| |
| |||||||
Log-Analyse und Auswertung: TR/ATRAPS.Gen und TR/inject.eigl eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.07.2012, 12:49
| #1 |
 |  TR/ATRAPS.Gen und TR/inject.eigl eingefangen Liebe Forumshelfer, dies ist, wie bei so vielen anderen, mein erster Eintrag, da ich mit meinem Trojanerproblem einfach nicht mehr weiterkomme. Mein Problem ist unter anderem, dass mein letztes Datenbackup leider schon zwei Wochen her ist und ich aber ein paar Dateien (word, excel, access, und ein paar Bilder) habe, die ich nur sehr sehr ungern verlieren würde. Ich habe mir gestern morgen den Live Security Platinum Trojaner eingefangen, der von einem Kumpel von mir "entfernt" wurde (jedenfalls sehe ich ihn nicht mehr). Es wurden auch keine Logs erstellt oder andere Informationen dazu aufbewahrt. Gestern nachmittag ist dann dafür der TR/ATRAPS.Gen aufgetaucht und heute morgen der TR/inject.eigl, die beiden wurden jeweils von Avira Free gefunden. Ich habe mich jetzt durchs Forum gelesen, soweit ich es konnte die Log dateien erstellt und hoffe nun, dass ich zumindest bis dorthin alles richtig gemacht habe, da ich leider gar keine Ahnung habe. Außerdem habe ich mir Malwarebyte runtergeladen, durchlaufen lassen und auch eine Log datei erstellt, alles in Quarantäne verschoben aber noch nichts gelöscht. Die Datei befindet sich ganz am Ende dieses Eintrages. Ich bedanke mich schon mal im Vorraus für Eure Hilfe und hoffe, dass ich mein Problem (vorallem das mit den Daten) irgendwie in den Griff bekomme. Viele Grüße, Katta Der OTL log: OTL logfile created on: 17.07.2012 08:21:13 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\sun\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,50% Memory free 5,98 Gb Paging File | 4,74 Gb Available in Paging File | 79,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100,01 Gb Total Space | 54,39 Gb Free Space | 54,38% Space Free | Partition Type: NTFS Drive D: | 365,65 Gb Total Space | 118,71 Gb Free Space | 32,47% Space Free | Partition Type: NTFS Computer Name: STERNCHEN | User Name: sun | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.17 08:08:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\sun\Desktop\OTL.exe PRC - [2012.07.17 08:08:03 | 000,050,477 | ---- | M] () -- C:\Users\sun\Desktop\Defogger.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\sun\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.08 10:27:26 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 10:27:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 10:27:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 10:27:26 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.19 11:06:50 | 000,032,256 | ---- | M] () -- C:\Programme\Hardcopy\hcdll2_ex_Win32.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.03.28 21:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.03.24 00:35:05 | 000,519,632 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE PRC - [2009.09.24 19:47:46 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe PRC - [2003.08.28 14:11:17 | 000,664,064 | ---- | M] (mysoft hxxp://www.mysoft.de) -- C:\Programme\Winexit\Winexit.exe ========== Modules (No Company Name) ========== MOD - [2012.07.17 08:08:03 | 000,050,477 | ---- | M] () -- C:\Users\sun\Desktop\Defogger.exe MOD - [2012.01.19 11:06:50 | 000,032,256 | ---- | M] () -- C:\Programme\Hardcopy\hcdll2_ex_Win32.exe MOD - [2012.01.09 20:44:20 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2012.01.07 10:54:16 | 000,047,616 | ---- | M] () -- C:\Programme\Hardcopy\hardcopy_04.dll MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll MOD - [2002.04.22 04:15:02 | 000,139,264 | ---- | M] () -- C:\Programme\Common Files\Adobe\Shell\psicon.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.19 12:23:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 10:27:26 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 10:27:26 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.08.11 09:29:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.24 00:34:18 | 000,435,152 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) ========== Driver Services (SafeList) ========== DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.08 10:27:26 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 10:27:26 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.05 11:05:19 | 000,045,136 | ---- | M] (MARX CryptoTech LP) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CBUSB.sys -- (CBUSB) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.03.24 00:25:38 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2011.03.24 00:25:14 | 000,077,968 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsock.sys -- (acsock) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.12.07 20:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.12.07 20:36:48 | 000,201,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.10.12 16:22:56 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2006.11.14 09:11:54 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "www.google.de" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.06.13 11:11:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.19 12:23:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.19 12:23:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.05 19:32:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sun\AppData\Roaming\mozilla\Extensions [2012.07.15 21:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sun\AppData\Roaming\mozilla\Firefox\Profiles\fxzw28sw.default\extensions [2012.07.15 21:14:39 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\sun\AppData\Roaming\mozilla\Firefox\Profiles\fxzw28sw.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2012.03.05 19:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.13 11:11:56 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2012.06.19 12:23:20 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Programme\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\sun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\sun\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A15A78E-A3A0-4389-8329-5DC711723F98}: NameServer = 134.130.4.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8903B5AA-1CFC-4395-8A42-F613EA701BFF}: DhcpNameServer = 192.168.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99FBA9C1-6FFE-4F15-8146-EF6B2073C7AC}: DhcpNameServer = 212.23.97.2 212.23.97.3 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{345ba5c2-8ab0-11e1-9f8c-001fe1f37047}\Shell - "" = AutoRun O33 - MountPoints2\{345ba5c2-8ab0-11e1-9f8c-001fe1f37047}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f20797f4-7017-11e1-8a3d-001fe1f37047}\Shell - "" = AutoRun O33 - MountPoints2\{f20797f4-7017-11e1-8a3d-001fe1f37047}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f2079801-7017-11e1-8a3d-001fe1f37047}\Shell - "" = AutoRun O33 - MountPoints2\{f2079801-7017-11e1-8a3d-001fe1f37047}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f2079814-7017-11e1-8a3d-001fe1f37047}\Shell - "" = AutoRun O33 - MountPoints2\{f2079814-7017-11e1-8a3d-001fe1f37047}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{f2079819-7017-11e1-8a3d-001fe1f37047}\Shell - "" = AutoRun O33 - MountPoints2\{f2079819-7017-11e1-8a3d-001fe1f37047}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{fcc9ac5f-7586-11e1-8bf9-001fe1f37047}\Shell - "" = AutoRun O33 - MountPoints2\{fcc9ac5f-7586-11e1-8bf9-001fe1f37047}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{fcc9ac62-7586-11e1-8bf9-001fe1f37047}\Shell - "" = AutoRun O33 - MountPoints2\{fcc9ac62-7586-11e1-8bf9-001fe1f37047}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.17 08:08:09 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\sun\Desktop\OTL.exe [2012.07.16 11:16:01 | 000,000,000 | ---D | C] -- C:\Users\sun\AppData\Roaming\Malwarebytes [2012.07.16 11:15:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.16 11:15:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.16 11:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.16 11:15:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.16 09:03:16 | 000,000,000 | ---D | C] -- C:\Users\sun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum [2012.07.16 08:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF980001705EEF6A5F3AF875EF7E [2012.07.09 08:27:53 | 000,000,000 | R--D | C] -- C:\Users\sun\Desktop\Onleihe [2012.06.27 15:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardcopy [2012.06.27 15:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Hardcopy [2012.06.27 15:14:26 | 001,703,936 | ---- | C] (www.sw4you.de Siegfried Weckmann) -- C:\Windows\SwSetupu.exe [2004.01.12 00:00:00 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr71.dll ========== Files - Modified Within 30 Days ========== [2012.07.17 08:13:53 | 000,000,000 | ---- | M] () -- C:\Users\sun\defogger_reenable [2012.07.17 08:08:15 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\sun\Desktop\OTL.exe [2012.07.17 08:08:03 | 000,050,477 | ---- | M] () -- C:\Users\sun\Desktop\Defogger.exe [2012.07.17 07:48:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.16 13:49:55 | 000,620,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.16 13:49:54 | 000,668,778 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.16 13:49:54 | 000,134,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.16 13:49:54 | 000,110,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.16 13:48:13 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.16 13:48:13 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.16 13:40:43 | 2408,390,656 | -HS- | M] () -- C:\hiberfil.sys [2012.07.16 12:22:13 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 01:20:47 | 000,421,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.07.11 22:50:52 | 137,629,807 | ---- | M] () -- C:\Users\sun\Desktop\01-die_drei_fragezeichen--f154_botschaft_aus_der_unterwelt-oma.mp3 [2012.07.04 16:36:40 | 000,352,256 | ---- | M] () -- C:\Users\sun\Documents\Database1.accdb [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.25 16:16:26 | 000,000,000 | -H-- | M] () -- C:\Users\sun\Documents\Default.rdp ========== Files Created - No Company Name ========== [2012.07.17 08:13:53 | 000,000,000 | ---- | C] () -- C:\Users\sun\defogger_reenable [2012.07.17 08:08:00 | 000,050,477 | ---- | C] () -- C:\Users\sun\Desktop\Defogger.exe [2012.07.16 11:15:59 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.12 11:56:35 | 137,629,807 | ---- | C] () -- C:\Users\sun\Desktop\01-die_drei_fragezeichen--f154_botschaft_aus_der_unterwelt-oma.mp3 [2012.07.04 16:33:19 | 000,352,256 | ---- | C] () -- C:\Users\sun\Documents\Database1.accdb [2012.06.25 16:16:26 | 000,000,000 | -H-- | C] () -- C:\Users\sun\Documents\Default.rdp [2012.03.05 19:28:01 | 000,001,213 | ---- | C] () -- C:\Users\sun\ia_remove.sh [2012.01.11 10:31:43 | 000,002,048 | -HS- | C] () -- C:\Users\sun\AppData\Local\{0eff2cb0-66a4-c2f5-ecf1-5c11cb76412d}\@ [2011.10.30 10:45:25 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.09.14 09:40:23 | 000,000,008 | ---- | C] () -- C:\Windows\System32\PROTOCOL.INI [2011.08.12 11:03:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.07.31 23:32:30 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll ========== LOP Check ========== [2012.03.23 09:24:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Der EXTRAS.log OTL Extras logfile created on: 17.07.2012 08:21:13 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\sun\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,50% Memory free 5,98 Gb Paging File | 4,74 Gb Available in Paging File | 79,26% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 100,01 Gb Total Space | 54,39 Gb Free Space | 54,38% Space Free | Partition Type: NTFS Drive D: | 365,65 Gb Total Space | 118,71 Gb Free Space | 32,47% Space Free | Partition Type: NTFS Computer Name: STERNCHEN | User Name: sun | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 "AntiVirusDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02B75632-552D-444C-92BF-875D6FC62E11}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{1726EFA1-348B-4317-9784-CFC1C015C17D}" = rport=137 | protocol=17 | dir=out | app=system | "{17754DA2-02CC-4961-B4CF-117AD61E2B08}" = lport=2869 | protocol=6 | dir=in | app=system | "{38043C39-CEAB-4F5E-9D56-132E1A6387E7}" = lport=10243 | protocol=6 | dir=in | app=system | "{3BD55B95-8A33-453C-8F79-F0C724D8D207}" = lport=138 | protocol=17 | dir=in | app=system | "{45F68F2E-743B-40A0-8DC0-7AD00D89E498}" = lport=445 | protocol=6 | dir=in | app=system | "{48C00818-D7B3-47A1-879C-84B9DC2DF8F7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4A68FEFE-5BF9-4752-A706-735A3C86FA1B}" = rport=138 | protocol=17 | dir=out | app=system | "{5595D50F-D891-47F7-8CBA-EE0B332FBDA7}" = lport=137 | protocol=17 | dir=in | app=system | "{5F339147-B88E-46F8-AF02-F097E1DB4E7E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{60D6E371-5BE5-46D3-838A-9C5E983443E6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{81403E13-09FC-4FAD-A426-313371FA31B5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{90E71B83-1B43-44D2-9B8F-98081D664853}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{926AB2B6-B891-427B-8F61-D1EE4091ED24}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A641BE3F-3040-4E99-954A-9803347B08E4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{B22B9D2E-50C7-45DA-BBCF-395F5454153E}" = rport=445 | protocol=6 | dir=out | app=system | "{B476418A-257D-4377-986B-C514ABAC624E}" = lport=139 | protocol=6 | dir=in | app=system | "{BA5F5652-0636-4580-BB18-1908C09DB196}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C2D1ED44-388C-42C2-8701-5DEEDF6C510A}" = rport=10243 | protocol=6 | dir=out | app=system | "{DCF6F32D-FA23-4C6E-A8D5-0BE0D819F680}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{E03D27E4-1765-4564-8B40-D96D5BB1C1E0}" = rport=139 | protocol=6 | dir=out | app=system | "{E38FDD73-B6F6-4C44-858A-944C825286A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F5B16235-C3E9-4F0B-A61F-70BFB26026F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F7B79769-4E2E-4D69-8DB9-9EEDD469D6D0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0316E654-FD85-439A-984B-C8CBA674237C}" = dir=in | app=c:\program files\commodas\pact\scs-tools\scslutmon.exe | "{07D475CC-ECA3-49AE-B973-8F20E4BC9F93}" = dir=out | app=c:\program files\commodas\common\msortpictureviewer.exe | "{0E4ACF7A-7344-41FC-A310-C7378C0EB9EC}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | "{12E9AF2C-1FF9-4058-A291-F33CA1A7F385}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "{1AB33577-94E2-4603-A986-A3EA9D37ECD1}" = dir=out | app=c:\program files\commodas\pact\scs-tools\dnobrowser.exe | "{20E7E1BB-E354-4FB4-80CA-D8BB2DAB1B4A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{2D3900B9-0EAD-4BB7-B094-BB72D0BC5A90}" = dir=in | app=c:\program files\commodas\pact\bin\scs_hpcp.exe | "{3CF4F42A-3D71-46C3-AE0B-1D0BF3BCEC54}" = dir=out | app=c:\program files\commodas\pact\bin\scscoreprocess2.exe | "{43AD16E6-D739-460E-9270-8CB5E2FEF21D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{46371C77-FFC1-4776-9E3A-2AA93E49D0E1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4AE28830-EFE6-49DD-AE5A-13B195ED16CA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{4B376A4C-E7B8-4DB2-9033-4B4F536EB0DF}" = dir=in | app=c:\program files\commodas\common\cdspictureviewer.exe | "{4BE398C0-437A-442E-BD30-5E0C1CDBFAE1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5033ABB5-0CCB-4ED8-B582-6D266D060D4D}" = dir=out | app=c:\program files\commodas\pact\scs-tools\scslutmon.exe | "{5737FBD2-0645-48D8-A727-E0093A4BE916}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5DE879FB-F551-4C2B-A91A-D281CD340129}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{60C3DE9D-7721-446E-BB85-878F281CA06A}" = dir=in | app=c:\program files\commodas\pact\bin\scs_cpp.exe | "{62559A4D-D489-41F0-9435-D6E0E6B6EE08}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{65AD2147-E633-4801-94AB-A7A076571ADE}" = dir=out | app=c:\program files\commodas\pact\bin\pact.exe | "{6788AC13-1D3C-4CD9-9F6A-B7D599065654}" = dir=out | app=c:\program files\commodas\pact\scs-tools\scstrace.exe | "{85706C04-8D65-4777-A6C3-9FA1086805E8}" = dir=out | app=c:\program files\commodas\common\cdspictureviewer.exe | "{88316BC5-84C9-4945-9FCF-809C946BCEE2}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{88818AFE-44DC-44D2-9BE7-C6B691D8D071}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8B0F740E-9BD4-4810-9122-C1EF371FCAD0}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | "{8C4FF6B0-0CE7-413B-A005-D1DD7E887DB7}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | "{90723C8F-F67D-4076-B769-602A752F9B8A}" = dir=in | app=c:\program files\commodas\pact\bin\pact.exe | "{90E5B037-0C39-4780-836E-262EDC912D17}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{91A6FE1B-497A-42D8-A2A1-EE5814D76D76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{99227126-4AAC-4A00-AE85-787E12A759D4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{9B56BD87-CA6F-4A51-B757-CD85A8A69286}" = dir=in | app=c:\program files\commodas\common\msortpictureviewer.exe | "{A31433ED-2DF5-4E7A-B1DB-5979382400D5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A44139F6-031B-4049-83D8-7E2A7704AEF7}" = dir=in | app=c:\program files\commodas\pact\scs-tools\scstrace.exe | "{A5BF5975-A251-4BEF-AEF4-00BAA91A1741}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | "{A5F5299B-C251-4752-B5F6-D0A986C27ECD}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "{A887CE91-5817-4773-804B-065DD483AD00}" = dir=out | app=c:\program files\commodas\pact\bin\scs_hpcp.exe | "{B5442022-CCF7-43E9-82A9-92D913DE9F0A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B7AB948C-6E86-4243-802C-EC45F2647143}" = dir=in | app=c:\program files\commodas\pact\scs-tools\dnobrowser.exe | "{B89F4162-B4E8-4A47-83E1-054F41D24A13}" = protocol=6 | dir=out | app=system | "{BCA32B67-12D7-49A7-BF03-6B5ABAC61AC3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BCA711F7-1028-46BA-AA89-7D41FF663AC6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C9F56BF4-9968-4660-AE01-02C4BB3D63EB}" = dir=in | app=c:\program files\itunes\itunes.exe | "{D68FE5A5-B526-4049-87D9-0F1E2E8A233C}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | "{DC21E9FF-D08B-4127-A8AF-1082D284BC6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E04D48DB-401B-40FB-B4EB-8FFB585E3B68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{EF2548D2-E063-445D-9AA8-08B715BBA28A}" = dir=out | app=c:\program files\commodas\pact\bin\scs_cpp.exe | "{EF7F6A62-7F1E-44C1-81B8-AC843CA0B06E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F6635F11-63E1-4912-B7F0-BD90EFF3AE33}" = dir=in | app=c:\program files\commodas\pact\bin\scscoreprocess2.exe | "{F711AE1E-B536-400E-B738-D511B3F22D49}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F73FC86E-85DB-4247-80BA-C1B9F2970FB3}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | "{F8B3AD0B-8338-4A99-BB8F-F423B7E5225C}" = dir=out | app=c:\program files\commodas\pact\scs-tools\dnoconfiguration.exe | "{FBA19600-0679-47FF-9B5D-E0E2559A3B0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FD720902-6676-4ADF-A90A-9E638B494838}" = dir=in | app=c:\program files\commodas\pact\scs-tools\dnoconfiguration.exe | "{FF373DFC-8D36-4872-821D-698E8657979E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "TCP Query User{4DC750A9-164B-4A7C-8E50-9DBCC24FE897}C:\users\sun\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sun\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{94C6032A-9DF5-4997-8035-F7BBE6BC8679}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{A6A60C1B-EA28-4DC3-B919-4E760C23C024}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=6 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | "TCP Query User{AF38D8BA-E94E-485B-A1E6-776AABFA5BC4}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe | "TCP Query User{D7EB65E0-370C-4C62-9F23-7A0DA928AAAC}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{E48BF945-B411-4989-B2C0-42D23C32EFD7}C:\users\sun\appdata\local\temp\teamviewer\version7\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\sun\appdata\local\temp\teamviewer\version7\teamviewer.exe | "TCP Query User{FB12ACED-A576-42A7-BA4D-3420F181F86A}C:\users\sun\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sun\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{14E1A97D-DEA7-4E2A-B7CC-5F66B1E4FE69}C:\users\sun\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sun\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{3BB76782-01BD-4D30-BBCD-FB3B018C083D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{7E73D919-1230-48C5-886E-13FC27E2FC9A}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe | "UDP Query User{93A656B7-05E6-4B21-813C-DEA6A11C4D49}C:\users\sun\appdata\local\temp\teamviewer\version7\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\sun\appdata\local\temp\teamviewer\version7\teamviewer.exe | "UDP Query User{BAA6282F-960C-4F0F-AAA5-E2FEBEBDA9C8}C:\users\sun\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sun\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{C8144B34-E267-4F1D-8916-775D415D890A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{F3EEF793-9D94-44E0-88EC-AE6FF32E4D1A}C:\program files\malwarebytes' anti-malware\mbam.exe" = protocol=17 | dir=in | app=c:\program files\malwarebytes' anti-malware\mbam.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{3019D6C0-60B0-41BE-B0FA-BB85B1F00BC3}" = PACT "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5B1F04DA-0F27-45B7-96F2-37190D5E11AE}" = Cisco AnyConnect Secure Mobility Client "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D99D18FD-0F3C-46E3-997C-414586DBBBDE}" = MODSIM 3.6.12 Student "{DBA476A6-BB9A-47B3-ACAA-E56996BCA5A7}" = XRayConfigurator "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "5513-1208-7298-9440" = JDownloader 0.9 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Audacity_is1" = Audacity 2.0 "Avira AntiVir Desktop" = Avira Free Antivirus "Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client "Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy) "HDMI" = Intel(R) Graphics Media Accelerator Driver "LAME_is1" = LAME v3.99.3 (for Windows) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mobile Partner" = Mobile Partner "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "Stonekeep_is1" = Stonekeep "Totalcmd" = Total Commander (Remove or Repair) "Tuned!" = Tuned! "TVWiz" = Intel(R) TV Wizard "Verbindungsassistent" = Verbindungsassistent "VLC media player" = VLC media player 1.1.11 "Winexit_is1" = Winexit 3.5 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.10 (32-Bit) "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.07.2012 06:20:52 | Computer Name = Sternchen | Source = Microsoft-Windows-LoadPerf | ID = 3001 Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "9716". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten. Error - 16.07.2012 06:20:52 | Computer Name = Sternchen | Source = Microsoft-Windows-LoadPerf | ID = 3001 Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "9716". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten. Error - 16.07.2012 06:20:52 | Computer Name = Sternchen | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich. Error - 16.07.2012 06:20:55 | Computer Name = Sternchen | Source = Microsoft-Windows-LoadPerf | ID = 3001 Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "9716". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten. Error - 16.07.2012 06:20:55 | Computer Name = Sternchen | Source = Microsoft-Windows-LoadPerf | ID = 3001 Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "9716". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte enthalten. Error - 16.07.2012 08:59:02 | Computer Name = Sternchen | Source = RasClient | ID = 20227 Description = Error - 16.07.2012 12:17:54 | Computer Name = Sternchen | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 16.07.2012 12:17:54 | Computer Name = Sternchen | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 17.07.2012 01:48:44 | Computer Name = Sternchen | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 17.07.2012 01:48:44 | Computer Name = Sternchen | Source = Bonjour Service | ID = 100 Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) [ Cisco AnyConnect Secure Mobility Client Events ] Error - 16.07.2012 06:11:30 | Computer Name = Sternchen | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1020 NULL object. Cannot establish a connection at this time. Error - 16.07.2012 07:40:53 | Computer Name = Sternchen | Source = acvpnagent | ID = 67108866 Description = Function: Directory::ReadDir File: .\Utility\Directory.cpp Line: 156 Invoked Function: ::FindNextFile Return Code: 18 (0x00000012) Description: Es sind keine weiteren Dateien vorhanden. Error - 16.07.2012 07:40:53 | Computer Name = Sternchen | Source = acvpnagent | ID = 67108866 Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h Line: 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C) Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE Error - 16.07.2012 07:40:53 | Computer Name = Sternchen | Source = acvpnagent | ID = 67108866 Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h Line: 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C) Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE Error - 16.07.2012 07:40:53 | Computer Name = Sternchen | Source = acvpnagent | ID = 67108866 Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h Line: 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C) Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE Error - 16.07.2012 07:41:32 | Computer Name = Sternchen | Source = acvpnui | ID = 67108866 Description = Function: Directory::ReadDir File: .\Utility\Directory.cpp Line: 156 Invoked Function: ::FindNextFile Return Code: 18 (0x00000012) Description: Es sind keine weiteren Dateien vorhanden. Error - 16.07.2012 07:41:32 | Computer Name = Sternchen | Source = acvpnui | ID = 67108866 Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h Line: 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C) Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE Error - 16.07.2012 07:41:32 | Computer Name = Sternchen | Source = acvpnui | ID = 67108866 Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_MR10.327428428415\DaVinci_MR1\vpn\Common\Utility/PluginLoader.h Line: 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C) Description: PLUGINLOADER_ERROR_COULD_NOT_CREATE Error - 16.07.2012 07:41:32 | Computer Name = Sternchen | Source = acvpnui | ID = 67108866 Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4156 Invoked Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: Es sind keine Daten mehr verfügbar. Error - 16.07.2012 07:41:33 | Computer Name = Sternchen | Source = acvpnui | ID = 67108865 Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line: 1020 NULL object. Cannot establish a connection at this time. [ System Events ] Error - 16.07.2012 06:11:31 | Computer Name = Sternchen | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error - 16.07.2012 06:16:41 | Computer Name = Sternchen | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: avipbb avkmgr discache SABI spldr ssmdrv Wanarpv6 Error - 16.07.2012 06:16:54 | Computer Name = Sternchen | Source = DCOM | ID = 10005 Description = Error - 16.07.2012 06:17:00 | Computer Name = Sternchen | Source = DCOM | ID = 10005 Description = Error - 16.07.2012 06:17:03 | Computer Name = Sternchen | Source = DCOM | ID = 10005 Description = Error - 16.07.2012 06:17:03 | Computer Name = Sternchen | Source = DCOM | ID = 10005 Description = Error - 16.07.2012 07:40:16 | Computer Name = Sternchen | Source = DCOM | ID = 10010 Description = Error - 17.07.2012 01:57:11 | Computer Name = Sternchen | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 17.07.2012 01:57:12 | Computer Name = Sternchen | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. Error - 17.07.2012 01:57:12 | Computer Name = Sternchen | Source = Disk | ID = 262155 Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden. < End of report > und der Gmer.txt GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-07-17 12:10:00 Windows 6.1.7601 Service Pack 1 Running: 6znn85l5.exe; Driver: C:\Users\sun\AppData\Local\Temp\awtyapob.sys ---- System - GMER 1.0.15 ---- SSDT 91BE37FE ZwCreateSection SSDT 91BE3808 ZwRequestWaitReplyPort SSDT 91BE3803 ZwSetContextThread SSDT 91BE380D ZwSetSecurityObject SSDT 91BE3812 ZwSystemDebugControl SSDT 91BE379F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwRollbackEnlistment + 1409 82C4C989 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C6C4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 14BF 82C7387C 4 Bytes [FE, 37, BE, 91] .text ntoskrnl.exe!KeRemoveQueueEx + 181B 82C73BD8 4 Bytes [08, 38, BE, 91] .text ntoskrnl.exe!KeRemoveQueueEx + 185F 82C73C1C 4 Bytes [03, 38, BE, 91] .text ntoskrnl.exe!KeRemoveQueueEx + 18DB 82C73C98 4 Bytes [0D, 38, BE, 91] .text ntoskrnl.exe!KeRemoveQueueEx + 192F 82C73CEC 4 Bytes JMP BE381282 .text ... ? System32\drivers\qepd.sys Das System kann den angegebenen Pfad nicht finden. ! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1f37047 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1f37047@ac81f3007718 0x7C 0xA6 0x88 0x87 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1f37047 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1f37047@ac81f3007718 0x7C 0xA6 0x88 0x87 ... ---- EOF - GMER 1.0.15 ---- und die malwarebyte datei: Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.17.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 sun :: STERNCHEN [Administrator] Schutz: Aktiviert 17.07.2012 12:33:57 mbam-log-2012-07-17 (13-45-01)m Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 309426 Laufzeit: 1 Stunde(n), 8 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\sun\AppData\Local\{0eff2cb0-66a4-c2f5-ecf1-5c11cb76412d}\n. -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
17.07.2012, 15:56
| #2 |
| /// Malwareteam   | TR/ATRAPS.Gen und TR/inject.eigl eingefangen Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
__________________Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
17.07.2012, 17:08
| #3 |
| | TR/ATRAPS.Gen und TR/inject.eigl eingefangen Hallo Swiss,
__________________danke für die schnelle Antwort. Ich habe mir den TDSS runtergeladen und ausgeführt. Allerdings hat das Program nichts gefunden und ich kann auch kein logfile speichern. Was mich wundert ist, dass das Programm nur 428 Dateien durchsucht hat. Ist das richtig so? Vielen Dank für die weitere Unterstützung, gruß Katta |
|
17.07.2012, 21:38
| #4 |
| /// Malwareteam | TR/ATRAPS.Gen und TR/inject.eigl eingefangen Hast Du hier geschaut: C:\TDSSKiller.<version_date_time>log.txt |
|
18.07.2012, 07:20
| #5 |
| | TR/ATRAPS.Gen und TR/inject.eigl eingefangen Guten Morgen, nein, da hatte ich leider nicht geschaut. Ich war so darauf fixiert nicht "cure" zu drücken, falls etwas gefunden werden sollte, damit ich dann das Logfile speichern könnte, dass ich leider gar nicht daran gedacht habe, dass es auch ohne diese Ankündigung gespeichert werden könnte. Hier ist nun das Logfile von meinem TDSS Durchlauf: 18:02:51.0847 3732 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 18:02:52.0150 3732 ============================================================ 18:02:52.0150 3732 Current date / time: 2012/07/17 18:02:52.0150 18:02:52.0150 3732 SystemInfo: 18:02:52.0150 3732 18:02:52.0150 3732 OS Version: 6.1.7601 ServicePack: 1.0 18:02:52.0150 3732 Product type: Workstation 18:02:52.0150 3732 ComputerName: STERNCHEN 18:02:52.0150 3732 UserName: sun 18:02:52.0150 3732 Windows directory: C:\Windows 18:02:52.0151 3732 System windows directory: C:\Windows 18:02:52.0151 3732 Processor architecture: Intel x86 18:02:52.0151 3732 Number of processors: 2 18:02:52.0151 3732 Page size: 0x1000 18:02:52.0151 3732 Boot type: Normal boot 18:02:52.0151 3732 ============================================================ 18:02:53.0808 3732 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 18:02:53.0813 3732 ============================================================ 18:02:53.0813 3732 \Device\Harddisk0\DR0: 18:02:53.0813 3732 MBR partitions: 18:02:53.0813 3732 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 18:02:53.0813 3732 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC805000 18:02:53.0813 3732 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC837800, BlocksNum 0x2DB4E000 18:02:53.0813 3732 ============================================================ 18:02:53.0853 3732 C: <-> \Device\Harddisk0\DR0\Partition1 18:02:53.0922 3732 D: <-> \Device\Harddisk0\DR0\Partition2 18:02:53.0923 3732 ============================================================ 18:02:53.0923 3732 Initialize success 18:02:53.0923 3732 ============================================================ 18:03:12.0964 1304 ============================================================ 18:03:12.0964 1304 Scan started 18:03:12.0964 1304 Mode: Manual; 18:03:12.0964 1304 ============================================================ 18:03:14.0531 1304 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 18:03:14.0534 1304 1394ohci - ok 18:03:14.0610 1304 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 18:03:14.0614 1304 ACPI - ok 18:03:14.0661 1304 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 18:03:14.0666 1304 AcpiPmi - ok 18:03:14.0748 1304 acsock (ae954c42547605408cddf03bb13845b8) C:\Windows\system32\DRIVERS\acsock.sys 18:03:14.0758 1304 acsock - ok 18:03:14.0902 1304 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 18:03:14.0904 1304 AdobeARMservice - ok 18:03:14.0986 1304 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 18:03:14.0993 1304 adp94xx - ok 18:03:15.0046 1304 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 18:03:15.0060 1304 adpahci - ok 18:03:15.0090 1304 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 18:03:15.0092 1304 adpu320 - ok 18:03:15.0134 1304 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 18:03:15.0136 1304 AeLookupSvc - ok 18:03:15.0214 1304 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 18:03:15.0219 1304 AFD - ok 18:03:15.0383 1304 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys 18:03:15.0401 1304 AgereSoftModem - ok 18:03:15.0447 1304 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 18:03:15.0448 1304 agp440 - ok 18:03:15.0531 1304 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 18:03:15.0532 1304 aic78xx - ok 18:03:15.0624 1304 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 18:03:15.0635 1304 ALG - ok 18:03:15.0685 1304 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 18:03:15.0691 1304 aliide - ok 18:03:15.0720 1304 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 18:03:15.0722 1304 amdagp - ok 18:03:15.0741 1304 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 18:03:15.0748 1304 amdide - ok 18:03:15.0797 1304 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 18:03:15.0799 1304 AmdK8 - ok 18:03:15.0822 1304 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 18:03:15.0823 1304 AmdPPM - ok 18:03:15.0873 1304 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 18:03:15.0879 1304 amdsata - ok 18:03:15.0916 1304 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 18:03:15.0917 1304 amdsbs - ok 18:03:15.0945 1304 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 18:03:15.0946 1304 amdxata - ok 18:03:16.0209 1304 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe 18:03:16.0228 1304 AntiVirSchedulerService - ok 18:03:16.0320 1304 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 18:03:16.0322 1304 AntiVirService - ok 18:03:16.0376 1304 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 18:03:16.0378 1304 AppID - ok 18:03:16.0436 1304 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 18:03:16.0437 1304 AppIDSvc - ok 18:03:16.0481 1304 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 18:03:16.0483 1304 Appinfo - ok 18:03:16.0622 1304 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:03:16.0624 1304 Apple Mobile Device - ok 18:03:16.0682 1304 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll 18:03:16.0684 1304 AppMgmt - ok 18:03:16.0729 1304 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 18:03:16.0731 1304 arc - ok 18:03:16.0771 1304 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 18:03:16.0772 1304 arcsas - ok 18:03:16.0810 1304 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 18:03:16.0814 1304 AsyncMac - ok 18:03:16.0855 1304 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 18:03:16.0856 1304 atapi - ok 18:03:16.0931 1304 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 18:03:16.0937 1304 AudioEndpointBuilder - ok 18:03:16.0948 1304 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 18:03:16.0952 1304 Audiosrv - ok 18:03:16.0986 1304 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys 18:03:16.0987 1304 avgntflt - ok 18:03:17.0062 1304 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys 18:03:17.0090 1304 avipbb - ok 18:03:17.0120 1304 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys 18:03:17.0121 1304 avkmgr - ok 18:03:17.0163 1304 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 18:03:17.0164 1304 AxInstSV - ok 18:03:17.0249 1304 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 18:03:17.0254 1304 b06bdrv - ok 18:03:17.0309 1304 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 18:03:17.0311 1304 b57nd60x - ok 18:03:17.0360 1304 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 18:03:17.0362 1304 BDESVC - ok 18:03:17.0379 1304 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 18:03:17.0395 1304 Beep - ok 18:03:17.0484 1304 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 18:03:17.0490 1304 BFE - ok 18:03:17.0504 1304 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 18:03:17.0505 1304 blbdrive - ok 18:03:17.0696 1304 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe 18:03:17.0718 1304 Bonjour Service - ok 18:03:17.0800 1304 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 18:03:17.0801 1304 bowser - ok 18:03:17.0846 1304 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:03:17.0852 1304 BrFiltLo - ok 18:03:17.0869 1304 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:03:17.0870 1304 BrFiltUp - ok 18:03:17.0929 1304 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 18:03:17.0932 1304 Browser - ok 18:03:18.0064 1304 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 18:03:18.0080 1304 Brserid - ok 18:03:18.0121 1304 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 18:03:18.0123 1304 BrSerWdm - ok 18:03:18.0174 1304 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 18:03:18.0175 1304 BrUsbMdm - ok 18:03:18.0200 1304 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 18:03:18.0202 1304 BrUsbSer - ok 18:03:18.0271 1304 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys 18:03:18.0272 1304 BthEnum - ok 18:03:18.0315 1304 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 18:03:18.0316 1304 BTHMODEM - ok 18:03:18.0361 1304 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 18:03:18.0362 1304 BthPan - ok 18:03:18.0460 1304 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys 18:03:18.0465 1304 BTHPORT - ok 18:03:18.0505 1304 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 18:03:18.0506 1304 bthserv - ok 18:03:18.0550 1304 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys 18:03:18.0551 1304 BTHUSB - ok 18:03:18.0655 1304 CBUSB (e6de3f6a87eaafc3f5c3cc2618d8e5e6) C:\Windows\system32\drivers\CBUSB.sys 18:03:18.0656 1304 CBUSB - ok 18:03:18.0712 1304 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 18:03:18.0713 1304 cdfs - ok 18:03:18.0841 1304 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 18:03:18.0908 1304 cdrom - ok 18:03:19.0036 1304 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 18:03:19.0038 1304 CertPropSvc - ok 18:03:19.0142 1304 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 18:03:19.0150 1304 circlass - ok 18:03:19.0216 1304 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 18:03:19.0220 1304 CLFS - ok 18:03:19.0444 1304 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:03:19.0464 1304 clr_optimization_v2.0.50727_32 - ok 18:03:19.0641 1304 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:03:19.0644 1304 clr_optimization_v4.0.30319_32 - ok 18:03:19.0705 1304 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 18:03:19.0706 1304 CmBatt - ok 18:03:19.0766 1304 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 18:03:19.0767 1304 cmdide - ok 18:03:19.0975 1304 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys 18:03:19.0985 1304 CNG - ok 18:03:20.0030 1304 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 18:03:20.0036 1304 Compbatt - ok 18:03:20.0100 1304 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 18:03:20.0105 1304 CompositeBus - ok 18:03:20.0124 1304 COMSysApp - ok 18:03:20.0157 1304 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 18:03:20.0158 1304 crcdisk - ok 18:03:20.0215 1304 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll 18:03:20.0217 1304 CryptSvc - ok 18:03:20.0314 1304 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 18:03:20.0318 1304 CSC - ok 18:03:20.0422 1304 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll 18:03:20.0632 1304 CscService - ok 18:03:20.0722 1304 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 18:03:20.0729 1304 DcomLaunch - ok 18:03:20.0829 1304 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 18:03:20.0838 1304 defragsvc - ok 18:03:21.0053 1304 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 18:03:21.0054 1304 DfsC - ok 18:03:21.0116 1304 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 18:03:21.0119 1304 Dhcp - ok 18:03:21.0167 1304 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 18:03:21.0168 1304 discache - ok 18:03:21.0207 1304 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 18:03:21.0208 1304 Disk - ok 18:03:21.0256 1304 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 18:03:21.0258 1304 Dnscache - ok 18:03:21.0322 1304 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 18:03:21.0325 1304 dot3svc - ok 18:03:21.0371 1304 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 18:03:21.0373 1304 DPS - ok 18:03:21.0405 1304 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 18:03:21.0406 1304 drmkaud - ok 18:03:21.0561 1304 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 18:03:21.0618 1304 DXGKrnl - ok 18:03:21.0690 1304 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 18:03:21.0692 1304 EapHost - ok 18:03:22.0157 1304 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 18:03:22.0247 1304 ebdrv - ok 18:03:22.0494 1304 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 18:03:22.0496 1304 EFS - ok 18:03:22.0617 1304 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 18:03:22.0675 1304 ehRecvr - ok 18:03:22.0727 1304 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 18:03:22.0728 1304 ehSched - ok 18:03:22.0890 1304 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 18:03:22.0896 1304 elxstor - ok 18:03:23.0004 1304 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 18:03:23.0005 1304 ErrDev - ok 18:03:23.0063 1304 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 18:03:23.0073 1304 EventSystem - ok 18:03:23.0162 1304 ewusbnet (dafc7e1b2ffa35ccbddf95ae3e31bfae) C:\Windows\system32\DRIVERS\ewusbnet.sys 18:03:23.0164 1304 ewusbnet - ok 18:03:23.0217 1304 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 18:03:23.0225 1304 exfat - ok 18:03:23.0277 1304 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 18:03:23.0299 1304 fastfat - ok 18:03:23.0417 1304 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 18:03:23.0424 1304 Fax - ok 18:03:23.0459 1304 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 18:03:23.0462 1304 fdc - ok 18:03:23.0511 1304 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 18:03:23.0515 1304 fdPHost - ok 18:03:23.0549 1304 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 18:03:23.0556 1304 FDResPub - ok 18:03:23.0572 1304 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 18:03:23.0573 1304 FileInfo - ok 18:03:23.0614 1304 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 18:03:23.0615 1304 Filetrace - ok 18:03:23.0664 1304 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 18:03:23.0664 1304 flpydisk - ok 18:03:23.0711 1304 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 18:03:23.0712 1304 FltMgr - ok 18:03:23.0932 1304 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 18:03:23.0941 1304 FontCache - ok 18:03:24.0056 1304 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 18:03:24.0057 1304 FontCache3.0.0.0 - ok 18:03:24.0120 1304 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 18:03:24.0121 1304 FsDepends - ok 18:03:24.0199 1304 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys 18:03:24.0213 1304 Fs_Rec - ok 18:03:24.0272 1304 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 18:03:24.0273 1304 fvevol - ok 18:03:24.0302 1304 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 18:03:24.0303 1304 gagp30kx - ok 18:03:24.0348 1304 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:03:24.0349 1304 GEARAspiWDM - ok 18:03:24.0574 1304 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 18:03:24.0585 1304 gpsvc - ok 18:03:24.0645 1304 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 18:03:24.0646 1304 hcw85cir - ok 18:03:24.0788 1304 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 18:03:24.0793 1304 HdAudAddService - ok 18:03:25.0128 1304 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 18:03:25.0130 1304 HDAudBus - ok 18:03:25.0181 1304 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 18:03:25.0182 1304 HidBatt - ok 18:03:25.0298 1304 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 18:03:25.0299 1304 HidBth - ok 18:03:25.0346 1304 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 18:03:25.0348 1304 HidIr - ok 18:03:25.0398 1304 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 18:03:25.0400 1304 hidserv - ok 18:03:25.0462 1304 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 18:03:25.0463 1304 HidUsb - ok 18:03:25.0519 1304 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 18:03:25.0523 1304 hkmsvc - ok 18:03:25.0625 1304 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 18:03:25.0631 1304 HomeGroupListener - ok 18:03:25.0709 1304 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 18:03:25.0715 1304 HomeGroupProvider - ok 18:03:25.0787 1304 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 18:03:25.0790 1304 HpSAMD - ok 18:03:25.0938 1304 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 18:03:25.0961 1304 HTTP - ok 18:03:26.0052 1304 hwdatacard (1fc7a63148e4f2bd831dab0dc732026d) C:\Windows\system32\DRIVERS\ewusbmdm.sys 18:03:26.0063 1304 hwdatacard - ok 18:03:26.0116 1304 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 18:03:26.0118 1304 hwpolicy - ok 18:03:26.0170 1304 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys 18:03:26.0171 1304 hwusbdev - ok 18:03:26.0229 1304 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 18:03:26.0230 1304 i8042prt - ok 18:03:26.0315 1304 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 18:03:26.0320 1304 iaStorV - ok 18:03:26.0498 1304 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:03:26.0513 1304 idsvc - ok 18:03:26.0732 1304 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys 18:03:26.0791 1304 igfx - ok 18:03:27.0016 1304 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 18:03:27.0017 1304 iirsp - ok 18:03:27.0158 1304 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 18:03:27.0171 1304 IKEEXT - ok 18:03:27.0209 1304 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 18:03:27.0210 1304 intelide - ok 18:03:27.0245 1304 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 18:03:27.0247 1304 intelppm - ok 18:03:27.0284 1304 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 18:03:27.0299 1304 IPBusEnum - ok 18:03:27.0324 1304 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:03:27.0326 1304 IpFilterDriver - ok 18:03:27.0431 1304 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 18:03:27.0441 1304 iphlpsvc - ok 18:03:27.0474 1304 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 18:03:27.0475 1304 IPMIDRV - ok 18:03:27.0508 1304 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 18:03:27.0510 1304 IPNAT - ok 18:03:27.0658 1304 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe 18:03:27.0685 1304 iPod Service - ok 18:03:27.0721 1304 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 18:03:27.0722 1304 IRENUM - ok 18:03:27.0761 1304 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 18:03:27.0762 1304 isapnp - ok 18:03:27.0812 1304 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 18:03:27.0835 1304 iScsiPrt - ok 18:03:27.0866 1304 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 18:03:27.0867 1304 kbdclass - ok 18:03:27.0903 1304 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys 18:03:27.0904 1304 kbdhid - ok 18:03:27.0984 1304 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:03:27.0988 1304 KeyIso - ok 18:03:28.0128 1304 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys 18:03:28.0129 1304 KMDFMEMIO - ok 18:03:28.0394 1304 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys 18:03:28.0396 1304 KSecDD - ok 18:03:28.0650 1304 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys 18:03:28.0653 1304 KSecPkg - ok 18:03:28.0753 1304 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 18:03:28.0761 1304 KtmRm - ok 18:03:28.0887 1304 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll 18:03:28.0894 1304 LanmanServer - ok 18:03:28.0982 1304 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 18:03:28.0988 1304 LanmanWorkstation - ok 18:03:29.0059 1304 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 18:03:29.0068 1304 lltdio - ok 18:03:29.0571 1304 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 18:03:29.0594 1304 lltdsvc - ok 18:03:29.0614 1304 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 18:03:29.0618 1304 lmhosts - ok 18:03:29.0666 1304 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 18:03:29.0668 1304 LSI_FC - ok 18:03:29.0718 1304 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 18:03:29.0719 1304 LSI_SAS - ok 18:03:29.0949 1304 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:03:29.0950 1304 LSI_SAS2 - ok 18:03:30.0017 1304 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:03:30.0018 1304 LSI_SCSI - ok 18:03:30.0262 1304 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 18:03:30.0264 1304 luafv - ok 18:03:30.0318 1304 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys 18:03:30.0320 1304 MBAMProtector - ok 18:03:30.0764 1304 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 18:03:30.0791 1304 MBAMService - ok 18:03:30.0862 1304 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 18:03:30.0866 1304 Mcx2Svc - ok 18:03:30.0943 1304 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 18:03:30.0944 1304 megasas - ok 18:03:31.0123 1304 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 18:03:31.0127 1304 MegaSR - ok 18:03:31.0225 1304 Microsoft SharePoint Workspace Audit Service - ok 18:03:31.0298 1304 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 18:03:31.0301 1304 MMCSS - ok 18:03:31.0348 1304 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 18:03:31.0349 1304 Modem - ok 18:03:31.0396 1304 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 18:03:31.0397 1304 monitor - ok 18:03:31.0449 1304 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 18:03:31.0459 1304 mouclass - ok 18:03:31.0498 1304 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 18:03:31.0500 1304 mouhid - ok 18:03:31.0694 1304 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 18:03:31.0696 1304 mountmgr - ok 18:03:31.0754 1304 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 18:03:31.0768 1304 MozillaMaintenance - ok 18:03:31.0986 1304 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 18:03:32.0000 1304 mpio - ok 18:03:32.0067 1304 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 18:03:32.0076 1304 mpsdrv - ok 18:03:32.0401 1304 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 18:03:32.0446 1304 MpsSvc - ok 18:03:32.0490 1304 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 18:03:32.0492 1304 MRxDAV - ok 18:03:32.0555 1304 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:03:32.0566 1304 mrxsmb - ok 18:03:32.0768 1304 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:03:32.0784 1304 mrxsmb10 - ok 18:03:32.0850 1304 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:03:32.0861 1304 mrxsmb20 - ok 18:03:32.0928 1304 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 18:03:32.0935 1304 msahci - ok 18:03:33.0115 1304 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 18:03:33.0117 1304 msdsm - ok 18:03:33.0207 1304 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 18:03:33.0212 1304 MSDTC - ok 18:03:33.0264 1304 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 18:03:33.0287 1304 Msfs - ok 18:03:33.0334 1304 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 18:03:33.0335 1304 mshidkmdf - ok 18:03:33.0393 1304 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 18:03:33.0394 1304 msisadrv - ok 18:03:33.0464 1304 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 18:03:33.0467 1304 MSiSCSI - ok 18:03:33.0478 1304 msiserver - ok 18:03:33.0528 1304 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 18:03:33.0531 1304 MSKSSRV - ok 18:03:33.0549 1304 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 18:03:33.0550 1304 MSPCLOCK - ok 18:03:33.0569 1304 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 18:03:33.0570 1304 MSPQM - ok 18:03:33.0839 1304 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 18:03:33.0843 1304 MsRPC - ok 18:03:33.0986 1304 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 18:03:33.0987 1304 mssmbios - ok 18:03:34.0030 1304 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 18:03:34.0032 1304 MSTEE - ok 18:03:34.0044 1304 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 18:03:34.0045 1304 MTConfig - ok 18:03:34.0148 1304 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 18:03:34.0149 1304 Mup - ok 18:03:34.0579 1304 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 18:03:34.0599 1304 napagent - ok 18:03:34.0692 1304 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 18:03:34.0696 1304 NativeWifiP - ok 18:03:35.0124 1304 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 18:03:35.0145 1304 NDIS - ok 18:03:35.0222 1304 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 18:03:35.0228 1304 NdisCap - ok 18:03:35.0262 1304 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 18:03:35.0263 1304 NdisTapi - ok 18:03:35.0324 1304 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 18:03:35.0326 1304 Ndisuio - ok 18:03:35.0445 1304 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 18:03:35.0447 1304 NdisWan - ok 18:03:35.0490 1304 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 18:03:35.0499 1304 NDProxy - ok 18:03:35.0561 1304 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 18:03:35.0563 1304 NetBIOS - ok 18:03:35.0677 1304 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 18:03:35.0680 1304 NetBT - ok 18:03:35.0731 1304 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:03:35.0735 1304 Netlogon - ok 18:03:35.0930 1304 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 18:03:35.0941 1304 Netman - ok 18:03:36.0379 1304 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 18:03:36.0417 1304 netprofm - ok 18:03:36.0786 1304 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:03:36.0803 1304 NetTcpPortSharing - ok 18:03:39.0944 1304 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 18:03:40.0069 1304 netw5v32 - ok 18:03:41.0010 1304 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 18:03:41.0018 1304 nfrd960 - ok 18:03:41.0096 1304 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 18:03:41.0103 1304 NlaSvc - ok 18:03:41.0246 1304 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 18:03:41.0256 1304 Npfs - ok 18:03:41.0320 1304 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 18:03:41.0324 1304 nsi - ok 18:03:41.0370 1304 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 18:03:41.0371 1304 nsiproxy - ok 18:03:42.0229 1304 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 18:03:42.0301 1304 Ntfs - ok 18:03:42.0357 1304 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 18:03:42.0373 1304 Null - ok 18:03:42.0517 1304 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 18:03:42.0518 1304 nvraid - ok 18:03:42.0592 1304 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 18:03:42.0594 1304 nvstor - ok 18:03:42.0720 1304 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 18:03:42.0728 1304 nv_agp - ok 18:03:42.0769 1304 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 18:03:42.0770 1304 ohci1394 - ok 18:03:43.0096 1304 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:03:43.0098 1304 ose - ok 18:03:46.0436 1304 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 18:03:46.0562 1304 osppsvc - ok 18:03:46.0913 1304 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 18:03:46.0921 1304 p2pimsvc - ok 18:03:47.0008 1304 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 18:03:47.0050 1304 p2psvc - ok 18:03:47.0132 1304 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 18:03:47.0134 1304 Parport - ok 18:03:47.0178 1304 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys 18:03:47.0185 1304 partmgr - ok 18:03:47.0217 1304 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 18:03:47.0218 1304 Parvdm - ok 18:03:47.0303 1304 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 18:03:47.0309 1304 PcaSvc - ok 18:03:47.0385 1304 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 18:03:47.0388 1304 pci - ok 18:03:47.0447 1304 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 18:03:47.0454 1304 pciide - ok 18:03:47.0496 1304 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 18:03:47.0499 1304 pcmcia - ok 18:03:47.0549 1304 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 18:03:47.0551 1304 pcw - ok 18:03:47.0647 1304 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 18:03:47.0663 1304 PEAUTH - ok 18:03:47.0810 1304 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll 18:03:47.0861 1304 PeerDistSvc - ok 18:03:48.0204 1304 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 18:03:48.0257 1304 pla - ok 18:03:48.0611 1304 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 18:03:48.0620 1304 PlugPlay - ok 18:03:48.0670 1304 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 18:03:48.0672 1304 PNRPAutoReg - ok 18:03:48.0712 1304 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 18:03:48.0716 1304 PNRPsvc - ok 18:03:48.0838 1304 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 18:03:48.0845 1304 PolicyAgent - ok 18:03:48.0895 1304 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 18:03:48.0902 1304 Power - ok 18:03:49.0023 1304 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 18:03:49.0025 1304 PptpMiniport - ok 18:03:49.0060 1304 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 18:03:49.0062 1304 Processor - ok 18:03:49.0140 1304 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll 18:03:49.0147 1304 ProfSvc - ok 18:03:49.0197 1304 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:03:49.0201 1304 ProtectedStorage - ok 18:03:49.0274 1304 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 18:03:49.0277 1304 Psched - ok 18:03:49.0635 1304 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 18:03:49.0691 1304 ql2300 - ok 18:03:49.0959 1304 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 18:03:49.0972 1304 ql40xx - ok 18:03:50.0031 1304 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 18:03:50.0049 1304 QWAVE - ok 18:03:50.0066 1304 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 18:03:50.0074 1304 QWAVEdrv - ok 18:03:50.0096 1304 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 18:03:50.0097 1304 RasAcd - ok 18:03:50.0142 1304 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 18:03:50.0144 1304 RasAgileVpn - ok 18:03:50.0186 1304 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 18:03:50.0200 1304 RasAuto - ok 18:03:50.0255 1304 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:03:50.0257 1304 Rasl2tp - ok 18:03:50.0339 1304 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 18:03:50.0359 1304 RasMan - ok 18:03:50.0398 1304 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 18:03:50.0400 1304 RasPppoe - ok 18:03:50.0445 1304 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 18:03:50.0446 1304 RasSstp - ok 18:03:50.0512 1304 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 18:03:50.0535 1304 rdbss - ok 18:03:50.0562 1304 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 18:03:50.0564 1304 rdpbus - ok 18:03:50.0603 1304 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:03:50.0604 1304 RDPCDD - ok 18:03:50.0675 1304 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 18:03:50.0677 1304 RDPDR - ok 18:03:50.0741 1304 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 18:03:50.0742 1304 RDPENCDD - ok 18:03:50.0771 1304 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 18:03:50.0772 1304 RDPREFMP - ok 18:03:50.0827 1304 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys 18:03:50.0835 1304 RDPWD - ok 18:03:50.0900 1304 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 18:03:50.0902 1304 rdyboost - ok 18:03:50.0942 1304 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 18:03:50.0945 1304 RemoteAccess - ok 18:03:50.0997 1304 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 18:03:51.0000 1304 RemoteRegistry - ok 18:03:51.0047 1304 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 18:03:51.0048 1304 RFCOMM - ok 18:03:51.0096 1304 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 18:03:51.0097 1304 rismxdp - ok 18:03:51.0139 1304 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 18:03:51.0142 1304 RpcEptMapper - ok 18:03:51.0167 1304 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 18:03:51.0175 1304 RpcLocator - ok 18:03:51.0300 1304 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 18:03:51.0310 1304 RpcSs - ok 18:03:51.0355 1304 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 18:03:51.0356 1304 rspndr - ok 18:03:51.0400 1304 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 18:03:51.0401 1304 s3cap - ok 18:03:51.0463 1304 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\Windows\system32\Drivers\SABI.sys 18:03:51.0464 1304 SABI - ok 18:03:51.0546 1304 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:03:51.0549 1304 SamSs - ok 18:03:51.0616 1304 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 18:03:51.0618 1304 sbp2port - ok 18:03:51.0675 1304 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 18:03:51.0681 1304 SCardSvr - ok 18:03:51.0727 1304 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 18:03:51.0729 1304 scfilter - ok 18:03:51.0853 1304 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 18:03:51.0880 1304 Schedule - ok 18:03:51.0927 1304 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 18:03:51.0929 1304 SCPolicySvc - ok 18:03:52.0002 1304 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys 18:03:52.0004 1304 sdbus - ok 18:03:52.0087 1304 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 18:03:52.0093 1304 SDRSVC - ok 18:03:52.0139 1304 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 18:03:52.0145 1304 secdrv - ok 18:03:52.0184 1304 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 18:03:52.0190 1304 seclogon - ok 18:03:52.0226 1304 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 18:03:52.0231 1304 SENS - ok 18:03:52.0257 1304 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 18:03:52.0263 1304 SensrSvc - ok 18:03:52.0318 1304 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 18:03:52.0319 1304 Serenum - ok 18:03:52.0359 1304 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 18:03:52.0370 1304 Serial - ok 18:03:52.0423 1304 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 18:03:52.0424 1304 sermouse - ok 18:03:52.0494 1304 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 18:03:52.0505 1304 SessionEnv - ok 18:03:52.0562 1304 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 18:03:52.0566 1304 sffdisk - ok 18:03:52.0584 1304 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 18:03:52.0585 1304 sffp_mmc - ok 18:03:52.0607 1304 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys 18:03:52.0608 1304 sffp_sd - ok 18:03:52.0638 1304 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 18:03:52.0639 1304 sfloppy - ok 18:03:52.0690 1304 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 18:03:52.0694 1304 SharedAccess - ok 18:03:52.0766 1304 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 18:03:52.0777 1304 ShellHWDetection - ok 18:03:52.0826 1304 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 18:03:52.0828 1304 sisagp - ok 18:03:52.0866 1304 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:03:52.0867 1304 SiSRaid2 - ok 18:03:52.0899 1304 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 18:03:52.0901 1304 SiSRaid4 - ok 18:03:53.0100 1304 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe 18:03:53.0102 1304 SkypeUpdate - ok 18:03:53.0154 1304 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 18:03:53.0156 1304 Smb - ok 18:03:53.0209 1304 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 18:03:53.0214 1304 SNMPTRAP - ok 18:03:53.0264 1304 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 18:03:53.0274 1304 spldr - ok 18:03:53.0350 1304 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 18:03:53.0361 1304 Spooler - ok 18:03:54.0113 1304 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 18:03:54.0219 1304 sppsvc - ok 18:03:54.0400 1304 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 18:03:54.0405 1304 sppuinotify - ok 18:03:54.0537 1304 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 18:03:54.0542 1304 srv - ok 18:03:54.0623 1304 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 18:03:54.0628 1304 srv2 - ok 18:03:54.0670 1304 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 18:03:54.0672 1304 srvnet - ok 18:03:54.0740 1304 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 18:03:54.0754 1304 SSDPSRV - ok 18:03:54.0817 1304 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 18:03:54.0818 1304 ssmdrv - ok 18:03:54.0918 1304 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 18:03:54.0925 1304 SstpSvc - ok 18:03:54.0973 1304 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 18:03:54.0974 1304 stexstor - ok 18:03:55.0086 1304 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 18:03:55.0100 1304 StiSvc - ok 18:03:55.0174 1304 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 18:03:55.0183 1304 storflt - ok 18:03:55.0229 1304 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll 18:03:55.0235 1304 StorSvc - ok 18:03:55.0280 1304 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 18:03:55.0281 1304 storvsc - ok 18:03:55.0327 1304 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 18:03:55.0329 1304 swenum - ok 18:03:55.0424 1304 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 18:03:55.0439 1304 swprv - ok 18:03:55.0636 1304 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 18:03:55.0663 1304 SysMain - ok 18:03:55.0723 1304 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 18:03:55.0730 1304 TabletInputService - ok 18:03:55.0827 1304 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 18:03:55.0836 1304 TapiSrv - ok 18:03:55.0875 1304 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 18:03:55.0881 1304 TBS - ok 18:03:56.0123 1304 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys 18:03:56.0151 1304 Tcpip - ok 18:03:56.0188 1304 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys 18:03:56.0203 1304 TCPIP6 - ok 18:03:56.0285 1304 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 18:03:56.0286 1304 tcpipreg - ok 18:03:56.0341 1304 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 18:03:56.0347 1304 TDPIPE - ok 18:03:56.0418 1304 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 18:03:56.0420 1304 TDTCP - ok 18:03:56.0462 1304 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 18:03:56.0471 1304 tdx - ok 18:03:56.0524 1304 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 18:03:56.0526 1304 TermDD - ok 18:03:56.0660 1304 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 18:03:56.0709 1304 TermService - ok 18:03:56.0767 1304 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 18:03:56.0773 1304 Themes - ok 18:03:56.0808 1304 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 18:03:56.0812 1304 THREADORDER - ok 18:03:56.0842 1304 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 18:03:56.0848 1304 TrkWks - ok 18:03:56.0946 1304 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 18:03:56.0949 1304 TrustedInstaller - ok 18:03:57.0009 1304 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:03:57.0011 1304 tssecsrv - ok 18:03:57.0057 1304 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 18:03:57.0067 1304 TsUsbFlt - ok 18:03:57.0137 1304 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 18:03:57.0150 1304 tunnel - ok 18:03:57.0215 1304 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 18:03:57.0216 1304 uagp35 - ok 18:03:57.0286 1304 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 18:03:57.0290 1304 udfs - ok 18:03:57.0340 1304 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 18:03:57.0346 1304 UI0Detect - ok 18:03:57.0415 1304 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 18:03:57.0417 1304 uliagpkx - ok 18:03:57.0476 1304 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 18:03:57.0484 1304 umbus - ok 18:03:57.0527 1304 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 18:03:57.0528 1304 UmPass - ok 18:03:57.0587 1304 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll 18:03:57.0594 1304 UmRdpService - ok 18:03:57.0691 1304 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 18:03:57.0718 1304 upnphost - ok 18:03:57.0770 1304 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 18:03:57.0771 1304 USBAAPL - ok 18:03:57.0861 1304 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 18:03:57.0870 1304 usbccgp - ok 18:03:57.0945 1304 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 18:03:57.0946 1304 usbcir - ok 18:03:58.0006 1304 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 18:03:58.0014 1304 usbehci - ok 18:03:58.0097 1304 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 18:03:58.0112 1304 usbhub - ok 18:03:58.0136 1304 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 18:03:58.0143 1304 usbohci - ok 18:03:58.0170 1304 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 18:03:58.0177 1304 usbprint - ok 18:03:58.0223 1304 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:03:58.0225 1304 USBSTOR - ok 18:03:58.0265 1304 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 18:03:58.0276 1304 usbuhci - ok 18:03:58.0354 1304 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys 18:03:58.0356 1304 usbvideo - ok 18:03:58.0390 1304 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 18:03:58.0396 1304 UxSms - ok 18:03:58.0453 1304 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:03:58.0455 1304 VaultSvc - ok 18:03:58.0501 1304 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 18:03:58.0502 1304 vdrvroot - ok 18:03:58.0606 1304 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 18:03:58.0619 1304 vds - ok 18:03:58.0655 1304 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 18:03:58.0656 1304 vga - ok 18:03:58.0697 1304 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 18:03:58.0699 1304 VgaSave - ok 18:03:59.0004 1304 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 18:03:59.0007 1304 vhdmp - ok 18:03:59.0071 1304 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 18:03:59.0072 1304 viaagp - ok 18:03:59.0131 1304 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 18:03:59.0141 1304 ViaC7 - ok 18:03:59.0167 1304 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 18:03:59.0174 1304 viaide - ok 18:03:59.0240 1304 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 18:03:59.0249 1304 vmbus - ok 18:03:59.0319 1304 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 18:03:59.0320 1304 VMBusHID - ok 18:03:59.0367 1304 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 18:03:59.0367 1304 volmgr - ok 18:03:59.0464 1304 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 18:03:59.0469 1304 volmgrx - ok 18:03:59.0538 1304 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 18:03:59.0545 1304 volsnap - ok 18:03:59.0753 1304 vpnagent (0e097e4d63e39fd2583db1cf5cfe3ad5) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe 18:03:59.0777 1304 vpnagent - ok 18:03:59.0845 1304 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys 18:03:59.0848 1304 vpnva - ok 18:03:59.0900 1304 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 18:03:59.0903 1304 vsmraid - ok 18:04:00.0137 1304 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 18:04:00.0181 1304 VSS - ok 18:04:00.0198 1304 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 18:04:00.0200 1304 vwifibus - ok 18:04:00.0300 1304 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 18:04:00.0316 1304 W32Time - ok 18:04:00.0347 1304 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 18:04:00.0348 1304 WacomPen - ok 18:04:00.0392 1304 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 18:04:00.0394 1304 WANARP - ok 18:04:00.0402 1304 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 18:04:00.0404 1304 Wanarpv6 - ok 18:04:00.0817 1304 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 18:04:00.0876 1304 WatAdminSvc - ok 18:04:01.0198 1304 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 18:04:01.0251 1304 wbengine - ok 18:04:01.0325 1304 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 18:04:01.0332 1304 WbioSrvc - ok 18:04:01.0450 1304 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 18:04:01.0459 1304 wcncsvc - ok 18:04:01.0502 1304 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 18:04:01.0508 1304 WcsPlugInService - ok 18:04:01.0609 1304 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 18:04:01.0610 1304 Wd - ok 18:04:01.0719 1304 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 18:04:01.0739 1304 Wdf01000 - ok 18:04:01.0783 1304 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 18:04:01.0790 1304 WdiServiceHost - ok 18:04:01.0801 1304 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 18:04:01.0809 1304 WdiSystemHost - ok 18:04:01.0921 1304 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 18:04:01.0952 1304 WebClient - ok 18:04:01.0987 1304 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 18:04:01.0993 1304 Wecsvc - ok 18:04:02.0071 1304 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 18:04:02.0077 1304 wercplsupport - ok 18:04:02.0112 1304 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 18:04:02.0118 1304 WerSvc - ok 18:04:02.0142 1304 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 18:04:02.0143 1304 WfpLwf - ok 18:04:02.0158 1304 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 18:04:02.0159 1304 WIMMount - ok 18:04:02.0388 1304 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 18:04:02.0405 1304 WinDefend - ok 18:04:02.0420 1304 WinHttpAutoProxySvc - ok 18:04:02.0534 1304 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 18:04:02.0546 1304 Winmgmt - ok 18:04:02.0763 1304 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 18:04:02.0798 1304 WinRM - ok 18:04:02.0891 1304 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 18:04:02.0896 1304 WinUsb - ok 18:04:03.0085 1304 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 18:04:03.0105 1304 Wlansvc - ok 18:04:03.0503 1304 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:04:03.0554 1304 wlidsvc - ok 18:04:03.0841 1304 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 18:04:03.0843 1304 WmiAcpi - ok 18:04:04.0022 1304 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 18:04:04.0025 1304 wmiApSrv - ok 18:04:04.0401 1304 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 18:04:04.0451 1304 WMPNetworkSvc - ok 18:04:04.0478 1304 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 18:04:04.0485 1304 WPCSvc - ok 18:04:04.0524 1304 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 18:04:04.0531 1304 WPDBusEnum - ok 18:04:04.0598 1304 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 18:04:04.0599 1304 ws2ifsl - ok 18:04:04.0654 1304 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll 18:04:04.0658 1304 wscsvc - ok 18:04:04.0662 1304 WSearch - ok 18:04:04.0765 1304 WTGService (d7e88349be0f01e4d8d776adb1f325bf) C:\Program Files\Verbindungsassistent\WTGService.exe 18:04:04.0768 1304 WTGService - ok 18:04:04.0818 1304 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 18:04:04.0819 1304 WudfPf - ok 18:04:04.0862 1304 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:04:04.0863 1304 WUDFRd - ok 18:04:04.0915 1304 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 18:04:04.0919 1304 wudfsvc - ok 18:04:04.0955 1304 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 18:04:04.0960 1304 WwanSvc - ok 18:04:05.0028 1304 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys 18:04:05.0032 1304 yukonw7 - ok 18:04:05.0095 1304 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 18:04:05.0793 1304 \Device\Harddisk0\DR0 - ok 18:04:05.0819 1304 Boot (0x1200) (1a1f4d2d36ecd747356f86e8588d3e29) \Device\Harddisk0\DR0\Partition0 18:04:05.0843 1304 \Device\Harddisk0\DR0\Partition0 - ok 18:04:05.0864 1304 Boot (0x1200) (57aeb091b4e04779ccfc8808cec0e80b) \Device\Harddisk0\DR0\Partition1 18:04:05.0866 1304 \Device\Harddisk0\DR0\Partition1 - ok 18:04:05.0885 1304 Boot (0x1200) (677b603f26ee4be63135d2b965066f44) \Device\Harddisk0\DR0\Partition2 18:04:05.0887 1304 \Device\Harddisk0\DR0\Partition2 - ok 18:04:05.0888 1304 ============================================================ 18:04:05.0888 1304 Scan finished 18:04:05.0888 1304 ============================================================ 18:04:05.0904 2556 Detected object count: 0 18:04:05.0904 2556 Actual detected object count: 0 18:04:48.0711 3628 ============================================================ 18:04:48.0711 3628 Scan started 18:04:48.0711 3628 Mode: Manual; 18:04:48.0711 3628 ============================================================ 18:04:48.0981 3628 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 18:04:48.0984 3628 1394ohci - ok 18:04:49.0027 3628 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 18:04:49.0030 3628 ACPI - ok 18:04:49.0048 3628 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 18:04:49.0053 3628 AcpiPmi - ok 18:04:49.0101 3628 acsock (ae954c42547605408cddf03bb13845b8) C:\Windows\system32\DRIVERS\acsock.sys 18:04:49.0103 3628 acsock - ok 18:04:49.0212 3628 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 18:04:49.0213 3628 AdobeARMservice - ok 18:04:49.0301 3628 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 18:04:49.0307 3628 adp94xx - ok 18:04:49.0358 3628 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 18:04:49.0371 3628 adpahci - ok 18:04:49.0398 3628 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 18:04:49.0400 3628 adpu320 - ok 18:04:49.0442 3628 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 18:04:49.0444 3628 AeLookupSvc - ok 18:04:49.0519 3628 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 18:04:49.0540 3628 AFD - ok 18:04:49.0694 3628 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys 18:04:49.0706 3628 AgereSoftModem - ok 18:04:49.0744 3628 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 18:04:49.0745 3628 agp440 - ok 18:04:49.0779 3628 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 18:04:49.0781 3628 aic78xx - ok 18:04:49.0811 3628 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 18:04:49.0822 3628 ALG - ok 18:04:49.0839 3628 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 18:04:49.0846 3628 aliide - ok 18:04:49.0875 3628 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 18:04:49.0877 3628 amdagp - ok 18:04:49.0895 3628 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 18:04:49.0902 3628 amdide - ok 18:04:49.0938 3628 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 18:04:49.0939 3628 AmdK8 - ok 18:04:49.0955 3628 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 18:04:49.0956 3628 AmdPPM - ok 18:04:49.0996 3628 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 18:04:49.0997 3628 amdsata - ok 18:04:50.0034 3628 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 18:04:50.0037 3628 amdsbs - ok 18:04:50.0059 3628 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 18:04:50.0060 3628 amdxata - ok 18:04:50.0160 3628 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe 18:04:50.0162 3628 AntiVirSchedulerService - ok 18:04:50.0184 3628 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 18:04:50.0199 3628 AntiVirService - ok 18:04:50.0244 3628 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 18:04:50.0245 3628 AppID - ok 18:04:50.0279 3628 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 18:04:50.0280 3628 AppIDSvc - ok 18:04:50.0323 3628 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 18:04:50.0325 3628 Appinfo - ok 18:04:50.0374 3628 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:04:50.0376 3628 Apple Mobile Device - ok 18:04:50.0433 3628 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll 18:04:50.0435 3628 AppMgmt - ok 18:04:50.0478 3628 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 18:04:50.0479 3628 arc - ok 18:04:50.0508 3628 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 18:04:50.0510 3628 arcsas - ok 18:04:50.0531 3628 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 18:04:50.0536 3628 AsyncMac - ok 18:04:50.0564 3628 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 18:04:50.0565 3628 atapi - ok 18:04:50.0654 3628 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 18:04:50.0660 3628 AudioEndpointBuilder - ok 18:04:50.0674 3628 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 18:04:50.0681 3628 Audiosrv - ok 18:04:50.0707 3628 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys 18:04:50.0708 3628 avgntflt - ok 18:04:50.0745 3628 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys 18:04:50.0746 3628 avipbb - ok 18:04:50.0763 3628 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys 18:04:50.0764 3628 avkmgr - ok 18:04:50.0806 3628 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 18:04:50.0807 3628 AxInstSV - ok 18:04:50.0869 3628 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 18:04:50.0874 3628 b06bdrv - ok 18:04:50.0928 3628 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 18:04:50.0938 3628 b57nd60x - ok 18:04:50.0981 3628 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 18:04:50.0982 3628 BDESVC - ok 18:04:51.0000 3628 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 18:04:51.0001 3628 Beep - ok 18:04:51.0061 3628 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 18:04:51.0066 3628 BFE - ok 18:04:51.0081 3628 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 18:04:51.0082 3628 blbdrive - ok 18:04:51.0191 3628 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe 18:04:51.0195 3628 Bonjour Service - ok 18:04:51.0235 3628 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 18:04:51.0237 3628 bowser - ok 18:04:51.0266 3628 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 18:04:51.0267 3628 BrFiltLo - ok 18:04:51.0290 3628 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 18:04:51.0291 3628 BrFiltUp - ok 18:04:51.0336 3628 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 18:04:51.0338 3628 Browser - ok 18:04:51.0390 3628 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 18:04:51.0405 3628 Brserid - ok 18:04:51.0431 3628 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 18:04:51.0439 3628 BrSerWdm - ok 18:04:51.0461 3628 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 18:04:51.0462 3628 BrUsbMdm - ok 18:04:51.0487 3628 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 18:04:51.0488 3628 BrUsbSer - ok 18:04:51.0525 3628 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys 18:04:51.0527 3628 BthEnum - ok 18:04:51.0549 3628 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 18:04:51.0551 3628 BTHMODEM - ok 18:04:51.0598 3628 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 18:04:51.0600 3628 BthPan - ok 18:04:51.0683 3628 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys 18:04:51.0687 3628 BTHPORT - ok 18:04:51.0718 3628 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 18:04:51.0720 3628 bthserv - ok 18:04:51.0745 3628 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys 18:04:51.0756 3628 BTHUSB - ok 18:04:51.0804 3628 CBUSB (e6de3f6a87eaafc3f5c3cc2618d8e5e6) C:\Windows\system32\drivers\CBUSB.sys 18:04:51.0805 3628 CBUSB - ok 18:04:51.0837 3628 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 18:04:51.0839 3628 cdfs - ok 18:04:51.0882 3628 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys 18:04:51.0884 3628 cdrom - ok 18:04:51.0930 3628 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 18:04:51.0931 3628 CertPropSvc - ok 18:04:51.0958 3628 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 18:04:51.0959 3628 circlass - ok 18:04:52.0012 3628 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 18:04:52.0016 3628 CLFS - ok 18:04:52.0077 3628 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:04:52.0079 3628 clr_optimization_v2.0.50727_32 - ok 18:04:52.0163 3628 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:04:52.0165 3628 clr_optimization_v4.0.30319_32 - ok 18:04:52.0190 3628 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 18:04:52.0191 3628 CmBatt - ok 18:04:52.0224 3628 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 18:04:52.0225 3628 cmdide - ok 18:04:52.0297 3628 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys 18:04:52.0302 3628 CNG - ok 18:04:52.0317 3628 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 18:04:52.0324 3628 Compbatt - ok 18:04:52.0366 3628 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 18:04:52.0367 3628 CompositeBus - ok 18:04:52.0376 3628 COMSysApp - ok 18:04:52.0399 3628 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 18:04:52.0408 3628 crcdisk - ok 18:04:52.0452 3628 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll 18:04:52.0455 3628 CryptSvc - ok 18:04:52.0517 3628 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 18:04:52.0521 3628 CSC - ok 18:04:52.0617 3628 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll 18:04:52.0624 3628 CscService - ok 18:04:52.0668 3628 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 18:04:52.0674 3628 DcomLaunch - ok 18:04:52.0711 3628 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 18:04:52.0714 3628 defragsvc - ok 18:04:52.0785 3628 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 18:04:52.0786 3628 DfsC - ok 18:04:52.0837 3628 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 18:04:52.0839 3628 Dhcp - ok 18:04:52.0887 3628 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 18:04:52.0889 3628 discache - ok 18:04:52.0904 3628 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 18:04:52.0906 3628 Disk - ok 18:04:52.0956 3628 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 18:04:52.0960 3628 Dnscache - ok 18:04:53.0011 3628 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 18:04:53.0015 3628 dot3svc - ok 18:04:53.0069 3628 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 18:04:53.0072 3628 DPS - ok 18:04:53.0092 3628 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 18:04:53.0093 3628 drmkaud - ok 18:04:53.0203 3628 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 18:04:53.0228 3628 DXGKrnl - ok 18:04:53.0270 3628 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 18:04:53.0273 3628 EapHost - ok 18:04:53.0546 3628 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 18:04:53.0578 3628 ebdrv - ok 18:04:53.0718 3628 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 18:04:53.0720 3628 EFS - ok 18:04:53.0823 3628 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 18:04:53.0841 3628 ehRecvr - ok 18:04:53.0871 3628 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 18:04:53.0873 3628 ehSched - ok 18:04:53.0950 3628 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 18:04:53.0955 3628 elxstor - ok 18:04:54.0011 3628 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 18:04:54.0012 3628 ErrDev - ok 18:04:54.0074 3628 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 18:04:54.0077 3628 EventSystem - ok 18:04:54.0123 3628 ewusbnet (dafc7e1b2ffa35ccbddf95ae3e31bfae) C:\Windows\system32\DRIVERS\ewusbnet.sys 18:04:54.0126 3628 ewusbnet - ok 18:04:54.0169 3628 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 18:04:54.0177 3628 exfat - ok 18:04:54.0200 3628 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 18:04:54.0210 3628 fastfat - ok 18:04:54.0274 3628 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 18:04:54.0280 3628 Fax - ok 18:04:54.0302 3628 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 18:04:54.0303 3628 fdc - ok 18:04:54.0341 3628 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 18:04:54.0347 3628 fdPHost - ok 18:04:54.0361 3628 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 18:04:54.0369 3628 FDResPub - ok 18:04:54.0393 3628 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 18:04:54.0394 3628 FileInfo - ok 18:04:54.0414 3628 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 18:04:54.0415 3628 Filetrace - ok 18:04:54.0436 3628 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 18:04:54.0437 3628 flpydisk - ok 18:04:54.0477 3628 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 18:04:54.0479 3628 FltMgr - ok 18:04:54.0589 3628 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 18:04:54.0600 3628 FontCache - ok 18:04:54.0686 3628 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 18:04:54.0688 3628 FontCache3.0.0.0 - ok 18:04:54.0724 3628 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 18:04:54.0725 3628 FsDepends - ok 18:04:54.0765 3628 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys 18:04:54.0767 3628 Fs_Rec - ok 18:04:54.0834 3628 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 18:04:54.0837 3628 fvevol - ok 18:04:54.0876 3628 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 18:04:54.0878 3628 gagp30kx - ok 18:04:54.0914 3628 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:04:54.0915 3628 GEARAspiWDM - ok 18:04:55.0000 3628 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 18:04:55.0010 3628 gpsvc - ok 18:04:55.0033 3628 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 18:04:55.0034 3628 hcw85cir - ok 18:04:55.0102 3628 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 18:04:55.0106 3628 HdAudAddService - ok 18:04:55.0138 3628 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 18:04:55.0140 3628 HDAudBus - ok 18:04:55.0148 3628 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 18:04:55.0149 3628 HidBatt - ok 18:04:55.0179 3628 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 18:04:55.0181 3628 HidBth - ok 18:04:55.0196 3628 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 18:04:55.0197 3628 HidIr - ok 18:04:55.0229 3628 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 18:04:55.0234 3628 hidserv - ok 18:04:55.0274 3628 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys 18:04:55.0276 3628 HidUsb - ok 18:04:55.0323 3628 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 18:04:55.0327 3628 hkmsvc - ok 18:04:55.0369 3628 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 18:04:55.0391 3628 HomeGroupListener - ok 18:04:55.0444 3628 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 18:04:55.0451 3628 HomeGroupProvider - ok 18:04:55.0494 3628 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 18:04:55.0496 3628 HpSAMD - ok 18:04:55.0587 3628 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 18:04:55.0594 3628 HTTP - ok 18:04:55.0646 3628 hwdatacard (1fc7a63148e4f2bd831dab0dc732026d) C:\Windows\system32\DRIVERS\ewusbmdm.sys 18:04:55.0648 3628 hwdatacard - ok 18:04:55.0680 3628 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 18:04:55.0681 3628 hwpolicy - ok 18:04:55.0732 3628 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys 18:04:55.0734 3628 hwusbdev - ok 18:04:55.0780 3628 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 18:04:55.0782 3628 i8042prt - ok 18:04:55.0855 3628 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 18:04:55.0859 3628 iaStorV - ok 18:04:56.0026 3628 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 18:04:56.0036 3628 idsvc - ok 18:04:56.0256 3628 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys 18:04:56.0280 3628 igfx - ok 18:04:56.0435 3628 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 18:04:56.0444 3628 iirsp - ok 18:04:56.0543 3628 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 18:04:56.0553 3628 IKEEXT - ok 18:04:56.0596 3628 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 18:04:56.0597 3628 intelide - ok 18:04:56.0622 3628 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 18:04:56.0624 3628 intelppm - ok 18:04:56.0661 3628 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 18:04:56.0676 3628 IPBusEnum - ok 18:04:56.0700 3628 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:04:56.0702 3628 IpFilterDriver - ok 18:04:56.0790 3628 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 18:04:56.0798 3628 iphlpsvc - ok 18:04:56.0828 3628 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 18:04:56.0839 3628 IPMIDRV - ok 18:04:56.0863 3628 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 18:04:56.0865 3628 IPNAT - ok 18:04:56.0996 3628 iPod Service (3a6d4d8abacf64292d060c9e06d2050d) C:\Program Files\iPod\bin\iPodService.exe 18:04:57.0024 3628 iPod Service - ok 18:04:57.0063 3628 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 18:04:57.0064 3628 IRENUM - ok 18:04:57.0096 3628 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 18:04:57.0097 3628 isapnp - ok 18:04:57.0139 3628 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 18:04:57.0149 3628 iScsiPrt - ok 18:04:57.0164 3628 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 18:04:57.0165 3628 kbdclass - ok 18:04:57.0201 3628 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys 18:04:57.0202 3628 kbdhid - ok 18:04:57.0229 3628 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:04:57.0231 3628 KeyIso - ok 18:04:57.0259 3628 KMDFMEMIO (ebc507f129df8f0e0ca270dcfc0cf87f) C:\Windows\system32\DRIVERS\kmdfmemio.sys 18:04:57.0260 3628 KMDFMEMIO - ok 18:04:57.0297 3628 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys 18:04:57.0299 3628 KSecDD - ok 18:04:57.0343 3628 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys 18:04:57.0344 3628 KSecPkg - ok 18:04:57.0397 3628 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 18:04:57.0401 3628 KtmRm - ok 18:04:57.0443 3628 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll 18:04:57.0450 3628 LanmanServer - ok 18:04:57.0494 3628 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 18:04:57.0500 3628 LanmanWorkstation - ok 18:04:57.0533 3628 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 18:04:57.0541 3628 lltdio - ok 18:04:57.0583 3628 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 18:04:57.0597 3628 lltdsvc - ok 18:04:57.0624 3628 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 18:04:57.0628 3628 lmhosts - ok 18:04:57.0668 3628 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 18:04:57.0670 3628 LSI_FC - ok 18:04:57.0692 3628 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 18:04:57.0693 3628 LSI_SAS - ok 18:04:57.0721 3628 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 18:04:57.0723 3628 LSI_SAS2 - ok 18:04:57.0749 3628 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 18:04:57.0751 3628 LSI_SCSI - ok 18:04:57.0787 3628 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 18:04:57.0798 3628 luafv - ok 18:04:57.0839 3628 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys 18:04:57.0840 3628 MBAMProtector - ok 18:04:57.0975 3628 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 18:04:57.0983 3628 MBAMService - ok 18:04:58.0026 3628 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 18:04:58.0030 3628 Mcx2Svc - ok 18:04:58.0062 3628 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 18:04:58.0063 3628 megasas - ok 18:04:58.0108 3628 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 18:04:58.0111 3628 MegaSR - ok 18:04:58.0168 3628 Microsoft SharePoint Workspace Audit Service - ok 18:04:58.0217 3628 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 18:04:58.0221 3628 MMCSS - ok 18:04:58.0238 3628 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 18:04:58.0239 3628 Modem - ok 18:04:58.0273 3628 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 18:04:58.0274 3628 monitor - ok 18:04:58.0314 3628 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 18:04:58.0324 3628 mouclass - ok 18:04:58.0342 3628 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 18:04:58.0349 3628 mouhid - ok 18:04:58.0397 3628 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 18:04:58.0399 3628 mountmgr - ok 18:04:58.0439 3628 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 18:04:58.0452 3628 MozillaMaintenance - ok 18:04:58.0490 3628 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 18:04:58.0492 3628 mpio - ok 18:04:58.0534 3628 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 18:04:58.0543 3628 mpsdrv - ok 18:04:58.0630 3628 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 18:04:58.0640 3628 MpsSvc - ok 18:04:58.0677 3628 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 18:04:58.0679 3628 MRxDAV - ok 18:04:58.0727 3628 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:04:58.0738 3628 mrxsmb - ok 18:04:58.0782 3628 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:04:58.0786 3628 mrxsmb10 - ok 18:04:58.0838 3628 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:04:58.0848 3628 mrxsmb20 - ok 18:04:58.0894 3628 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 18:04:58.0901 3628 msahci - ok 18:04:58.0995 3628 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 18:04:58.0997 3628 msdsm - ok 18:04:59.0034 3628 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 18:04:59.0039 3628 MSDTC - ok 18:04:59.0084 3628 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 18:04:59.0085 3628 Msfs - ok 18:04:59.0100 3628 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 18:04:59.0101 3628 mshidkmdf - ok 18:04:59.0143 3628 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 18:04:59.0144 3628 msisadrv - ok 18:04:59.0192 3628 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 18:04:59.0196 3628 MSiSCSI - ok 18:04:59.0203 3628 msiserver - ok 18:04:59.0235 3628 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 18:04:59.0241 3628 MSKSSRV - ok 18:04:59.0259 3628 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 18:04:59.0260 3628 MSPCLOCK - ok 18:04:59.0278 3628 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 18:04:59.0279 3628 MSPQM - ok 18:04:59.0324 3628 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 18:04:59.0327 3628 MsRPC - ok 18:04:59.0380 3628 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 18:04:59.0389 3628 mssmbios - ok 18:04:59.0406 3628 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 18:04:59.0408 3628 MSTEE - ok 18:04:59.0414 3628 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 18:04:59.0415 3628 MTConfig - ok 18:04:59.0445 3628 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 18:04:59.0445 3628 Mup - ok 18:04:59.0510 3628 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 18:04:59.0517 3628 napagent - ok 18:04:59.0558 3628 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 18:04:59.0560 3628 NativeWifiP - ok 18:04:59.0653 3628 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 18:04:59.0661 3628 NDIS - ok 18:04:59.0685 3628 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 18:04:59.0687 3628 NdisCap - ok 18:04:59.0704 3628 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 18:04:59.0705 3628 NdisTapi - ok 18:04:59.0743 3628 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 18:04:59.0744 3628 Ndisuio - ok 18:04:59.0789 3628 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 18:04:59.0802 3628 NdisWan - ok 18:04:59.0846 3628 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 18:04:59.0848 3628 NDProxy - ok 18:04:59.0886 3628 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 18:04:59.0888 3628 NetBIOS - ok 18:04:59.0942 3628 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 18:04:59.0945 3628 NetBT - ok 18:04:59.0973 3628 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:04:59.0977 3628 Netlogon - ok 18:05:00.0039 3628 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 18:05:00.0046 3628 Netman - ok 18:05:00.0100 3628 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 18:05:00.0108 3628 netprofm - ok 18:05:00.0207 3628 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:05:00.0209 3628 NetTcpPortSharing - ok 18:05:00.0540 3628 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 18:05:00.0598 3628 netw5v32 - ok 18:05:00.0756 3628 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 18:05:00.0765 3628 nfrd960 - ok 18:05:00.0827 3628 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 18:05:00.0833 3628 NlaSvc - ok 18:05:00.0853 3628 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 18:05:00.0855 3628 Npfs - ok 18:05:00.0891 3628 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 18:05:00.0896 3628 nsi - ok 18:05:00.0915 3628 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 18:05:00.0916 3628 nsiproxy - ok 18:05:01.0084 3628 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 18:05:01.0098 3628 Ntfs - ok 18:05:01.0142 3628 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 18:05:01.0147 3628 Null - ok 18:05:01.0192 3628 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 18:05:01.0195 3628 nvraid - ok 18:05:01.0224 3628 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 18:05:01.0226 3628 nvstor - ok 18:05:01.0261 3628 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 18:05:01.0272 3628 nv_agp - ok 18:05:01.0320 3628 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 18:05:01.0322 3628 ohci1394 - ok 18:05:01.0389 3628 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:05:01.0392 3628 ose - ok 18:05:01.0784 3628 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 18:05:01.0820 3628 osppsvc - ok 18:05:02.0009 3628 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 18:05:02.0016 3628 p2pimsvc - ok 18:05:02.0063 3628 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 18:05:02.0071 3628 p2psvc - ok 18:05:02.0127 3628 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 18:05:02.0129 3628 Parport - ok 18:05:02.0161 3628 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys 18:05:02.0162 3628 partmgr - ok 18:05:02.0182 3628 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 18:05:02.0183 3628 Parvdm - ok 18:05:02.0230 3628 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 18:05:02.0236 3628 PcaSvc - ok 18:05:02.0286 3628 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 18:05:02.0289 3628 pci - ok 18:05:02.0311 3628 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 18:05:02.0318 3628 pciide - ok 18:05:02.0361 3628 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 18:05:02.0364 3628 pcmcia - ok 18:05:02.0381 3628 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 18:05:02.0383 3628 pcw - ok 18:05:02.0462 3628 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 18:05:02.0469 3628 PEAUTH - ok 18:05:02.0603 3628 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll 18:05:02.0618 3628 PeerDistSvc - ok 18:05:02.0809 3628 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 18:05:02.0831 3628 pla - ok 18:05:03.0012 3628 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 18:05:03.0021 3628 PlugPlay - ok 18:05:03.0056 3628 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 18:05:03.0062 3628 PNRPAutoReg - ok 18:05:03.0113 3628 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 18:05:03.0120 3628 PNRPsvc - ok 18:05:03.0191 3628 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 18:05:03.0197 3628 PolicyAgent - ok 18:05:03.0251 3628 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 18:05:03.0257 3628 Power - ok 18:05:03.0318 3628 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 18:05:03.0320 3628 PptpMiniport - ok 18:05:03.0347 3628 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 18:05:03.0349 3628 Processor - ok 18:05:03.0405 3628 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll 18:05:03.0411 3628 ProfSvc - ok 18:05:03.0442 3628 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:05:03.0445 3628 ProtectedStorage - ok 18:05:03.0469 3628 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 18:05:03.0471 3628 Psched - ok 18:05:03.0626 3628 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 18:05:03.0642 3628 ql2300 - ok 18:05:03.0821 3628 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 18:05:03.0833 3628 ql40xx - ok 18:05:03.0894 3628 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 18:05:03.0900 3628 QWAVE - ok 18:05:03.0921 3628 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 18:05:03.0928 3628 QWAVEdrv - ok 18:05:03.0950 3628 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 18:05:03.0951 3628 RasAcd - ok 18:05:03.0984 3628 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 18:05:03.0985 3628 RasAgileVpn - ok 18:05:04.0019 3628 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 18:05:04.0024 3628 RasAuto - ok 18:05:04.0045 3628 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:05:04.0047 3628 Rasl2tp - ok 18:05:04.0123 3628 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 18:05:04.0130 3628 RasMan - ok 18:05:04.0163 3628 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 18:05:04.0165 3628 RasPppoe - ok 18:05:04.0186 3628 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 18:05:04.0188 3628 RasSstp - ok 18:05:04.0225 3628 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 18:05:04.0229 3628 rdbss - ok 18:05:04.0250 3628 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 18:05:04.0251 3628 rdpbus - ok 18:05:04.0291 3628 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:05:04.0292 3628 RDPCDD - ok 18:05:04.0348 3628 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 18:05:04.0351 3628 RDPDR - ok 18:05:04.0374 3628 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 18:05:04.0376 3628 RDPENCDD - ok 18:05:04.0401 3628 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 18:05:04.0403 3628 RDPREFMP - ok 18:05:04.0456 3628 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys 18:05:04.0459 3628 RDPWD - ok 18:05:04.0511 3628 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 18:05:04.0514 3628 rdyboost - ok 18:05:04.0557 3628 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 18:05:04.0562 3628 RemoteAccess - ok 18:05:04.0590 3628 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 18:05:04.0595 3628 RemoteRegistry - ok 18:05:04.0653 3628 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 18:05:04.0655 3628 RFCOMM - ok 18:05:04.0684 3628 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 18:05:04.0686 3628 rismxdp - ok 18:05:04.0712 3628 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 18:05:04.0719 3628 RpcEptMapper - ok 18:05:04.0744 3628 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 18:05:04.0753 3628 RpcLocator - ok 18:05:04.0825 3628 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 18:05:04.0835 3628 RpcSs - ok 18:05:04.0877 3628 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 18:05:04.0879 3628 rspndr - ok 18:05:04.0921 3628 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 18:05:04.0922 3628 s3cap - ok 18:05:04.0951 3628 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\Windows\system32\Drivers\SABI.sys 18:05:04.0952 3628 SABI - ok 18:05:04.0985 3628 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:05:04.0989 3628 SamSs - ok 18:05:05.0036 3628 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 18:05:05.0038 3628 sbp2port - ok 18:05:05.0073 3628 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 18:05:05.0080 3628 SCardSvr - ok 18:05:05.0121 3628 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 18:05:05.0122 3628 scfilter - ok 18:05:05.0256 3628 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 18:05:05.0269 3628 Schedule - ok 18:05:05.0305 3628 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 18:05:05.0307 3628 SCPolicySvc - ok 18:05:05.0342 3628 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys 18:05:05.0344 3628 sdbus - ok 18:05:05.0389 3628 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 18:05:05.0395 3628 SDRSVC - ok 18:05:05.0427 3628 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 18:05:05.0433 3628 secdrv - ok 18:05:05.0469 3628 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 18:05:05.0474 3628 seclogon - ok 18:05:05.0492 3628 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 18:05:05.0497 3628 SENS - ok 18:05:05.0524 3628 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 18:05:05.0529 3628 SensrSvc - ok 18:05:05.0557 3628 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 18:05:05.0558 3628 Serenum - ok 18:05:05.0586 3628 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 18:05:05.0598 3628 Serial - ok 18:05:05.0634 3628 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 18:05:05.0636 3628 sermouse - ok 18:05:05.0690 3628 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 18:05:05.0701 3628 SessionEnv - ok 18:05:05.0739 3628 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 18:05:05.0742 3628 sffdisk - ok 18:05:05.0761 3628 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 18:05:05.0762 3628 sffp_mmc - ok 18:05:05.0784 3628 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys 18:05:05.0785 3628 sffp_sd - ok 18:05:05.0815 3628 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 18:05:05.0816 3628 sfloppy - ok 18:05:05.0856 3628 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 18:05:05.0859 3628 SharedAccess - ok 18:05:05.0926 3628 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 18:05:05.0934 3628 ShellHWDetection - ok 18:05:05.0969 3628 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 18:05:05.0971 3628 sisagp - ok 18:05:06.0009 3628 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 18:05:06.0010 3628 SiSRaid2 - ok 18:05:06.0035 3628 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 18:05:06.0043 3628 SiSRaid4 - ok 18:05:06.0120 3628 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe 18:05:06.0122 3628 SkypeUpdate - ok 18:05:06.0154 3628 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 18:05:06.0156 3628 Smb - ok 18:05:06.0198 3628 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 18:05:06.0203 3628 SNMPTRAP - ok 18:05:06.0241 3628 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 18:05:06.0248 3628 spldr - ok 18:05:06.0303 3628 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 18:05:06.0311 3628 Spooler - ok 18:05:06.0577 3628 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 18:05:06.0618 3628 sppsvc - ok 18:05:06.0783 3628 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 18:05:06.0788 3628 sppuinotify - ok 18:05:06.0866 3628 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 18:05:06.0870 3628 srv - ok 18:05:06.0929 3628 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 18:05:06.0933 3628 srv2 - ok 18:05:06.0979 3628 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 18:05:06.0981 3628 srvnet - ok 18:05:07.0069 3628 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 18:05:07.0076 3628 SSDPSRV - ok 18:05:07.0116 3628 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 18:05:07.0118 3628 ssmdrv - ok 18:05:07.0144 3628 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 18:05:07.0150 3628 SstpSvc - ok 18:05:07.0183 3628 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 18:05:07.0184 3628 stexstor - ok 18:05:07.0266 3628 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 18:05:07.0277 3628 StiSvc - ok 18:05:07.0313 3628 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 18:05:07.0322 3628 storflt - ok 18:05:07.0341 3628 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll 18:05:07.0346 3628 StorSvc - ok 18:05:07.0368 3628 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 18:05:07.0369 3628 storvsc - ok 18:05:07.0387 3628 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 18:05:07.0388 3628 swenum - ok 18:05:07.0435 3628 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 18:05:07.0443 3628 swprv - ok 18:05:07.0586 3628 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 18:05:07.0604 3628 SysMain - ok 18:05:07.0660 3628 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 18:05:07.0666 3628 TabletInputService - ok 18:05:07.0724 3628 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 18:05:07.0731 3628 TapiSrv - ok 18:05:07.0759 3628 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 18:05:07.0765 3628 TBS - ok 18:05:07.0935 3628 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys 18:05:07.0951 3628 Tcpip - ok 18:05:07.0976 3628 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys 18:05:07.0985 3628 TCPIP6 - ok 18:05:08.0020 3628 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 18:05:08.0021 3628 tcpipreg - ok 18:05:08.0061 3628 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 18:05:08.0067 3628 TDPIPE - ok 18:05:08.0098 3628 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 18:05:08.0099 3628 TDTCP - ok 18:05:08.0127 3628 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 18:05:08.0133 3628 tdx - ok 18:05:08.0171 3628 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 18:05:08.0172 3628 TermDD - ok 18:05:08.0240 3628 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 18:05:08.0249 3628 TermService - ok 18:05:08.0278 3628 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 18:05:08.0285 3628 Themes - ok 18:05:08.0328 3628 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 18:05:08.0332 3628 THREADORDER - ok 18:05:08.0353 3628 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 18:05:08.0360 3628 TrkWks - ok 18:05:08.0443 3628 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 18:05:08.0446 3628 TrustedInstaller - ok 18:05:08.0475 3628 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:05:08.0477 3628 tssecsrv - ok 18:05:08.0511 3628 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 18:05:08.0521 3628 TsUsbFlt - ok 18:05:08.0561 3628 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 18:05:08.0563 3628 tunnel - ok 18:05:08.0594 3628 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 18:05:08.0596 3628 uagp35 - ok 18:05:08.0661 3628 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 18:05:08.0665 3628 udfs - ok 18:05:08.0725 3628 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 18:05:08.0731 3628 UI0Detect - ok 18:05:08.0766 3628 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 18:05:08.0768 3628 uliagpkx - ok 18:05:08.0809 3628 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 18:05:08.0818 3628 umbus - ok 18:05:08.0847 3628 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 18:05:08.0848 3628 UmPass - ok 18:05:08.0904 3628 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll 18:05:08.0911 3628 UmRdpService - ok 18:05:08.0972 3628 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 18:05:08.0980 3628 upnphost - ok 18:05:09.0023 3628 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 18:05:09.0025 3628 USBAAPL - ok 18:05:09.0071 3628 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 18:05:09.0081 3628 usbccgp - ok 18:05:09.0128 3628 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 18:05:09.0130 3628 usbcir - ok 18:05:09.0162 3628 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 18:05:09.0169 3628 usbehci - ok 18:05:09.0221 3628 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 18:05:09.0224 3628 usbhub - ok 18:05:09.0245 3628 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 18:05:09.0251 3628 usbohci - ok 18:05:09.0280 3628 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 18:05:09.0281 3628 usbprint - ok 18:05:09.0304 3628 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:05:09.0306 3628 USBSTOR - ok 18:05:09.0341 3628 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys 18:05:09.0342 3628 usbuhci - ok 18:05:09.0389 3628 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys 18:05:09.0391 3628 usbvideo - ok 18:05:09.0433 3628 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 18:05:09.0440 3628 UxSms - ok 18:05:09.0475 3628 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 18:05:09.0479 3628 VaultSvc - ok 18:05:09.0522 3628 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 18:05:09.0523 3628 vdrvroot - ok 18:05:09.0599 3628 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 18:05:09.0610 3628 vds - ok 18:05:09.0675 3628 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 18:05:09.0676 3628 vga - ok 18:05:09.0697 3628 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 18:05:09.0698 3628 VgaSave - ok 18:05:09.0757 3628 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 18:05:09.0770 3628 vhdmp - ok 18:05:09.0793 3628 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 18:05:09.0795 3628 viaagp - ok 18:05:09.0820 3628 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 18:05:09.0829 3628 ViaC7 - ok 18:05:09.0863 3628 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 18:05:09.0871 3628 viaide - ok 18:05:09.0913 3628 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 18:05:09.0927 3628 vmbus - ok 18:05:09.0950 3628 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 18:05:09.0951 3628 VMBusHID - ok 18:05:09.0970 3628 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 18:05:09.0971 3628 volmgr - ok 18:05:10.0025 3628 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 18:05:10.0029 3628 volmgrx - ok 18:05:10.0068 3628 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 18:05:10.0071 3628 volsnap - ok 18:05:10.0169 3628 vpnagent (0e097e4d63e39fd2583db1cf5cfe3ad5) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe 18:05:10.0174 3628 vpnagent - ok 18:05:10.0212 3628 vpnva (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys 18:05:10.0220 3628 vpnva - ok 18:05:10.0270 3628 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 18:05:10.0272 3628 vsmraid - ok 18:05:10.0412 3628 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 18:05:10.0428 3628 VSS - ok 18:05:10.0451 3628 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 18:05:10.0453 3628 vwifibus - ok 18:05:10.0530 3628 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 18:05:10.0538 3628 W32Time - ok 18:05:10.0567 3628 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 18:05:10.0569 3628 WacomPen - ok 18:05:10.0612 3628 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 18:05:10.0614 3628 WANARP - ok 18:05:10.0624 3628 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 18:05:10.0626 3628 Wanarpv6 - ok 18:05:10.0824 3628 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 18:05:10.0840 3628 WatAdminSvc - ok 18:05:10.0956 3628 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 18:05:10.0982 3628 wbengine - ok 18:05:11.0024 3628 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 18:05:11.0029 3628 WbioSrvc - ok 18:05:11.0095 3628 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 18:05:11.0104 3628 wcncsvc - ok 18:05:11.0123 3628 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 18:05:11.0129 3628 WcsPlugInService - ok 18:05:11.0177 3628 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 18:05:11.0178 3628 Wd - ok 18:05:11.0256 3628 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 18:05:11.0261 3628 Wdf01000 - ok 18:05:11.0283 3628 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 18:05:11.0290 3628 WdiServiceHost - ok 18:05:11.0296 3628 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 18:05:11.0305 3628 WdiSystemHost - ok 18:05:11.0352 3628 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 18:05:11.0360 3628 WebClient - ok 18:05:11.0389 3628 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 18:05:11.0396 3628 Wecsvc - ok 18:05:11.0425 3628 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 18:05:11.0431 3628 wercplsupport - ok 18:05:11.0455 3628 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 18:05:11.0461 3628 WerSvc - ok 18:05:11.0474 3628 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 18:05:11.0475 3628 WfpLwf - ok 18:05:11.0490 3628 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 18:05:11.0491 3628 WIMMount - ok 18:05:11.0628 3628 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 18:05:11.0636 3628 WinDefend - ok 18:05:11.0646 3628 WinHttpAutoProxySvc - ok 18:05:11.0720 3628 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 18:05:11.0723 3628 Winmgmt - ok 18:05:11.0878 3628 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 18:05:11.0897 3628 WinRM - ok 18:05:11.0956 3628 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 18:05:11.0962 3628 WinUsb - ok 18:05:12.0043 3628 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 18:05:12.0055 3628 Wlansvc - ok 18:05:12.0296 3628 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:05:12.0316 3628 wlidsvc - ok 18:05:12.0492 3628 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 18:05:12.0493 3628 WmiAcpi - ok 18:05:12.0561 3628 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 18:05:12.0564 3628 wmiApSrv - ok 18:05:12.0764 3628 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 18:05:12.0778 3628 WMPNetworkSvc - ok 18:05:12.0810 3628 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 18:05:12.0816 3628 WPCSvc - ok 18:05:12.0856 3628 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 18:05:12.0863 3628 WPDBusEnum - ok 18:05:12.0910 3628 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 18:05:12.0911 3628 ws2ifsl - ok 18:05:12.0948 3628 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll 18:05:12.0955 3628 wscsvc - ok 18:05:12.0961 3628 WSearch - ok 18:05:13.0058 3628 WTGService (d7e88349be0f01e4d8d776adb1f325bf) C:\Program Files\Verbindungsassistent\WTGService.exe 18:05:13.0062 3628 WTGService - ok 18:05:13.0108 3628 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 18:05:13.0110 3628 WudfPf - ok 18:05:13.0142 3628 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:05:13.0154 3628 WUDFRd - ok 18:05:13.0192 3628 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 18:05:13.0199 3628 wudfsvc - ok 18:05:13.0244 3628 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 18:05:13.0252 3628 WwanSvc - ok 18:05:13.0317 3628 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys 18:05:13.0322 3628 yukonw7 - ok 18:05:13.0360 3628 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 18:05:13.0776 3628 \Device\Harddisk0\DR0 - ok 18:05:13.0782 3628 Boot (0x1200) (1a1f4d2d36ecd747356f86e8588d3e29) \Device\Harddisk0\DR0\Partition0 18:05:13.0785 3628 \Device\Harddisk0\DR0\Partition0 - ok 18:05:13.0807 3628 Boot (0x1200) (57aeb091b4e04779ccfc8808cec0e80b) \Device\Harddisk0\DR0\Partition1 18:05:13.0810 3628 \Device\Harddisk0\DR0\Partition1 - ok 18:05:13.0828 3628 Boot (0x1200) (677b603f26ee4be63135d2b965066f44) \Device\Harddisk0\DR0\Partition2 18:05:13.0831 3628 \Device\Harddisk0\DR0\Partition2 - ok 18:05:13.0831 3628 ============================================================ 18:05:13.0831 3628 Scan finished 18:05:13.0831 3628 ============================================================ 18:05:13.0849 2692 Detected object count: 0 18:05:13.0849 2692 Actual detected object count: 0 |
|
18.07.2012, 21:18
| #6 |
| /// Malwareteam | TR/ATRAPS.Gen und TR/inject.eigl eingefangenESET Online Scanner
|
|
18.07.2012, 23:11
| #7 |
| | TR/ATRAPS.Gen und TR/inject.eigl eingefangen Hallo Swiss, Ich habe den ESET laufen lassen und er hat mir folgendes Logfile ausgegeben: C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application C:\Users\sun\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application Danke für deine Zeit und Mühe. Gruß Katta |
|
19.07.2012, 16:58
| #8 |
| /// Malwareteam | TR/ATRAPS.Gen und TR/inject.eigl eingefangen Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
19.07.2012, 19:09
| #9 |
| | TR/ATRAPS.Gen und TR/inject.eigl eingefangen Hallo Swiss, die Logdatei aus der Suche des AdwCleaners ist die Folgende. Viele Grüße, Katta # AdwCleaner v1.702 - Logfile created 07/19/2012 at 20:07:29 # Updated 13/07/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (32 bits) # User : sun - STERNCHEN # Running from : C:\Users\sun\Desktop\adwcleaner.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\sun\AppData\Local\Conduit Folder Found : C:\Users\sun\AppData\Local\Temp\Conduit Folder Found : C:\Users\sun\AppData\LocalLow\Conduit Folder Found : C:\Users\sun\AppData\LocalLow\ZoneAlarm-Sicherheit Folder Found : C:\Users\sun\AppData\Roaming\pdfforge Folder Found : C:\Users\sun\AppData\Roaming\Mozilla\Firefox\Profiles\fxzw28sw.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} Folder Found : C:\Program Files\Conduit Folder Found : C:\Program Files\ZoneAlarm-Sicherheit File Found : C:\Users\sun\AppData\Local\Temp\Uninstall.exe ***** [Registry] ***** [*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2613550 Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\Toolbar Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKLM\SOFTWARE\Conduit Key Found : HKLM\SOFTWARE\ZoneAlarm-Sicherheit ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A29413B9-7926-423A-9D8E-ADEEA0C91CD9} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A29413B9-7926-423A-9D8E-ADEEA0C91CD9} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\sun\AppData\Roaming\Mozilla\Firefox\Profiles\fxzw28sw.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [3481 octets] - [19/07/2012 20:07:29] ########## EOF - C:\AdwCleaner[R1].txt - [3609 octets] ########## |
|
19.07.2012, 21:47
| #10 |
| /// Malwareteam | TR/ATRAPS.Gen und TR/inject.eigl eingefangen
|
|
20.07.2012, 06:51
| #11 |
| | TR/ATRAPS.Gen und TR/inject.eigl eingefangen Guten Morgen Swiss, vielen Dank, dass du dich um mein Trojaner/Viren/was auch immer Problem kümmerst. Ich habe immer noch Hoffnung, dass alles wieder gut wird; oder ist diese Hoffnung vergeblich? Naja, ich habe das Programm laufen lassen, delete gedrückt und hier kommt nun das Logfile. Ich wünsche dir einen guten Tag. Gruß, Katta # AdwCleaner v1.702 - Logfile created 07/20/2012 at 07:44:09 # Updated 13/07/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (32 bits) # User : sun - STERNCHEN # Running from : C:\Users\sun\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Users\sun\AppData\Local\Conduit Folder Deleted : C:\Users\sun\AppData\Local\Temp\Conduit Folder Deleted : C:\Users\sun\AppData\LocalLow\Conduit Folder Deleted : C:\Users\sun\AppData\LocalLow\ZoneAlarm-Sicherheit Folder Deleted : C:\Users\sun\AppData\Roaming\pdfforge Folder Deleted : C:\Users\sun\AppData\Roaming\Mozilla\Firefox\Profiles\fxzw28sw.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} Folder Deleted : C:\Program Files\Conduit Folder Deleted : C:\Program Files\ZoneAlarm-Sicherheit File Deleted : C:\Users\sun\AppData\Local\Temp\Uninstall.exe ***** [Registry] ***** [*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2613550 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\ZoneAlarm-Sicherheit ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A29413B9-7926-423A-9D8E-ADEEA0C91CD9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A29413B9-7926-423A-9D8E-ADEEA0C91CD9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (de) Profile name : default File : C:\Users\sun\AppData\Roaming\Mozilla\Firefox\Profiles\fxzw28sw.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [3610 octets] - [19/07/2012 20:07:29] AdwCleaner[S1].txt - [3644 octets] - [20/07/2012 07:44:09] ########## EOF - C:\AdwCleaner[S1].txt - [3772 octets] ########## |
|
20.07.2012, 16:13
| #12 |
| /// Malwareteam | TR/ATRAPS.Gen und TR/inject.eigl eingefangen Komplettscan mit Antivir machen AntiVir so einstellen, dass nur noch wichtige Ereignisse geloggt werden: Rechte Maustaste auf den AntiVir-Schirm unten rechts in der Leiste => Antivir konfigurieren => einen Haken bei "Experten-Modus" machen => Scanner aufklappen => Report auf "Standard" umstellen" => Guard aufklappen => Report auf "Standard" umstellen => mit OK AntiVir schließen. Fullscan mit Antivir machen Aktualisiere die Signaturen (Rechtsklick auf den Schirm => Update starten). Mache nun einen vollständigen Systemscan Deines Rechners mit Antivir und poste mir den Bericht hier in den Thread. Bitte die Serien-Nummer unkenntlich machen. Bericht in AntiVir finden Du kommst wie folgt an den Bericht: Antivir über Doppelklick auf den Schirm unten rechts starten => den Reiter "Berichte" anklicken => Doppelklick auf den Bericht namens "Suchlauf" => in dem aufpoppenden Fenster auf "Report" klicken => es öffnet sich Dein Editor => im Editor mit Tastenkombination STRG + A den Text markieren => mit STRG + C den Text ins Clipboard kopieren => mit STRG + V den Text hier reinkopieren. Bitte im Logfile Deine Seriennummer unkenntlich machen. |
|
21.07.2012, 20:49
| #13 |
| | TR/ATRAPS.Gen und TR/inject.eigl eingefangen Hallo Swiss, hier ist der Bericht vom avira scan Durchlauf. gruß am abend, Katta Avira Free Antivirus Erstellungsdatum der Reportdatei: Samstag, 21. Juli 2012 20:21 Es wird nach 3914456 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : *** Plattform : Windows 7 Professional Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : STERNCHEN Versionsinformationen: BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00 AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 08:27:26 AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 08:27:26 LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 08:27:26 AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 08:26:22 AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 08:27:48 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:49:21 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 06:56:15 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 06:56:21 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 06:19:49 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 06:19:59 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 10:56:20 VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 10:56:20 VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 10:56:20 VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 10:56:20 VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 10:56:20 VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 10:56:21 VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 10:56:21 VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 10:56:21 VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 10:56:21 VBASE014.VDF : 7.11.34.201 169472 Bytes 02.07.2012 14:04:01 VBASE015.VDF : 7.11.35.19 122368 Bytes 04.07.2012 14:04:01 VBASE016.VDF : 7.11.35.87 146944 Bytes 06.07.2012 15:00:35 VBASE017.VDF : 7.11.35.143 126464 Bytes 09.07.2012 17:14:22 VBASE018.VDF : 7.11.35.235 151552 Bytes 12.07.2012 05:56:20 VBASE019.VDF : 7.11.36.45 118784 Bytes 13.07.2012 19:15:08 VBASE020.VDF : 7.11.36.107 123904 Bytes 16.07.2012 05:49:10 VBASE021.VDF : 7.11.36.147 238592 Bytes 17.07.2012 06:09:38 VBASE022.VDF : 7.11.36.209 135168 Bytes 19.07.2012 06:09:41 VBASE023.VDF : 7.11.37.19 116224 Bytes 21.07.2012 18:17:20 VBASE024.VDF : 7.11.37.20 2048 Bytes 21.07.2012 18:17:20 VBASE025.VDF : 7.11.37.21 2048 Bytes 21.07.2012 18:17:20 VBASE026.VDF : 7.11.37.22 2048 Bytes 21.07.2012 18:17:20 VBASE027.VDF : 7.11.37.23 2048 Bytes 21.07.2012 18:17:20 VBASE028.VDF : 7.11.37.24 2048 Bytes 21.07.2012 18:17:20 VBASE029.VDF : 7.11.37.25 2048 Bytes 21.07.2012 18:17:20 VBASE030.VDF : 7.11.37.26 2048 Bytes 21.07.2012 18:17:20 VBASE031.VDF : 7.11.37.36 54272 Bytes 21.07.2012 18:17:20 Engineversion : 8.2.10.118 AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 17:14:26 AESCRIPT.DLL : 8.1.4.34 455035 Bytes 20.07.2012 06:09:52 AESCN.DLL : 8.1.8.2 131444 Bytes 20.04.2012 06:20:13 AESBX.DLL : 8.2.5.12 606578 Bytes 18.06.2012 06:24:21 AERDL.DLL : 8.1.9.15 639348 Bytes 31.01.2012 06:55:37 AEPACK.DLL : 8.3.0.16 807287 Bytes 20.07.2012 06:09:51 AEOFFICE.DLL : 8.1.2.42 201083 Bytes 20.07.2012 06:09:50 AEHEUR.DLL : 8.1.4.76 5063031 Bytes 20.07.2012 06:09:49 AEHELP.DLL : 8.1.23.2 258422 Bytes 29.06.2012 08:06:16 AEGEN.DLL : 8.1.5.34 434548 Bytes 20.07.2012 06:09:43 AEEXP.DLL : 8.1.0.68 86389 Bytes 20.07.2012 06:09:52 AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 17:14:24 AECORE.DLL : 8.1.27.2 201078 Bytes 10.07.2012 17:14:24 AEBB.DLL : 8.1.1.0 53618 Bytes 31.01.2012 06:55:33 AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 08:27:25 AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 08:27:26 AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 08:26:22 AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 08:27:26 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 08:27:26 SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 08:27:26 AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 08:27:26 NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 08:27:26 RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 08:27:25 RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 08:27:25 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Abweichende Gefahrenkategorien........: +APPL,+PFS,+SPR, Beginn des Suchlaufs: Samstag, 21. Juli 2012 20:21 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '29' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '38' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_265.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_265.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'plugin-container.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '113' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '100' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'vlc.exe' - '130' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '109' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '43' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'conhost.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'Dropbox.exe' - '73' Modul(e) wurden durchsucht Durchsuche Prozess 'Winexit.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'vpnui.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxsrvc.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'igfxext.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'iTunesHelper.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'dmhkcore.exe' - '54' Modul(e) wurden durchsucht Durchsuche Prozess 'hcdll2_ex_Win32.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '182' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSvcM.exe' - '17' Modul(e) wurden durchsucht Durchsuche Prozess 'WTGService.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'WLIDSVC.EXE' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'mDNSResponder.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'AppleMobileDeviceService.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '87' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht Durchsuche Prozess 'vpnagent.exe' - '55' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '67' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '144' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '106' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '3257' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\Program Files\game\DOSBOX\uninstall.exe [WARNUNG] Unerwartetes Dateiende erreicht C:\Program Files\WinRAR\rarnew.dat [WARNUNG] Das Archiv ist unbekannt oder defekt C:\Users\sun\AppData\Local\Temp\FirefoxPickerFiles.zip [WARNUNG] Die komprimierten Daten sind fehlerhaft C:\Users\sun\AppData\Local\Temp\InternetExplorerPickerFiles.zip [WARNUNG] Die komprimierten Daten sind fehlerhaft C:\Users\sun\AppData\Local\Temp\jar_cache3089823766218921932.tmp [WARNUNG] Unerwartetes Dateiende erreicht C:\Users\sun\AppData\Local\Temp\PdfPickerFiles.zip [WARNUNG] Die komprimierten Daten sind fehlerhaft C:\Users\sun\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\a4a6d7fe944cb9bd46ddeca5d86bb79b\winexit33.exe [WARNUNG] Die Version dieses Archives wird nicht unterstützt C:\Users\sun\Downloads\avira_free_antivirus_de(1).exe [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\sun\Downloads\avira_free_antivirus_de.exe [WARNUNG] Die Datei ist kennwortgeschützt C:\Users\sun\Downloads\bilder xxx.zip [WARNUNG] Unerwartetes Dateiende erreicht C:\Users\sun\Downloads\0105.part1.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0105.part2.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0105.part3.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0105.part4.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0105.part5.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0106.part1.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0106.part2.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0106.part3.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0106.part4.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0106.part5.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0206.part1.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0206.part2.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0206.part3.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0206.part4.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0206.part5.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0209.part1.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0209.part2.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0209.part3.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0209.part4.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0209.part5.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0211.part1.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0211.part2.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0211.part3.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0211.part4.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0211.part5.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0213.part1.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0213.part2.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0213.part3.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0213.part4.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0213.part5.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0214.part1.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0214.part2.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0214.part4.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\0214.part5.rar [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Users\sun\Downloads\1234.part34.rar [WARNUNG] Die Datei ist kennwortgeschützt Beginne mit der Suche in 'D:\' Ende des Suchlaufs: Samstag, 21. Juli 2012 21:21 Benötigte Zeit: 1:00:41 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 25539 Verzeichnisse wurden überprüft 444624 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 444624 Dateien ohne Befall 3295 Archive wurden durchsucht 45 Warnungen 0 Hinweise 491909 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden |
|
21.07.2012, 23:10
| #14 |
| /// Malwareteam | TR/ATRAPS.Gen und TR/inject.eigl eingefangenCombofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei. |
|
22.07.2012, 09:18
| #15 |
| | TR/ATRAPS.Gen und TR/inject.eigl eingefangen Hallo Swiss, Ich habe, wie empfohlen, alle Antivirenprogramme für den Durchlauf mit Combofix deaktiviert, zumindest dachte ich das. Ich habe Avira und Malwarebytes mit rechtsklick auf das Icon ausgestellt, trotzdem hat Combofix mir gesagt "Avira Desktop" wäre noch aktiv. Ich habe versucht dieses zu deaktivieren, was mir leider nicht gelungen ist, deswegen habe ich für den Durchlauf dann Avira komplett deinstalliert und nach dem Durchlauf wieder aufgespielt. Und nun hoffe ich das das richtig war und du mit dem Logfile etwas anfangen kannst. Viele Grüße, Katta Combofix Logfile: Code:
ATTFilter ComboFix 12-07-21.01 - sun 22.07.2012 9:46.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3062.2048 [GMT 2:00]
ausgeführt von:: c:\users\sun\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\windows
c:\programdata\Windows\dumd.dat
c:\programdata\windows\xdor.dat
c:\users\sun\4.0
c:\users\sun\AppData\Local\Microsoft\Windows\Temporary Internet Files\{030E9435-3E3C-4DD0-9810-AF7DB7F1B437}.xps
c:\users\sun\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0B488646-4755-45FB-A4CD-6BE89AC2B352}.xps
c:\users\sun\AppData\Local\Microsoft\Windows\Temporary Internet Files\{47B67FBF-30F3-405D-B40D-E3F1F6210061}.xps
c:\users\sun\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7B47603D-46A5-4ABF-B391-38616C689A25}.xps
c:\users\sun\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B86B00F1-1C09-49EB-A74C-9C552559064D}.xps
c:\users\sun\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F688C8FF-8B89-4B54-AB16-D8D088B1557F}.xps
c:\users\sun\AppData\Roaming\Help\coredb\storage
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Temp
c:\windows\system32\win.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-22 bis 2012-07-22 ))))))))))))))))))))))))))))))
.
.
2012-07-22 07:50 . 2012-07-22 07:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-20 12:28 . 2012-07-20 16:02 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-07-18 20:46 . 2012-07-18 20:46 -------- d-----w- c:\program files\ESET
2012-07-18 06:28 . 2012-07-18 06:28 -------- d-----w- c:\users\sun\AppData\Local\Macromedia
2012-07-18 06:05 . 2012-07-18 06:34 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-16 09:16 . 2012-07-16 09:16 -------- d-----w- c:\users\sun\AppData\Roaming\Malwarebytes
2012-07-16 09:15 . 2012-07-16 10:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-16 09:15 . 2012-07-16 09:15 -------- d-----w- c:\programdata\Malwarebytes
2012-07-16 09:15 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-16 08:59 . 2011-09-05 15:22 192512 ----a-w- c:\windows\system32\igfxres.dll
2012-07-16 06:59 . 2012-07-16 07:02 -------- d-----w- c:\programdata\036DFF980001705EEF6A5F3AF875EF7E
2012-07-13 15:09 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AE0147E-7CB6-4E2E-B943-8303B62B4EB5}\mpengine.dll
2012-07-11 15:16 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-06-27 13:15 . 2012-06-27 13:15 -------- d-----w- c:\program files\Hardcopy
2012-06-27 13:14 . 2011-03-04 04:00 1703936 ----a-w- c:\windows\SwSetupu.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-18 06:34 . 2011-08-10 18:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 05:57 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 05:57 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 05:56 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 05:56 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 05:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 05:57 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 05:56 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 05:56 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-21 05:56 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-01 04:44 . 2012-06-13 06:07 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-13 06:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-13 06:07 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-13 06:07 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-13 06:07 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36 . 2012-06-13 06:06 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 06:06 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 06:06 103936 ----a-w- c:\windows\system32\cryptnet.dll
2011-08-13 19:30 . 2004-01-11 22:00 348160 ----a-w- c:\program files\msvcr71.dll
2012-07-18 18:28 . 2012-03-05 17:32 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-05 133656]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-03-23 519632]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\sun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\sun\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-11-7 110592]
Launcher.lnk - c:\program files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe [N/A]
Winexit.lnk - c:\program files\Winexit\Winexit.exe [2003-8-28 664064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 CBUSB;MARX CryptoTech LP;c:\windows\system32\drivers\CBUSB.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 WTGService;WTGService;c:\program files\Verbindungsassistent\WTGService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - avipbb
*Deregistered* - ssmdrv
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 06:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local;<local>
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{3A15A78E-A3A0-4389-8329-5DC711723F98}: NameServer = 134.130.4.1
FF - ProfilePath - c:\users\sun\AppData\Roaming\Mozilla\Firefox\Profiles\fxzw28sw.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}"=hex:51,66,7a,6c,4c,1d,38,12,92,75,38,
f8,00,6f,ee,08,d6,b5,5c,1c,6b,17,42,7f
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0e,1e,03,2c,ec,02,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-22 09:52:55
ComboFix-quarantined-files.txt 2012-07-22 07:52
.
Vor Suchlauf: 9 Verzeichnis(se), 62.303.014.912 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 62.412.804.096 Bytes frei
.
- - End Of File - - 71B803D26F6DD660B5719B81DBB50A08
|
|
| Themen zu TR/ATRAPS.Gen und TR/inject.eigl eingefangen |
| adobe, antivir, audacity, autorun, avg, avira, bho, bonjour, conduit, crypto, defender, document, error, excel, fehler, firefox, flash player, helper, heuristiks/extra, heuristiks/shuriken, install.exe, jdownloader, logfile, microsoft office word, mozilla, plug-in, registry, rundll, scan, searchscopes, security, senden, svchost.exe, total commander, udp, unlock, windows |
Linear-Darstellung
