:47.0629 4988 vds - ok
10:59:47.0676 4988 vflt (00c7df4f50962ba218ab60d32869100b) C:\windows\system32\DRIVERS\vfilter.sys
10:59:47.0676 4988 vflt ( UnsignedFile.Multi.Generic ) - warning
10:59:47.0676 4988 vflt - detected UnsignedFile.Multi.Generic (1)
10:59:47.0707 4988 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
10:59:47.0754 4988 vga - ok
10:59:47.0769 4988 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
10:59:47.0816 4988 VgaSave - ok
10:59:47.0879 4988 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
10:59:47.0910 4988 vhdmp - ok
10:59:47.0957 4988 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
10:59:47.0988 4988 viaide - ok
10:59:48.0035 4988 vnet (a99ca064ad11266fe7067a79bf78bbb5) C:\windows\system32\DRIVERS\virtualnet.sys
10:59:48.0035 4988 vnet ( UnsignedFile.Multi.Generic ) - warning
10:59:48.0035 4988 vnet - detected UnsignedFile.Multi.Generic (1)
10:59:48.0097 4988 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
10:59:48.0128 4988 volmgr - ok
10:59:48.0206 4988 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
10:59:48.0237 4988 volmgrx - ok
10:59:48.0315 4988 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
10:59:48.0347 4988 volsnap - ok
10:59:48.0347 4988 vpnva - ok
10:59:48.0409 4988 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
10:59:48.0425 4988 vsmraid - ok
10:59:48.0612 4988 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
10:59:48.0690 4988 VSS - ok
10:59:48.0846 4988 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
10:59:48.0877 4988 vwifibus - ok
10:59:48.0893 4988 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
10:59:48.0908 4988 vwififlt - ok
10:59:48.0939 4988 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
10:59:48.0955 4988 vwifimp - ok
10:59:49.0033 4988 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
10:59:49.0095 4988 W32Time - ok
10:59:49.0127 4988 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
10:59:49.0142 4988 WacomPen - ok
10:59:49.0189 4988 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
10:59:49.0251 4988 WANARP - ok
10:59:49.0251 4988 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
10:59:49.0298 4988 Wanarpv6 - ok
10:59:49.0470 4988 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
10:59:49.0532 4988 wbengine - ok
10:59:49.0704 4988 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
10:59:49.0751 4988 WbioSrvc - ok
10:59:49.0829 4988 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
10:59:49.0891 4988 wcncsvc - ok
10:59:49.0907 4988 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
10:59:49.0922 4988 WcsPlugInService - ok
10:59:50.0016 4988 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
10:59:50.0031 4988 Wd - ok
10:59:50.0109 4988 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
10:59:50.0156 4988 Wdf01000 - ok
10:59:50.0187 4988 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
10:59:50.0219 4988 WdiServiceHost - ok
10:59:50.0234 4988 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
10:59:50.0250 4988 WdiSystemHost - ok
10:59:50.0312 4988 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
10:59:50.0343 4988 WebClient - ok
10:59:50.0375 4988 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
10:59:50.0437 4988 Wecsvc - ok
10:59:50.0453 4988 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
10:59:50.0499 4988 wercplsupport - ok
10:59:50.0515 4988 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
10:59:50.0562 4988 WerSvc - ok
10:59:50.0640 4988 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
10:59:50.0702 4988 WfpLwf - ok
10:59:50.0718 4988 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
10:59:50.0733 4988 WIMMount - ok
10:59:50.0765 4988 WinDefend - ok
10:59:50.0780 4988 WinHttpAutoProxySvc - ok
10:59:50.0874 4988 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
10:59:50.0952 4988 Winmgmt - ok
10:59:51.0170 4988 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
10:59:51.0264 4988 WinRM - ok
10:59:51.0451 4988 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
10:59:51.0482 4988 WinUsb - ok
10:59:51.0576 4988 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
10:59:51.0623 4988 Wlansvc - ok
10:59:51.0669 4988 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
10:59:51.0701 4988 WmiAcpi - ok
10:59:51.0810 4988 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
10:59:51.0841 4988 wmiApSrv - ok
10:59:51.0919 4988 WMPNetworkSvc - ok
10:59:51.0950 4988 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
10:59:51.0981 4988 WPCSvc - ok
10:59:52.0044 4988 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
10:59:52.0075 4988 WPDBusEnum - ok
10:59:52.0106 4988 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
10:59:52.0153 4988 ws2ifsl - ok
10:59:52.0184 4988 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
10:59:52.0200 4988 wscsvc - ok
10:59:52.0215 4988 WSearch - ok
10:59:52.0434 4988 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
10:59:52.0496 4988 wuauserv - ok
10:59:52.0699 4988 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
10:59:52.0746 4988 WudfPf - ok
10:59:52.0793 4988 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
10:59:52.0824 4988 WUDFRd - ok
10:59:52.0886 4988 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
10:59:52.0964 4988 wudfsvc - ok
10:59:53.0027 4988 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
10:59:53.0058 4988 WwanSvc - ok
10:59:53.0089 4988 MBR (0x1B8) (77a4fe43427b9d4037d059eb3f6742a3) \Device\Harddisk0\DR0
10:59:53.0136 4988 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
10:59:53.0136 4988 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
10:59:53.0245 4988 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:59:53.0245 4988 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:59:53.0276 4988 Boot (0x1200) (50a0b6b96dde02ffa90b00ef4b9e76d4) \Device\Harddisk0\DR0\Partition0
10:59:53.0276 4988 \Device\Harddisk0\DR0\Partition0 - ok
10:59:53.0292 4988 Boot (0x1200) (bf218d235dd6e5ac320a49273e5e8a8f) \Device\Harddisk0\DR0\Partition1
10:59:53.0307 4988 \Device\Harddisk0\DR0\Partition1 - ok
10:59:53.0307 4988 ============================================================
10:59:53.0307 4988 Scan finished
10:59:53.0307 4988 ============================================================
10:59:53.0307 4960 Detected object count: 8
10:59:53.0307 4960 Actual detected object count: 8
11:00:03.0401 4960 Connectify ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:03.0401 4960 Connectify ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:00:03.0401 4960 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:03.0401 4960 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:00:03.0416 4960 Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:03.0416 4960 Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:00:03.0416 4960 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:03.0416 4960 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:00:03.0416 4960 vflt ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:03.0416 4960 vflt ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:00:03.0416 4960 vnet ( UnsignedFile.Multi.Generic ) - skipped by user
11:00:03.0416 4960 vnet ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:00:03.0416 4960 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - skipped by user
11:00:03.0416 4960 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Skip
11:00:03.0432 4960 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:00:03.0432 4960 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
|
|
04.07.2012, 10:23
| #4 |
| | S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus Hi, ok, zweiter Lauf für den Killer, die Einträge (und nur die) Code:
ATTFilter 11:00:03.0416 4960 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - skipped by user
11:00:03.0416 4960 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Skip
11:00:03.0432 4960 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:00:03.0432 4960 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
 Nach Klicken auf die Schaltfläche Continue gehts dann weiter, nach Abschluss ist ein Neustart erforderlich. Nach dem Neustart nochmal ein neues Log vom Killer posten... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
04.07.2012, 10:29
| #5 |
| | S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus Bei TDSS File System lässt sich nur "Copy to quarantine" und "delete" auswählen. Was soll ich nehmen? |
|
04.07.2012, 10:52
| #6 |
| | S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus Hi, lass es mal stehen, wenn der Bootblock bereinigt ist sollte es keine rolle mehr spielen... wir lassen später noch CF los, danach widmen wir uns wieder dem TDSS-Filesystem... chris
__________________ --> S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus |
|
04.07.2012, 11:21
| #7 |
| | S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus Nachdem ich auf "Continue" geklickt hab, kommt die Meldung "Can't cure MBR. Write standard boot code?" Und mein Anti-Virenprogramm schlägt auch Alarm. |
|
04.07.2012, 12:37
| #8 |
| | S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus Hi, was besonderes beim MBR, d.h. hast Du einen Laptop? Die verwenden meist spezielle Bootblöcke zur Wiederherstellung... Hast du eine Installations-CD? Wie lautet die Meldung des Antivireprogramm? Läuft der hier: MBR-Check Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) Geändert von Chris4You (04.07.2012 um 12:58 Uhr) |
|
04.07.2012, 13:12
| #9 |
| | S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus Jap, habe einen Laptop! Installations-CD hab ich gerade nicht zur Hand, aber eine ISO-Datei.. könnte theoretisch vom USB-Stick booten! Das hier kam als Meldung:  MBR-Check Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Micro-Star International
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Micro-Star International
System Product Name: MS-1688
Logical Drives Mask: 0x0040001c
Kernel Drivers (total 157):
0x0320B000 \SystemRoot\system32\ntoskrnl.exe
0x037F3000 \SystemRoot\system32\hal.dll
0x00B9C000 \SystemRoot\system32\kdcom.dll
0x00CE5000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D34000 \SystemRoot\system32\PSHED.dll
0x00D48000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EFD000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FA1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E00000 \SystemRoot\system32\drivers\ACPI.sys
0x00E57000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00E60000 \SystemRoot\system32\drivers\msisadrv.sys
0x00E6A000 \SystemRoot\system32\drivers\pci.sys
0x00E9D000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00EAA000 \SystemRoot\System32\drivers\partmgr.sys
0x00EBF000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00EC8000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00ED4000 \SystemRoot\system32\drivers\volmgr.sys
0x01089000 \SystemRoot\System32\drivers\volmgrx.sys
0x010E5000 \SystemRoot\System32\drivers\mountmgr.sys
0x012B0000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x014BA000 \SystemRoot\system32\drivers\atapi.sys
0x014C3000 \SystemRoot\system32\drivers\ataport.SYS
0x014ED000 \SystemRoot\system32\drivers\amdxata.sys
0x014F8000 \SystemRoot\system32\drivers\fltmgr.sys
0x01544000 \SystemRoot\system32\drivers\fileinfo.sys
0x01605000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01558000 \SystemRoot\System32\Drivers\msrpc.sys
0x017A8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x017C3000 \SystemRoot\System32\drivers\pcw.sys
0x017D4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x010FF000 \SystemRoot\system32\drivers\ndis.sys
0x01000000 \SystemRoot\system32\drivers\NETIO.SYS
0x015B6000 \SystemRoot\System32\Drivers\aswNdis2.sys
0x01272000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0182A000 \SystemRoot\System32\drivers\tcpip.sys
0x01A2D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A77000 \SystemRoot\system32\DRIVERS\aswNdis.sys
0x01A7E000 \SystemRoot\system32\drivers\volsnap.sys
0x01ACA000 \SystemRoot\System32\Drivers\spldr.sys
0x01AD2000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B0C000 \SystemRoot\System32\Drivers\mup.sys
0x01B1E000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B27000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B61000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B77000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x044C4000 \SystemRoot\system32\drivers\cdrom.sys
0x044EE000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x045DC000 \SystemRoot\System32\Drivers\Null.SYS
0x045E5000 \SystemRoot\System32\Drivers\Beep.SYS
0x045EC000 \SystemRoot\System32\Drivers\aswKbd.SYS
0x04200000 \SystemRoot\System32\drivers\vga.sys
0x0420E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04233000 \SystemRoot\System32\drivers\watchdog.sys
0x04243000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0424C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04255000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0425E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04269000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0427A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01BB5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01BC2000 \SystemRoot\System32\Drivers\aswFW.SYS
0x01BE7000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02E87000 \SystemRoot\system32\drivers\afd.sys
0x02F10000 \SystemRoot\System32\Drivers\aswrdr2.sys
0x02F20000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02F65000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F6E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F94000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02FAA000 \SystemRoot\system32\DRIVERS\cnnctfy2.sys
0x02FB4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02FC3000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02FDE000 \SystemRoot\system32\drivers\termdd.sys
0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02E5D000 \SystemRoot\system32\drivers\mssmbios.sys
0x02E68000 \SystemRoot\System32\drivers\discache.sys
0x01800000 \SystemRoot\System32\Drivers\dfsc.sys
0x017DE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04A9D000 \SystemRoot\System32\Drivers\aswSP.SYS
0x04AF9000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04B1F000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04C45000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x0583E000 \SystemRoot\system32\DRIVERS\igdpmd64.sys
0x05289000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05FA9000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05FEF000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x05800000 \SystemRoot\system32\drivers\usbehci.sys
0x0537D000 \SystemRoot\system32\drivers\USBPORT.SYS
0x05811000 \SystemRoot\system32\drivers\HDAudBus.sys
0x060B9000 \SystemRoot\system32\DRIVERS\athrx.sys
0x0635F000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0636C000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x06000000 \SystemRoot\system32\drivers\i8042prt.sys
0x0601E000 \SystemRoot\system32\drivers\kbdclass.sys
0x0602D000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x0607A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0607C000 \SystemRoot\system32\drivers\mouclass.sys
0x0608B000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x06090000 \SystemRoot\system32\drivers\wmiacpi.sys
0x06099000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x053D3000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x04C00000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x060A6000 \SystemRoot\system32\drivers\CompositeBus.sys
0x04C16000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04B4B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x063F1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04B6F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04B9E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04BB9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04BDA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x063FD000 \SystemRoot\system32\drivers\swenum.sys
0x04A00000 \SystemRoot\system32\drivers\ks.sys
0x04C2C000 \SystemRoot\system32\drivers\umbus.sys
0x04A43000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x01060000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x06E84000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x070AC000 \SystemRoot\system32\drivers\portcls.sys
0x070E9000 \SystemRoot\system32\drivers\drmk.sys
0x0710B000 \SystemRoot\system32\drivers\ksthunk.sys
0x07111000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x07158000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0429C000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x07166000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x07179000 \SystemRoot\system32\drivers\hidusb.sys
0x07187000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x071A0000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x071A9000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x000E0000 \SystemRoot\System32\win32k.sys
0x071B6000 \SystemRoot\System32\drivers\Dxapi.sys
0x071C2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005B0000 \SystemRoot\System32\TSDDD.dll
0x007B0000 \SystemRoot\System32\cdd.dll
0x00940000 \SystemRoot\System32\ATMFD.DLL
0x071D0000 \SystemRoot\system32\drivers\luafv.sys
0x06E00000 \??\C:\windows\system32\drivers\aswMonFlt.sys
0x06E21000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x06E2A000 \SystemRoot\system32\drivers\WudfPf.sys
0x06E4B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06E60000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x028DA000 \SystemRoot\system32\drivers\HTTP.sys
0x029A3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x029C1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0282D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0287B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05618000 \SystemRoot\system32\drivers\peauth.sys
0x056BE000 \SystemRoot\System32\Drivers\secdrv.SYS
0x056C9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x056FA000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0570C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06C77000 \SystemRoot\System32\DRIVERS\srv.sys
0x76EC0000 \Windows\System32\ntdll.dll
0x47750000 \Windows\System32\smss.exe
0xFF1E0000 \Windows\System32\apisetschema.dll
0xFFB50000 \Windows\System32\autochk.exe
Processes (total 55):
0 System Idle Process
4 System
344 C:\Windows\System32\smss.exe
488 csrss.exe
548 C:\Windows\System32\wininit.exe
576 csrss.exe
608 C:\Windows\System32\services.exe
632 C:\Windows\System32\lsass.exe
640 C:\Windows\System32\lsm.exe
740 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\svchost.exe
884 C:\Windows\System32\atiesrxx.exe
932 C:\Windows\System32\winlogon.exe
972 C:\Windows\System32\svchost.exe
1016 C:\Windows\System32\svchost.exe
376 C:\Windows\System32\svchost.exe
1036 C:\Windows\System32\svchost.exe
1140 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1224 C:\Windows\System32\atieclxx.exe
1380 C:\Program Files\AVAST Software\Avast\afwServ.exe
1524 C:\Windows\System32\spoolsv.exe
1564 C:\Windows\System32\svchost.exe
1728 C:\Windows\System32\taskhost.exe
1816 C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1948 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1968 C:\Windows\System32\dwm.exe
2028 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1160 C:\Windows\explorer.exe
1668 C:\Program Files (x86)\System Control Manager\MSIService.exe
2076 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2168 C:\Windows\System32\svchost.exe
3068 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1244 C:\Program Files\Windows Sidebar\sidebar.exe
1240 C:\Program Files (x86)\NirSoft\Volumouse\volumouse.exe
2124 C:\Windows\System32\StikyNot.exe
2316 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2284 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1984 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1204 C:\Windows\System32\SearchIndexer.exe
3324 C:\Program Files\Windows Media Player\wmpnetwk.exe
3560 C:\Windows\System32\svchost.exe
1620 C:\Windows\System32\svchost.exe
4036 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
2812 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
4756 C:\Windows\System32\wuauclt.exe
1356 C:\Windows\SysWOW64\ctfmon.exe
3432 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4568 C:\Windows\System32\SearchProtocolHost.exe
5028 C:\Windows\System32\SearchFilterHost.exe
1268 C:\Windows\System32\igfxsrvc.exe
3736 C:\Program Files (x86)\WinRAR 3.61 Multi\RarExtLoader.exe
1192 C:\Users\Patrick\Desktop\MBRCheck.exe
4740 C:\Windows\System32\svchost.exe
4788 C:\Windows\System32\conhost.exe
2308 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002e`39300000 (NTFS)
\\.\W: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: WDCWD3200BEVT-22A23T0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: E11644D9ED19FDC1C9757EA540FD8432A3ECA10E
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
|
|
04.07.2012, 13:31
| #10 |
| | S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus Hi, die Gretchenfrage ist, wird ein Standardbootblock verwendet oder hat der Notebookhersteller einen eigenen, geänderten. Darum bin ich da immer extrem vorsichtig, nicht das der Rechner nachher nichtmehr bootet.. Bereite auf jeden Fall den Stick als Bootemedium vor... Sicher ist, der MBR ist infiziert und muß platt gemacht werden... Entweder lässt Du den Killer den Code überschreiben oder drückst bei MBR-Check "y" und lässt folgst den weiteren Anweisungen und lässt ihn dann bügeln (win7)... Dabei sicherheitshalber Avast ausschalten, der könnte die Zugriffe der Tools stören/blocken (das was Avat gemeldet hat, liegt in der Quarantäne des Killers (der hat sich schon ein Backup des aktuellen MBRs gemacht ;o))... Wir können auch eine Win7-ReparaturDVD erstellen und von der den MBR fixen lassen: Beheben und Reparieren von Startproblemen in Windows Vista mit dem Hilfsprogramm "Bootrec.exe" in der Windows-Wiederherstellungsumgebung Reparatur unter der Recovery-Konsole Win 7 -> siehe weiter unten Wie im Link beschrieben vorgehen und dann in der Konsole bootrec.exe /FixMbr eingeben. Tipparchiv - MBR unter Vista oder Windows 7 reparieren - WinTotal.de Falls keine WIN7-Boot-DVD vorhanden: Lade folgendes Abbild runter und brenne es via Nero etc. (ImageBurn:ImgBurn Download - ImgBurn 2.5.6.0) auf DVD (64 Bit): Windows_7_64 (32 Bit):Windows_7_32-bit Dann von dieser DVD starten und wie beschrieben vorgehen! Falls der MBR zerschossen wird, kannst Du ja noch vom Stick booten und so Datenretten... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
04.07.2012, 14:32
| #11 |
| | S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus Könnte ich auch einfach Win7 neu aufsetzen? Ich hab mir die ISO-Datei von Chip heruntergeladen und auf meinen USB-Stick gezogen (bootfähig). Würde es reichen, wenn ich damit mein Windows neu installiere? Oder steckt der Virus dann immernoch im System? Und noch eine Frage: Was passiert im Moment mit meinem Laptop? Sind irgendwelche Keylogger aktiv oder werden ständig Daten ausgelesen (welche Websiten ich besuche etc.)? Danke für die Anleitungen! |
|
04.07.2012, 14:36
| #12 |
| | S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus Hi, Nein, TDSS leitet Internet (Google) um... Was sich sonst unter dem Tarnschirm versteckt wird man sehen... Mach einfach den MBR mal platt und boote dann neu... TDSS infiziert normalerweise noch einen Treiber, d.h. nach dem neuschreiben und reboot mus das hier noch getan werden: Combofix Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop. Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß! Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter. Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird. Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden... chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
04.07.2012, 20:30
| #13 |
| | S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus MBR ist plattgemacht (zumindest erscheint keine Meldung mehr, wenn ich mit dem TDSS-Killer scannen lasse) #Edit: Das Laden von Websiten geht jetzt deutlich schneller vonstatten! ComboFix.txt Code:
ATTFilter ComboFix 12-07-04.01 - Patrick 04.07.2012 15:52:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3886.2626 [GMT 2:00]
ausgeführt von:: c:\users\Patrick\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Family Keylogger 4
c:\programdata\Microsoft\Windows\Start Menu\Programs\Family Keylogger 4\Family Keylogger.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Family Keylogger 4\Help.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Family Keylogger 4\Quick Start.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Family Keylogger 4\Uninstall.lnk
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-04 bis 2012-07-04 ))))))))))))))))))))))))))))))
.
.
2012-07-04 08:53 . 2012-07-04 08:53 -------- d-----w- C:\TDSS
2012-07-04 06:55 . 2012-07-04 06:55 -------- d-----w- C:\_OTL
2012-07-04 00:10 . 2012-07-04 00:10 -------- d-----w- c:\programdata\Martau
2012-07-04 00:09 . 2012-07-04 00:10 -------- d-----w- c:\program files\Total Uninstall 6
2012-07-03 17:44 . 2012-07-03 16:21 142128 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-07-03 17:44 . 2012-07-03 16:21 266776 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-07-03 17:44 . 2012-07-03 16:21 19600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-07-03 17:44 . 2012-06-27 20:33 12368 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-07-03 17:16 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 17:16 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 17:16 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 17:16 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 17:16 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 17:16 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 17:16 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 17:15 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 17:15 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 17:15 . 2012-07-03 17:15 -------- d-----w- c:\programdata\AVAST Software
2012-07-03 17:15 . 2012-07-03 17:15 -------- d-----w- c:\program files\AVAST Software
2012-07-03 02:14 . 2012-07-03 02:14 -------- d-----w- c:\users\Patrick\AppData\Roaming\Malwarebytes
2012-07-03 02:14 . 2012-07-03 02:14 -------- d-----w- c:\programdata\Malwarebytes
2012-07-03 02:14 . 2012-07-03 02:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-01 21:48 . 2012-07-02 20:57 -------- d-----w- c:\users\Patrick\AppData\Local\Spotify
2012-07-01 21:48 . 2012-07-03 00:53 -------- d-----w- c:\users\Patrick\AppData\Roaming\Spotify
2012-06-23 12:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 12:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 12:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 12:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 12:50 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-23 12:50 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 12:50 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 12:50 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 12:50 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-23 12:47 . 2012-06-23 12:47 -------- d-----w- c:\users\Patrick\AppData\Local\Macromedia
2012-06-13 14:15 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 14:15 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 14:15 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 14:15 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 14:15 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 14:15 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 14:15 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 14:15 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-11 11:00 . 2012-06-11 11:00 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-11 11:00 . 2012-06-11 11:00 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 12:40 . 2012-04-05 19:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 12:40 . 2011-05-16 09:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-29 18:51 . 2011-05-29 02:18 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-05-29 18:51 . 2011-05-29 02:12 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-05-28 23:20 . 2011-05-29 02:12 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-05 00:31 . 2012-04-13 18:31 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 94208 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"$Volumouse$"="c:\program files (x86)\NirSoft\Volumouse\volumouse.exe" [2012-01-08 35328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Patrick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Firefox.lnk - c:\program files (x86)\Mozilla Firefox\firefox.exe [2010-9-15 913888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 Connectify;Connectify;c:\program files (x86)\Connectify\ConnectifyService.exe [2011-12-01 69632]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 87888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2012-02-24 203320]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-04 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 136176]
R4 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 136176]
R4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2011-12-16 25504]
R4 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2011-12-16 27584]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-06-27 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy2.sys [2012-01-18 31344]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-08 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-07-03 133912]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-08 6232064]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-08 160256]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-01-07 271872]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-01-08 7778176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1234592865-2256707453-3612337758-1000Core.job
- c:\users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-25 00:26]
.
2012-07-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1234592865-2256707453-3612337758-1000UA.job
- c:\users\Patrick\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-25 00:26]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 23:28]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-17 23:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:49 97792 ----a-w- c:\users\Patrick\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.msmiq.com/(S(cmjgqi45joflms55soqm2oiq))/default.aspx?language=de-de
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 143.93.128.7:3128
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files (x86)\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.1.10 192.168.1.130
TCP: Interfaces\{DE079886-8D4C-4805-9951-B9B08F64DE77}: NameServer = 192.168.1.10 192.168.1.130
FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\55rk036k.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Notify-igfxcui - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-04 21:09:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-04 19:09
.
Vor Suchlauf: 20 Verzeichnis(se), 108.266.381.312 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 108.561.534.976 Bytes frei
.
- - End Of File - - 4615FFA4919567713C363B24EB334F74
Geändert von firstLINE (04.07.2012 um 20:48 Uhr) |
|
05.07.2012, 21:48
| #14 |
| | S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus Hi, gibt es noch Umleitungen in Google? MAM updaten und nochmal Fullscan, Log posten... Combofix deinstallieren: Klicke auf Start (Windows 7 Start Button) und tippe dann in das Suchfeld combofix /uninstall, wie im Piktogram unter diesem Text mit dem blauen Pfeil. Bitte sicherstellen, dass ein Leerzeichen zwischen Combofix und /uninstall ist. Combofix deinstallieren  chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
06.07.2012, 00:51
| #15 |
| | S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus Die Umleitungen bei Google sind verschwunden! Combofix hab ich jetzt deinstalliert! Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.05.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Patrick :: PATRICKS [Administrator] Schutz: Deaktiviert 05.07.2012 23:30:59 mbam-log-2012-07-05 (23-30-59).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 416147 Laufzeit: 2 Stunde(n), 9 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\TDSSKiller_Quarantine\04.07.2012_15.40.34\mbr0000\tdlfs0000\tsk0007.dta (Rootkit.TDSS.64) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\TDSSKiller_Quarantine\04.07.2012_15.40.34\mbr0000\tdlfs0000\tsk0008.dta (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\TDSSKiller_Quarantine\04.07.2012_15.40.34\mbr0000\tdlfs0000\tsk0009.dta (Rootkit.TDSS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\TDSSKiller_Quarantine\04.07.2012_15.40.34\mbr0000\tdlfs0000\tsk0010.dta (Rootkit.TDSS.64) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\TDSSKiller_Quarantine\04.07.2012_15.40.34\mbr0000\tdlfs0000\tsk0012.dta (Rootkit.TDSS.64) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
| Themen zu S.M.A.R.T. Repair & Google Redirect-Trojaner/Virus |
| antivir, avast antivirus, bonjour, browser, computer, danke für eure hilfe!, device driver, error, fatal error, festplatte, firefox, firefox 13.0.1, flash player, google, google earth, home, iexplore.exe, igdpmd64.sys, install.exe, lesefehler, limewire, limited.com/facebook, microsoft office word, office 2007, plug-in, popup, problem, richtlinie, rootkit.tdss, rootkit.tdss.64, searchscopes, software, svchost.exe, windows |
Linear-Darstellung
