| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Dieses Programm kann die Webseite nicht anziegen" - Desktop geblocktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.09.2012, 17:45
| #1 |
| |  "Dieses Programm kann die Webseite nicht anziegen" - Desktop geblockt Hallo zusammen, auch ich habe jetzt das Problem mit der Fehlermeldung "Dieses Programm kann die Webseite nicht anzeigen." Der Desktop ist ganz ausgefüllt durch die Meldung, alle Versuche mit Alt+F4 oder Task Manager haben nichts geholfen. Ich habe Windows 7 mit einer 64Bit Version. Der Laptop muss dann hart neugestartet werden. Meistens startet er auch ohne abgesicherten Modus und läuft dann wieder normal. Ich habe nicht rausbekommen, ob ein bestimmtes Programm oder Event den Fehler triggert. Jetzt habe ich hier schon recherchiert und musste feststellen, dass das Ganze scheinbar komplizierter ist als ich dachte. Die ersten Log Datein habe ich schon erstellt: Code:
ATTFilter OTL logfile created on: 18.09.2012 18:06:46 - Run 1 OTL by OldTimer - Version 3.2.63.0 Folder = D:\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,90 Gb Total Physical Memory | 4,13 Gb Available Physical Memory | 70,09% Memory free 11,79 Gb Paging File | 9,92 Gb Available in Paging File | 84,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 295,61 Gb Total Space | 233,99 Gb Free Space | 79,16% Space Free | Partition Type: NTFS Drive D: | 283,51 Gb Total Space | 230,22 Gb Free Space | 81,20% Space Free | Partition Type: NTFS Drive G: | 698,64 Gb Total Space | 161,46 Gb Free Space | 23,11% Space Free | Partition Type: NTFS Computer Name: JEANNE-VAIO | User Name: Jeanne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.18 18:05:50 | 000,600,576 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe PRC - [2012.07.26 14:16:14 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.02.23 17:35:18 | 000,182,200 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe PRC - [2012.02.23 17:35:16 | 000,065,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe PRC - [2012.02.23 10:16:25 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.02.23 04:12:35 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.23 04:12:01 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.23 04:11:17 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2012.02.23 04:08:02 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.20 06:03:21 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2011.12.19 19:16:50 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011.12.19 19:16:48 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011.12.19 19:16:44 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011.12.19 19:16:42 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2011.09.20 16:57:56 | 000,060,552 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2007.08.31 19:49:58 | 000,498,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ========== Modules (No Company Name) ========== MOD - [2012.07.14 18:38:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012.07.14 18:38:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.07.14 18:38:31 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.07.14 18:38:31 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll MOD - [2012.07.14 18:38:29 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll MOD - [2012.07.14 18:38:27 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.07.14 18:38:22 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.07.14 18:38:05 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.07.14 18:38:02 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.07.14 18:38:01 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.07.14 18:37:56 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.06.29 04:45:37 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.09.08 09:13:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.26 11:12:47 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.26 14:16:14 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.10 18:44:34 | 001,259,104 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.02.23 17:35:16 | 000,065,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service) SRV - [2012.02.23 04:12:35 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.23 04:12:01 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.23 04:11:17 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2012.02.23 04:08:02 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.02.21 18:37:55 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.02.02 22:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.01.19 11:40:56 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2012.01.15 23:59:44 | 000,978,056 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2012.01.11 17:34:44 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV - [2012.01.10 13:45:32 | 000,535,688 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2012.01.09 05:19:34 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV - [2011.12.19 19:16:50 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011.12.19 19:16:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011.12.19 19:16:44 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2011.12.08 10:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV - [2011.12.08 10:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2011.12.08 10:43:48 | 000,618,256 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2011.12.08 10:43:44 | 000,148,752 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.09.20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007.08.31 19:49:58 | 000,498,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService) SRV - [2007.08.31 18:38:24 | 000,599,320 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.12 22:02:38 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.07.12 22:02:38 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2012.07.12 22:02:32 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman) DRV:64bit: - [2012.07.12 22:02:32 | 000,229,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.07.12 19:33:28 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.04.12 09:40:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.03.02 16:02:00 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem) DRV:64bit: - [2012.03.02 16:02:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag) DRV:64bit: - [2012.03.02 16:02:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps) DRV:64bit: - [2012.03.02 16:02:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.27 11:22:34 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.02.24 05:05:30 | 000,421,648 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.02.24 04:32:03 | 000,102,912 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimssne) DRV:64bit: - [2012.02.23 10:16:15 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.02.23 10:16:10 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.02.23 10:16:07 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.02.23 09:41:44 | 000,104,448 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnxc) DRV:64bit: - [2012.02.23 04:09:23 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.02.21 18:53:36 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2012.02.21 18:46:52 | 014,652,768 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.01.26 18:37:24 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2012.01.26 18:37:24 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2012.01.16 11:01:14 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2012.01.09 05:13:12 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2012.01.09 05:13:12 | 000,195,584 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2012.01.09 01:44:44 | 011,416,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.12.14 14:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:64bit: - [2011.12.13 11:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011.12.13 11:26:18 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011.05.24 03:00:00 | 000,055,952 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {9A2B87FE-3699-42FC-B772-A9191B0BC377} IE - HKCU\..\SearchScopes\{9A2B87FE-3699-42FC-B772-A9191B0BC377}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10 FF - prefs.js..extensions.enabledAddons: amznUWL2@amazon.com:1.9 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B2d0e6aec-d11e-41ca-9b14-c9e118de14b9%7D&mid=8c630d5afda247d09ec9e1b0ab0b3ba4-7ba621511782684e3d2fff9708ec91c56fcdb6bc&ds=od011&v=11.1.0.12&lang=de&pr=sa&d=2012-07-11%2023%3A30%3A45&sap=ku&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.14 14:33:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 09:13:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.07.14 14:33:17 | 000,000,000 | ---D | M] [2012.07.14 14:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeanne\AppData\Roaming\mozilla\Extensions [2012.07.14 14:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeanne\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.09.18 08:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeanne\AppData\Roaming\mozilla\Firefox\Profiles\valz5g27.default\extensions [2012.07.12 20:38:10 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jeanne\AppData\Roaming\mozilla\Firefox\Profiles\valz5g27.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.09.17 13:24:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jeanne\AppData\Roaming\mozilla\Firefox\Profiles\valz5g27.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.09.18 08:58:52 | 000,243,317 | ---- | M] () (No name found) -- C:\Users\Jeanne\AppData\Roaming\mozilla\firefox\profiles\valz5g27.default\extensions\amznUWL2@amazon.com.xpi [2012.07.11 23:38:43 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Jeanne\AppData\Roaming\mozilla\firefox\profiles\valz5g27.default\extensions\personas@christopher.beard.xpi [2012.07.12 21:32:22 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Jeanne\AppData\Roaming\mozilla\firefox\profiles\valz5g27.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2012.09.08 09:12:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.08 09:13:12 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.07.11 23:30:43 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.08.28 23:58:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jeanne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jeanne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\Jeanne\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jeanne\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32FA4108-A0AA-48A8-9EC2-3573929A4F8D}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C69F86C4-5A71-4805-977F-DA1BF5625CA5}: DhcpNameServer = 10.100.86.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis) O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysWow64\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{50f22b5a-cb8d-11e1-a349-685d439f002d}\Shell - "" = AutoRun O33 - MountPoints2\{50f22b5a-cb8d-11e1-a349-685d439f002d}\Shell\AutoRun\command - "" = G:\EasySuite.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.18 18:05:48 | 000,600,576 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe [2012.09.17 21:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager [2012.09.17 13:40:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.09.17 13:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.09.17 13:39:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.09.17 13:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.09.17 09:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\uwfezwxkmunvkaf [2012.09.16 19:31:30 | 000,000,000 | ---D | C] -- C:\Users\Jeanne\AppData\Local\Audible [2012.09.16 19:26:50 | 000,000,000 | ---D | C] -- D:\Documents\Audible [2012.09.16 19:26:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible [2012.09.16 19:26:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audible [2012.09.16 19:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.09.12 17:46:56 | 000,000,000 | ---D | C] -- C:\Users\Jeanne\AppData\Local\ElevatedDiagnostics [2012.09.08 09:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.09.05 21:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.05 21:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.09.05 21:42:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.09.04 22:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.09.01 18:41:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyTomTom 3 [2012.09.01 18:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.18 18:05:50 | 000,600,576 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe [2012.09.18 18:05:06 | 000,000,000 | ---- | M] () -- C:\Users\Jeanne\defogger_reenable [2012.09.18 18:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.18 18:03:39 | 000,050,477 | ---- | M] () -- D:\Desktop\Defogger.exe [2012.09.18 17:46:49 | 001,521,144 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.18 17:46:49 | 000,906,970 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.18 17:46:49 | 000,413,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.18 17:46:49 | 000,359,984 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.18 17:46:49 | 000,006,716 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.18 17:46:33 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.18 17:46:33 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.18 17:39:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.18 17:39:13 | 454,074,367 | -HS- | M] () -- C:\hiberfil.sys [2012.09.18 17:32:08 | 000,080,896 | ---- | M] () -- C:\Users\Jeanne\0.8261581603262712.exe [2012.09.17 21:03:02 | 000,002,135 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2012.09.17 13:40:21 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.17 09:52:58 | 000,076,347 | ---- | M] () -- C:\ProgramData\rwjbclvhyhygvvb [2012.09.04 22:44:43 | 000,001,085 | ---- | M] () -- D:\Desktop\DVDVideoSoft Free Studio.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.18 18:05:06 | 000,000,000 | ---- | C] () -- C:\Users\Jeanne\defogger_reenable [2012.09.18 18:03:39 | 000,050,477 | ---- | C] () -- D:\Desktop\Defogger.exe [2012.09.18 17:32:07 | 000,080,896 | ---- | C] () -- C:\Users\Jeanne\0.8261581603262712.exe [2012.09.17 21:03:02 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2012.09.17 14:11:00 | 000,082,432 | ---- | C] () -- C:\Users\Jeanne\0.8514815910704817.exe [2012.09.17 13:40:21 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.09.17 09:50:48 | 000,076,347 | ---- | C] () -- C:\ProgramData\rwjbclvhyhygvvb [2012.08.03 17:20:38 | 000,141,920 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012.07.26 11:41:22 | 000,000,817 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.07.14 14:29:00 | 000,245,263 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.07.14 14:28:59 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012.07.14 14:04:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2012.07.14 14:04:28 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2012.06.29 05:11:24 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2012.02.22 04:39:57 | 013,184,512 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012.02.22 04:39:57 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.02.22 04:39:57 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.02.22 04:39:57 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.02.22 04:39:57 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.02.11 01:03:27 | 001,606,426 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2012.07.12 20:13:24 | 000,000,000 | ---D | M] -- C:\Users\Jeanne\AppData\Roaming\DAEMON Tools Lite [2012.07.26 19:43:33 | 000,000,000 | ---D | M] -- C:\Users\Jeanne\AppData\Roaming\DVDFab [2012.09.04 22:50:26 | 000,000,000 | ---D | M] -- C:\Users\Jeanne\AppData\Roaming\DVDVideoSoft [2012.07.12 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\Jeanne\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.18 16:42:27 | 000,000,000 | ---D | M] -- C:\Users\Jeanne\AppData\Roaming\ICQ [2012.07.14 15:45:42 | 000,000,000 | ---D | M] -- C:\Users\Jeanne\AppData\Roaming\iolo [2012.07.11 23:26:51 | 000,000,000 | ---D | M] -- C:\Users\Jeanne\AppData\Roaming\OpenCandy [2012.07.28 22:42:29 | 000,000,000 | ---D | M] -- C:\Users\Jeanne\AppData\Roaming\Sony [2012.07.14 14:00:54 | 000,000,000 | ---D | M] -- C:\Users\Jeanne\AppData\Roaming\TomTom [2012.07.26 14:22:56 | 000,000,000 | ---D | M] -- C:\Users\Jeanne\AppData\Roaming\WildTangent [2009.07.14 07:08:49 | 000,027,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Vielen Dank schon mal für die Hilfe ich hoffe ich habe an alles gedacht! |
|
19.09.2012, 06:54
| #2 |
| /// Malwareteam    | "Dieses Programm kann die Webseite nicht anziegen" - Desktop geblockt Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
19.09.2012, 09:35
| #3 |
| | "Dieses Programm kann die Webseite nicht anziegen" - Desktop geblockt Hallo Marius,
__________________vielen Dank für die schnelle Reaktion und die Hilfe! Hier die Logs: aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-19 10:26:07
-----------------------------
10:26:07.573 OS Version: Windows x64 6.1.7601 Service Pack 1
10:26:07.573 Number of processors: 4 586 0x2A07
10:26:07.573 ComputerName: JEANNE-VAIO UserName: Jeanne
10:26:07.663 Initialze error 1
10:27:56.316 AVAST engine defs: 12091400
10:28:20.382 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:28:20.392 Disk 0 Vendor: Hitachi_ JFDO Size: 610480MB BusType: 3
10:28:20.432 Disk 0 MBR read successfully
10:28:20.442 Disk 0 MBR scan
10:28:20.452 Disk 0 unknown MBR code
10:28:20.462 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
10:28:20.472 Disk 0 scanning C:\Windows\system32\drivers
10:28:20.482 Service scanning
10:28:21.662 Modules scanning
10:28:21.662 Disk 0 trace - called modules:
10:28:21.682 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
10:28:21.692 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80081fb060]
10:28:21.702 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> [0xfffffa800599fe40]
10:28:22.042 5 ACPI.sys[fffff88000ec17a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80059a3050]
10:28:22.052 AVAST engine scan C:\Windows
10:28:22.062 AVAST engine scan C:\Windows\system32
10:28:22.072 AVAST engine scan C:\Windows\system32\drivers
10:28:22.092 AVAST engine scan C:\Users\Jeanne
10:28:22.102 AVAST engine scan C:\ProgramData
10:28:22.112 Scan finished successfully
10:28:35.084 Disk 0 MBR has been saved successfully to "D:\Desktop\MBR.dat"
10:28:35.084 The log file has been saved successfully to "D:\Desktop\aswMBR.txt"
Code:
ATTFilter 10:29:16.0412 4612 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:29:16.0412 4612 UEFI system
10:29:16.0532 4612 ============================================================
10:29:16.0542 4612 Current date / time: 2012/09/19 10:29:16.0532
10:29:16.0542 4612 SystemInfo:
10:29:16.0542 4612
10:29:16.0542 4612 OS Version: 6.1.7601 ServicePack: 1.0
10:29:16.0542 4612 Product type: Workstation
10:29:16.0542 4612 ComputerName: JEANNE-VAIO
10:29:16.0542 4612 UserName: Jeanne
10:29:16.0542 4612 Windows directory: C:\Windows
10:29:16.0542 4612 System windows directory: C:\Windows
10:29:16.0542 4612 Running under WOW64
10:29:16.0542 4612 Processor architecture: Intel x64
10:29:16.0542 4612 Number of processors: 4
10:29:16.0542 4612 Page size: 0x1000
10:29:16.0542 4612 Boot type: Normal boot
10:29:16.0542 4612 ============================================================
10:29:17.0202 4612 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:29:17.0222 4612 ============================================================
10:29:17.0222 4612 \Device\Harddisk0\DR0:
10:29:17.0222 4612 GPT partitions:
10:29:17.0222 4612 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {F4019732-066E-4E12-8273-346C5641494F}, UniqueGUID: {FE1440EC-7199-4214-A3BB-F98D5437024B}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000
10:29:17.0222 4612 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {FF909AD1-4DBC-4A04-9B61-B0BCF9915454}, Name: Basic data partition, StartLBA 0x82800, BlocksNum 0x20D1800
10:29:17.0222 4612 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {F9002631-B2C5-4BF0-B0A6-45DE8934112B}, Name: EFI system partition, StartLBA 0x2154000, BlocksNum 0x82000
10:29:17.0222 4612 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {9A7F4B81-78C9-4B8D-A98A-183C339612A4}, Name: Microsoft reserved partition, StartLBA 0x21D6000, BlocksNum 0x40000
10:29:17.0222 4612 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {222E97B8-E928-4757-8745-0B34EEA5FD69}, Name: Basic data partition, StartLBA 0x2216000, BlocksNum 0x24F3A28F
10:29:17.0222 4612 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F9BFA0C3-C966-41FD-B1F7-93589816FEF9}, Name: Basic data partition, StartLBA 0x27150800, BlocksNum 0x23707800
10:29:17.0222 4612 MBR partitions:
10:29:17.0222 4612 ============================================================
10:29:17.0252 4612 C: <-> \Device\Harddisk0\DR0\Partition5
10:29:17.0312 4612 D: <-> \Device\Harddisk0\DR0\Partition6
10:29:17.0312 4612 ============================================================
10:29:17.0312 4612 Initialize success
10:29:17.0312 4612 ============================================================
10:29:20.0702 5072 ============================================================
10:29:20.0702 5072 Scan started
10:29:20.0702 5072 Mode: Manual;
10:29:20.0702 5072 ============================================================
10:29:20.0982 5072 ================ Scan system memory ========================
10:29:20.0982 5072 System memory - ok
10:29:20.0992 5072 ================ Scan services =============================
10:29:21.0332 5072 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:29:21.0342 5072 1394ohci - ok
10:29:21.0422 5072 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:29:21.0422 5072 ACDaemon - ok
10:29:21.0462 5072 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:29:21.0472 5072 ACPI - ok
10:29:21.0482 5072 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:29:21.0492 5072 AcpiPmi - ok
10:29:21.0542 5072 [ 4C096D550B6BC71D9D9A8716995C1879 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
10:29:21.0552 5072 AcrSch2Svc - ok
10:29:21.0632 5072 [ 047BD1EB681453A7FE492A71802AC9F3 ] AdobeActiveFileMonitor10.0 c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
10:29:21.0642 5072 AdobeActiveFileMonitor10.0 - ok
10:29:21.0702 5072 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:29:21.0712 5072 AdobeARMservice - ok
10:29:21.0832 5072 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:29:21.0832 5072 AdobeFlashPlayerUpdateSvc - ok
10:29:21.0882 5072 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:29:21.0892 5072 adp94xx - ok
10:29:21.0922 5072 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:29:21.0932 5072 adpahci - ok
10:29:21.0942 5072 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:29:21.0952 5072 adpu320 - ok
10:29:21.0972 5072 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:29:21.0982 5072 AeLookupSvc - ok
10:29:22.0022 5072 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:29:22.0032 5072 AFD - ok
10:29:22.0072 5072 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:29:22.0072 5072 agp440 - ok
10:29:22.0102 5072 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:29:22.0102 5072 ALG - ok
10:29:22.0122 5072 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:29:22.0122 5072 aliide - ok
10:29:22.0132 5072 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:29:22.0132 5072 amdide - ok
10:29:22.0142 5072 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:29:22.0152 5072 AmdK8 - ok
10:29:22.0152 5072 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:29:22.0162 5072 AmdPPM - ok
10:29:22.0182 5072 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:29:22.0192 5072 amdsata - ok
10:29:22.0232 5072 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:29:22.0232 5072 amdsbs - ok
10:29:22.0242 5072 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:29:22.0252 5072 amdxata - ok
10:29:22.0282 5072 [ 1C591C1A0CB8ABE215FF66F9A1D8E955 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
10:29:22.0282 5072 AMPPAL - ok
10:29:22.0292 5072 [ 1C591C1A0CB8ABE215FF66F9A1D8E955 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
10:29:22.0302 5072 AMPPALP - ok
10:29:22.0392 5072 [ E1841818278F2A9D66F834451D608AEA ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
10:29:22.0402 5072 AMPPALR3 - ok
10:29:22.0432 5072 [ 48CD7E6520D47D62EAB0E6CE3EC30C65 ] Andbus C:\Windows\system32\DRIVERS\lgandbus64.sys
10:29:22.0442 5072 Andbus - ok
10:29:22.0452 5072 [ 08CBACC00D15DCDBBAAE1A7C8F231C61 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag64.sys
10:29:22.0462 5072 AndDiag - ok
10:29:22.0482 5072 [ CEA9A4CD6B3A83428CE8501240833668 ] AndGps C:\Windows\system32\DRIVERS\lgandgps64.sys
10:29:22.0482 5072 AndGps - ok
10:29:22.0502 5072 [ E2B5663E547FA5E756B253EFA8EC8286 ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem64.sys
10:29:22.0502 5072 ANDModem - ok
10:29:22.0542 5072 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:29:22.0542 5072 AppID - ok
10:29:22.0572 5072 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:29:22.0572 5072 AppIDSvc - ok
10:29:22.0582 5072 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:29:22.0582 5072 Appinfo - ok
10:29:22.0632 5072 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:29:22.0632 5072 Apple Mobile Device - ok
10:29:22.0652 5072 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:29:22.0662 5072 AppMgmt - ok
10:29:22.0682 5072 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
10:29:22.0682 5072 arc - ok
10:29:22.0692 5072 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:29:22.0692 5072 arcsas - ok
10:29:22.0842 5072 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:29:22.0842 5072 aspnet_state - ok
10:29:22.0882 5072 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:29:22.0883 5072 AsyncMac - ok
10:29:22.0913 5072 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:29:22.0913 5072 atapi - ok
10:29:22.0973 5072 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
10:29:23.0003 5072 athr - ok
10:29:23.0043 5072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:29:23.0063 5072 AudioEndpointBuilder - ok
10:29:23.0073 5072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:29:23.0083 5072 AudioSrv - ok
10:29:23.0113 5072 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:29:23.0113 5072 AxInstSV - ok
10:29:23.0153 5072 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:29:23.0153 5072 b06bdrv - ok
10:29:23.0183 5072 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:29:23.0183 5072 b57nd60a - ok
10:29:23.0233 5072 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:29:23.0243 5072 BBSvc - ok
10:29:23.0273 5072 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:29:23.0283 5072 BBUpdate - ok
10:29:23.0303 5072 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:29:23.0303 5072 BDESVC - ok
10:29:23.0313 5072 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:29:23.0323 5072 Beep - ok
10:29:23.0353 5072 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:29:23.0373 5072 BFE - ok
10:29:23.0413 5072 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:29:23.0433 5072 BITS - ok
10:29:23.0453 5072 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:29:23.0463 5072 blbdrive - ok
10:29:23.0533 5072 [ 05981C3E51D827ED6B8101A54B05E392 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
10:29:23.0553 5072 Bluetooth Device Monitor - ok
10:29:23.0583 5072 [ BBFAF63BF768047FE2441B4139E803E3 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
10:29:23.0593 5072 Bluetooth Media Service - ok
10:29:23.0663 5072 [ 41D8F56E6BBE0111244D87BE2FA90374 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
10:29:23.0683 5072 Bluetooth OBEX Service - ok
10:29:23.0713 5072 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:29:23.0723 5072 Bonjour Service - ok
10:29:23.0743 5072 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:29:23.0743 5072 bowser - ok
10:29:23.0773 5072 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:29:23.0773 5072 BrFiltLo - ok
10:29:23.0783 5072 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:29:23.0783 5072 BrFiltUp - ok
10:29:23.0803 5072 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:29:23.0813 5072 Browser - ok
10:29:23.0813 5072 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:29:23.0823 5072 Brserid - ok
10:29:23.0823 5072 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:29:23.0833 5072 BrSerWdm - ok
10:29:23.0833 5072 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:29:23.0833 5072 BrUsbMdm - ok
10:29:23.0843 5072 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:29:23.0843 5072 BrUsbSer - ok
10:29:23.0873 5072 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
10:29:23.0873 5072 BthEnum - ok
10:29:23.0893 5072 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:29:23.0903 5072 BTHMODEM - ok
10:29:23.0923 5072 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:29:23.0923 5072 BthPan - ok
10:29:23.0943 5072 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
10:29:23.0953 5072 BTHPORT - ok
10:29:23.0993 5072 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:29:23.0993 5072 bthserv - ok
10:29:24.0003 5072 [ 618AFD0072F4A672977484BFF6FE4FE2 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
10:29:24.0003 5072 BTHSSecurityMgr - ok
10:29:24.0033 5072 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
10:29:24.0033 5072 BTHUSB - ok
10:29:24.0073 5072 [ 988CC6CC49303665D3B2435C51505C3F ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
10:29:24.0073 5072 btmaux - ok
10:29:24.0113 5072 [ 2B4B508AFAC2A563931AF1FE875A5B16 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
10:29:24.0123 5072 btmhsf - ok
10:29:24.0153 5072 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:29:24.0153 5072 cdfs - ok
10:29:24.0193 5072 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:29:24.0203 5072 cdrom - ok
10:29:24.0233 5072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:29:24.0233 5072 CertPropSvc - ok
10:29:24.0253 5072 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
10:29:24.0253 5072 circlass - ok
10:29:24.0273 5072 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:29:24.0283 5072 CLFS - ok
10:29:24.0333 5072 [ BB86F147B2A7152E4B4D71A2F0A87D41 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
10:29:24.0343 5072 CLKMSVC10_9EC60124 - ok
10:29:24.0383 5072 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:29:24.0393 5072 clr_optimization_v2.0.50727_32 - ok
10:29:24.0423 5072 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:29:24.0433 5072 clr_optimization_v2.0.50727_64 - ok
10:29:24.0493 5072 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:29:24.0493 5072 clr_optimization_v4.0.30319_32 - ok
10:29:24.0523 5072 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:29:24.0523 5072 clr_optimization_v4.0.30319_64 - ok
10:29:24.0553 5072 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:29:24.0563 5072 CmBatt - ok
10:29:24.0583 5072 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:29:24.0583 5072 cmdide - ok
10:29:24.0613 5072 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:29:24.0623 5072 CNG - ok
10:29:24.0643 5072 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:29:24.0643 5072 Compbatt - ok
10:29:24.0663 5072 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:29:24.0673 5072 CompositeBus - ok
10:29:24.0683 5072 COMSysApp - ok
10:29:24.0793 5072 [ 0DEC8F5E3D004E08AB0E4494B1590D24 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
10:29:24.0803 5072 cphs - ok
10:29:24.0823 5072 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:29:24.0823 5072 crcdisk - ok
10:29:24.0863 5072 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:29:24.0873 5072 CryptSvc - ok
10:29:24.0893 5072 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:29:24.0903 5072 CSC - ok
10:29:24.0933 5072 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:29:24.0953 5072 CscService - ok
10:29:25.0063 5072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:29:25.0073 5072 DcomLaunch - ok
10:29:25.0123 5072 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:29:25.0133 5072 defragsvc - ok
10:29:25.0163 5072 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:29:25.0163 5072 DfsC - ok
10:29:25.0203 5072 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:29:25.0213 5072 Dhcp - ok
10:29:25.0223 5072 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:29:25.0223 5072 discache - ok
10:29:25.0263 5072 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
10:29:25.0263 5072 Disk - ok
10:29:25.0283 5072 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:29:25.0283 5072 dmvsc - ok
10:29:25.0323 5072 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:29:25.0333 5072 Dnscache - ok
10:29:25.0353 5072 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:29:25.0363 5072 dot3svc - ok
10:29:25.0403 5072 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
10:29:25.0413 5072 Dot4 - ok
10:29:25.0423 5072 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:29:25.0423 5072 Dot4Print - ok
10:29:25.0433 5072 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
10:29:25.0443 5072 dot4usb - ok
10:29:25.0463 5072 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:29:25.0473 5072 DPS - ok
10:29:25.0513 5072 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:29:25.0513 5072 drmkaud - ok
10:29:25.0543 5072 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:29:25.0553 5072 dtsoftbus01 - ok
10:29:25.0583 5072 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:29:25.0593 5072 DXGKrnl - ok
10:29:25.0623 5072 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
10:29:25.0633 5072 e1yexpress - ok
10:29:25.0653 5072 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:29:25.0663 5072 EapHost - ok
10:29:25.0743 5072 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:29:25.0783 5072 ebdrv - ok
10:29:25.0813 5072 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:29:25.0813 5072 EFS - ok
10:29:25.0873 5072 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:29:25.0893 5072 ehRecvr - ok
10:29:25.0903 5072 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:29:25.0903 5072 ehSched - ok
10:29:25.0943 5072 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:29:25.0953 5072 elxstor - ok
10:29:25.0963 5072 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:29:25.0963 5072 ErrDev - ok
10:29:26.0003 5072 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:29:26.0013 5072 EventSystem - ok
10:29:26.0083 5072 [ 64D25284A4E9D11CA0722AF3F30FD970 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:29:26.0093 5072 EvtEng - ok
10:29:26.0113 5072 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:29:26.0113 5072 exfat - ok
10:29:26.0133 5072 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:29:26.0133 5072 fastfat - ok
10:29:26.0173 5072 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:29:26.0193 5072 Fax - ok
10:29:26.0223 5072 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
10:29:26.0223 5072 fdc - ok
10:29:26.0233 5072 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:29:26.0243 5072 fdPHost - ok
10:29:26.0253 5072 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:29:26.0253 5072 FDResPub - ok
10:29:26.0263 5072 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:29:26.0273 5072 FileInfo - ok
10:29:26.0283 5072 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:29:26.0283 5072 Filetrace - ok
10:29:26.0293 5072 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:29:26.0293 5072 flpydisk - ok
10:29:26.0313 5072 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:29:26.0323 5072 FltMgr - ok
10:29:26.0363 5072 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:29:26.0383 5072 FontCache - ok
10:29:26.0423 5072 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:29:26.0423 5072 FontCache3.0.0.0 - ok
10:29:26.0433 5072 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:29:26.0433 5072 FsDepends - ok
10:29:26.0463 5072 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:29:26.0463 5072 Fs_Rec - ok
10:29:26.0503 5072 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:29:26.0503 5072 fvevol - ok
10:29:26.0523 5072 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:29:26.0533 5072 gagp30kx - ok
10:29:26.0583 5072 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:29:26.0583 5072 GamesAppService - ok
10:29:26.0623 5072 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:29:26.0623 5072 GEARAspiWDM - ok
10:29:26.0663 5072 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:29:26.0673 5072 gpsvc - ok
10:29:26.0693 5072 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:29:26.0703 5072 hcw85cir - ok
10:29:26.0733 5072 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:29:26.0753 5072 HdAudAddService - ok
10:29:26.0793 5072 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:29:26.0793 5072 HDAudBus - ok
10:29:26.0803 5072 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:29:26.0803 5072 HidBatt - ok
10:29:26.0833 5072 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:29:26.0833 5072 HidBth - ok
10:29:26.0843 5072 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:29:26.0843 5072 HidIr - ok
10:29:26.0873 5072 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:29:26.0873 5072 hidserv - ok
10:29:26.0903 5072 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:29:26.0903 5072 HidUsb - ok
10:29:26.0933 5072 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:29:26.0933 5072 hkmsvc - ok
10:29:26.0963 5072 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:29:26.0963 5072 HomeGroupListener - ok
10:29:26.0993 5072 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:29:27.0003 5072 HomeGroupProvider - ok
10:29:27.0103 5072 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:29:27.0113 5072 hpqcxs08 - ok
10:29:27.0123 5072 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:29:27.0133 5072 hpqddsvc - ok
10:29:27.0163 5072 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:29:27.0163 5072 HpSAMD - ok
10:29:27.0243 5072 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:29:27.0263 5072 HPSLPSVC - ok
10:29:27.0303 5072 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:29:27.0313 5072 HTTP - ok
10:29:27.0343 5072 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:29:27.0343 5072 hwpolicy - ok
10:29:27.0353 5072 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:29:27.0363 5072 i8042prt - ok
10:29:27.0403 5072 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys
10:29:27.0403 5072 iaStor - ok
10:29:27.0473 5072 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:29:27.0473 5072 IAStorDataMgrSvc - ok
10:29:27.0513 5072 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:29:27.0523 5072 iaStorV - ok
10:29:27.0553 5072 [ 9E3D44CE737388F6BBBB6DD4A1C1847C ] ibtfltcoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
10:29:27.0563 5072 ibtfltcoex - ok
10:29:27.0603 5072 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:29:27.0613 5072 idsvc - ok
10:29:27.0893 5072 [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:29:28.0143 5072 igfx - ok
10:29:28.0173 5072 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:29:28.0173 5072 iirsp - ok
10:29:28.0223 5072 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:29:28.0243 5072 IKEEXT - ok
10:29:28.0273 5072 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
10:29:28.0273 5072 intaud_WaveExtensible - ok
10:29:28.0403 5072 [ 6A0E2A1E2A1E1DBAA17EE02F3A7EF0A6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:29:28.0433 5072 IntcAzAudAddService - ok
10:29:28.0463 5072 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
10:29:28.0473 5072 IntcDAud - ok
10:29:28.0503 5072 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
10:29:28.0513 5072 Intel(R) Capability Licensing Service Interface - ok
10:29:28.0553 5072 [ 9571D8BDB56EBC52280E8020574508E6 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
10:29:28.0563 5072 Intel(R) ME Service - ok
10:29:28.0583 5072 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:29:28.0583 5072 intelide - ok
10:29:28.0613 5072 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:29:28.0613 5072 intelppm - ok
10:29:28.0643 5072 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:29:28.0643 5072 IPBusEnum - ok
10:29:28.0653 5072 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:29:28.0653 5072 IpFilterDriver - ok
10:29:28.0683 5072 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:29:28.0703 5072 iphlpsvc - ok
10:29:28.0703 5072 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:29:28.0713 5072 IPMIDRV - ok
10:29:28.0743 5072 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:29:28.0743 5072 IPNAT - ok
10:29:28.0793 5072 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:29:28.0813 5072 iPod Service - ok
10:29:28.0843 5072 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:29:28.0843 5072 IRENUM - ok
10:29:28.0853 5072 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:29:28.0863 5072 isapnp - ok
10:29:28.0883 5072 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:29:28.0893 5072 iScsiPrt - ok
10:29:28.0903 5072 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
10:29:28.0903 5072 iusb3hcs - ok
10:29:28.0923 5072 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
10:29:28.0933 5072 iusb3hub - ok
10:29:28.0973 5072 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
10:29:28.0983 5072 iusb3xhc - ok
10:29:29.0023 5072 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
10:29:29.0023 5072 iwdbus - ok
10:29:29.0063 5072 [ DBD76BC1D498FE368F2C8CB76C3E00A4 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
10:29:29.0063 5072 jhi_service - ok
10:29:29.0093 5072 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:29:29.0093 5072 kbdclass - ok
10:29:29.0123 5072 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:29:29.0123 5072 kbdhid - ok
10:29:29.0143 5072 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:29:29.0143 5072 KeyIso - ok
10:29:29.0163 5072 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:29:29.0163 5072 KSecDD - ok
10:29:29.0183 5072 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:29:29.0193 5072 KSecPkg - ok
10:29:29.0223 5072 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:29:29.0233 5072 ksthunk - ok
10:29:29.0273 5072 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:29:29.0273 5072 KtmRm - ok
10:29:29.0303 5072 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:29:29.0313 5072 LanmanServer - ok
10:29:29.0333 5072 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:29:29.0343 5072 LanmanWorkstation - ok
10:29:29.0373 5072 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:29:29.0373 5072 lltdio - ok
10:29:29.0413 5072 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:29:29.0423 5072 lltdsvc - ok
10:29:29.0433 5072 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:29:29.0443 5072 lmhosts - ok
10:29:29.0483 5072 [ 86E4CC39C953D11EF57CF54C4DC78238 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:29:29.0483 5072 LMS - ok
10:29:29.0523 5072 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:29:29.0523 5072 LSI_FC - ok
10:29:29.0533 5072 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:29:29.0533 5072 LSI_SAS - ok
10:29:29.0543 5072 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:29:29.0543 5072 LSI_SAS2 - ok
10:29:29.0553 5072 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:29:29.0563 5072 LSI_SCSI - ok
10:29:29.0583 5072 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:29:29.0583 5072 luafv - ok
10:29:29.0593 5072 McAfee SiteAdvisor Service - ok
10:29:29.0623 5072 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:29:29.0633 5072 Mcx2Svc - ok
10:29:29.0653 5072 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
10:29:29.0653 5072 megasas - ok
10:29:29.0663 5072 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:29:29.0673 5072 MegaSR - ok
10:29:29.0693 5072 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:29:29.0703 5072 MEIx64 - ok
10:29:29.0743 5072 Microsoft SharePoint Workspace Audit Service - ok
10:29:29.0763 5072 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:29:29.0763 5072 MMCSS - ok
10:29:29.0793 5072 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:29:29.0793 5072 Modem - ok
10:29:29.0813 5072 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:29:29.0813 5072 monitor - ok
10:29:29.0843 5072 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:29:29.0843 5072 mouclass - ok
10:29:29.0883 5072 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:29:29.0883 5072 mouhid - ok
10:29:29.0893 5072 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:29:29.0893 5072 mountmgr - ok
10:29:29.0944 5072 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:29:29.0944 5072 MozillaMaintenance - ok
10:29:29.0984 5072 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:29:29.0984 5072 MpFilter - ok
10:29:30.0004 5072 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:29:30.0014 5072 mpio - ok
10:29:30.0034 5072 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:29:30.0034 5072 mpsdrv - ok
10:29:30.0074 5072 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:29:30.0094 5072 MpsSvc - ok
10:29:30.0104 5072 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:29:30.0104 5072 MRxDAV - ok
10:29:30.0124 5072 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:29:30.0134 5072 mrxsmb - ok
10:29:30.0144 5072 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:29:30.0154 5072 mrxsmb10 - ok
10:29:30.0174 5072 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:29:30.0174 5072 mrxsmb20 - ok
10:29:30.0184 5072 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:29:30.0184 5072 msahci - ok
10:29:30.0204 5072 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:29:30.0204 5072 msdsm - ok
10:29:30.0224 5072 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:29:30.0234 5072 MSDTC - ok
10:29:30.0264 5072 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:29:30.0264 5072 Msfs - ok
10:29:30.0274 5072 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:29:30.0274 5072 mshidkmdf - ok
10:29:30.0284 5072 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:29:30.0284 5072 msisadrv - ok
10:29:30.0324 5072 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:29:30.0324 5072 MSiSCSI - ok
10:29:30.0334 5072 msiserver - ok
10:29:30.0364 5072 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:29:30.0364 5072 MSKSSRV - ok
10:29:30.0414 5072 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
10:29:30.0414 5072 MsMpSvc - ok
10:29:30.0434 5072 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:29:30.0434 5072 MSPCLOCK - ok
10:29:30.0454 5072 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:29:30.0454 5072 MSPQM - ok
10:29:30.0484 5072 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:29:30.0484 5072 MsRPC - ok
10:29:30.0504 5072 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:29:30.0504 5072 mssmbios - ok
10:29:30.0534 5072 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:29:30.0534 5072 MSTEE - ok
10:29:30.0544 5072 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:29:30.0544 5072 MTConfig - ok
10:29:30.0564 5072 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:29:30.0564 5072 Mup - ok
10:29:30.0614 5072 [ E3B58E3011B207C5289D11173B30E298 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
10:29:30.0614 5072 MyWiFiDHCPDNS - ok
10:29:30.0644 5072 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:29:30.0664 5072 napagent - ok
10:29:30.0714 5072 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:29:30.0714 5072 NativeWifiP - ok
10:29:30.0804 5072 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:29:30.0824 5072 NDIS - ok
10:29:30.0854 5072 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:29:30.0854 5072 NdisCap - ok
10:29:30.0874 5072 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:29:30.0874 5072 NdisTapi - ok
10:29:30.0904 5072 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:29:30.0904 5072 Ndisuio - ok
10:29:30.0934 5072 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:29:30.0934 5072 NdisWan - ok
10:29:30.0944 5072 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:29:30.0944 5072 NDProxy - ok
10:29:30.0994 5072 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:29:30.0994 5072 Net Driver HPZ12 - ok
10:29:31.0024 5072 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:29:31.0024 5072 NetBIOS - ok
10:29:31.0044 5072 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:29:31.0054 5072 NetBT - ok
10:29:31.0064 5072 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:29:31.0064 5072 Netlogon - ok
10:29:31.0104 5072 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:29:31.0114 5072 Netman - ok
10:29:31.0174 5072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:29:31.0174 5072 NetMsmqActivator - ok
10:29:31.0184 5072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:29:31.0184 5072 NetPipeActivator - ok
10:29:31.0224 5072 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:29:31.0234 5072 netprofm - ok
10:29:31.0244 5072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:29:31.0244 5072 NetTcpActivator - ok
10:29:31.0254 5072 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:29:31.0254 5072 NetTcpPortSharing - ok
10:29:31.0474 5072 [ 47DC062656EA661FE9175DBACAD00E9D ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
10:29:31.0674 5072 NETwNs64 - ok
10:29:31.0704 5072 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:29:31.0714 5072 nfrd960 - ok
10:29:31.0744 5072 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:29:31.0744 5072 NisDrv - ok
10:29:31.0764 5072 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
10:29:31.0774 5072 NisSrv - ok
10:29:31.0814 5072 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:29:31.0824 5072 NlaSvc - ok
10:29:31.0844 5072 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:29:31.0844 5072 Npfs - ok
10:29:31.0864 5072 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:29:31.0874 5072 nsi - ok
10:29:31.0884 5072 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:29:31.0884 5072 nsiproxy - ok
10:29:31.0954 5072 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:29:31.0984 5072 Ntfs - ok
10:29:32.0014 5072 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:29:32.0014 5072 Null - ok
10:29:32.0254 5072 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:29:32.0454 5072 nvlddmkm - ok
10:29:32.0484 5072 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:29:32.0484 5072 nvraid - ok
10:29:32.0494 5072 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:29:32.0494 5072 nvstor - ok
10:29:32.0524 5072 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:29:32.0534 5072 nv_agp - ok
10:29:32.0534 5072 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:29:32.0544 5072 ohci1394 - ok
10:29:32.0614 5072 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:29:32.0614 5072 ose - ok
10:29:32.0774 5072 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:29:32.0834 5072 osppsvc - ok
10:29:32.0874 5072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:29:32.0874 5072 p2pimsvc - ok
10:29:32.0894 5072 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:29:32.0894 5072 p2psvc - ok
10:29:32.0914 5072 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
10:29:32.0914 5072 Parport - ok
10:29:32.0944 5072 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:29:32.0944 5072 partmgr - ok
10:29:32.0964 5072 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:29:32.0964 5072 PcaSvc - ok
10:29:32.0984 5072 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:29:32.0984 5072 pci - ok
10:29:32.0994 5072 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:29:32.0994 5072 pciide - ok
10:29:33.0014 5072 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:29:33.0024 5072 pcmcia - ok
10:29:33.0034 5072 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:29:33.0034 5072 pcw - ok
10:29:33.0064 5072 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:29:33.0074 5072 PEAUTH - ok
10:29:33.0124 5072 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:29:33.0154 5072 PeerDistSvc - ok
10:29:33.0234 5072 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:29:33.0234 5072 PerfHost - ok
10:29:33.0304 5072 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:29:33.0334 5072 pla - ok
10:29:33.0374 5072 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:29:33.0384 5072 PlugPlay - ok
10:29:33.0424 5072 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:29:33.0424 5072 Pml Driver HPZ12 - ok
10:29:33.0454 5072 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:29:33.0454 5072 PNRPAutoReg - ok
10:29:33.0474 5072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:29:33.0484 5072 PNRPsvc - ok
10:29:33.0514 5072 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:29:33.0524 5072 PolicyAgent - ok
10:29:33.0544 5072 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:29:33.0554 5072 Power - ok
10:29:33.0584 5072 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:29:33.0584 5072 PptpMiniport - ok
10:29:33.0604 5072 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
10:29:33.0604 5072 Processor - ok
10:29:33.0634 5072 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:29:33.0644 5072 ProfSvc - ok
10:29:33.0654 5072 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:29:33.0654 5072 ProtectedStorage - ok
10:29:33.0674 5072 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:29:33.0674 5072 Psched - ok
10:29:33.0704 5072 [ F2EECF8977BD3FE4E38743DDCFBECD20 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:29:33.0714 5072 PxHlpa64 - ok
10:29:33.0774 5072 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:29:33.0804 5072 ql2300 - ok
10:29:33.0814 5072 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:29:33.0824 5072 ql40xx - ok
10:29:33.0844 5072 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:29:33.0844 5072 QWAVE - ok
10:29:33.0864 5072 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:29:33.0864 5072 QWAVEdrv - ok
10:29:33.0864 5072 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:29:33.0874 5072 RasAcd - ok
10:29:33.0894 5072 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:29:33.0894 5072 RasAgileVpn - ok
10:29:33.0914 5072 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:29:33.0914 5072 RasAuto - ok
10:29:33.0944 5072 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:29:33.0944 5072 Rasl2tp - ok
10:29:33.0984 5072 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:29:33.0994 5072 RasMan - ok
10:29:34.0014 5072 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:29:34.0014 5072 RasPppoe - ok
10:29:34.0024 5072 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:29:34.0024 5072 RasSstp - ok
10:29:34.0044 5072 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:29:34.0044 5072 rdbss - ok
10:29:34.0064 5072 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:29:34.0064 5072 rdpbus - ok
10:29:34.0074 5072 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:29:34.0084 5072 RDPCDD - ok
10:29:34.0104 5072 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:29:34.0104 5072 RDPDR - ok
10:29:34.0124 5072 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:29:34.0124 5072 RDPENCDD - ok
10:29:34.0134 5072 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:29:34.0134 5072 RDPREFMP - ok
10:29:34.0164 5072 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:29:34.0174 5072 RDPWD - ok
10:29:34.0194 5072 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:29:34.0204 5072 rdyboost - ok
10:29:34.0274 5072 [ F3AF2B43F35DBB3A0EB9FEEEC7D62217 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:29:34.0274 5072 RegSrvc - ok
10:29:34.0304 5072 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:29:34.0314 5072 RemoteAccess - ok
10:29:34.0344 5072 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:29:34.0354 5072 RemoteRegistry - ok
10:29:34.0394 5072 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:29:34.0404 5072 RFCOMM - ok
10:29:34.0444 5072 [ 76157F737959CECF9AC4AE5783493075 ] rimssne C:\Windows\system32\DRIVERS\rimssne64.sys
10:29:34.0444 5072 rimssne - ok
10:29:34.0464 5072 [ 0D45CECAAAB65E5598E8DD8BBD2CBDD2 ] risdsnxc C:\Windows\system32\DRIVERS\risdsnxc64.sys
10:29:34.0464 5072 risdsnxc - ok
10:29:34.0484 5072 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:29:34.0494 5072 RpcEptMapper - ok
10:29:34.0514 5072 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:29:34.0524 5072 RpcLocator - ok
10:29:34.0544 5072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:29:34.0554 5072 RpcSs - ok
10:29:34.0584 5072 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:29:34.0594 5072 rspndr - ok
10:29:34.0624 5072 [ 39A719875F572241C585A629EE62EB14 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:29:34.0634 5072 RTL8167 - ok
10:29:34.0644 5072 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:29:34.0644 5072 s3cap - ok
10:29:34.0664 5072 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:29:34.0664 5072 SamSs - ok
10:29:34.0684 5072 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:29:34.0684 5072 sbp2port - ok
10:29:34.0714 5072 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:29:34.0724 5072 SCardSvr - ok
10:29:34.0754 5072 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:29:34.0754 5072 scfilter - ok
10:29:34.0794 5072 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:29:34.0814 5072 Schedule - ok
10:29:34.0844 5072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:29:34.0854 5072 SCPolicySvc - ok
10:29:34.0894 5072 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:29:34.0894 5072 sdbus - ok
10:29:34.0924 5072 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:29:34.0934 5072 SDRSVC - ok
10:29:34.0954 5072 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:29:34.0954 5072 secdrv - ok
10:29:34.0974 5072 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:29:34.0984 5072 seclogon - ok
10:29:35.0014 5072 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:29:35.0024 5072 SENS - ok
10:29:35.0054 5072 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:29:35.0064 5072 SensrSvc - ok
10:29:35.0094 5072 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
10:29:35.0094 5072 Serenum - ok
10:29:35.0104 5072 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
10:29:35.0104 5072 Serial - ok
10:29:35.0114 5072 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:29:35.0124 5072 sermouse - ok
10:29:35.0154 5072 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:29:35.0164 5072 SessionEnv - ok
10:29:35.0204 5072 [ 85D0F874734C105D02280B39BF0AD23F ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
10:29:35.0234 5072 SFEP - ok
10:29:35.0254 5072 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:29:35.0254 5072 sffdisk - ok
10:29:35.0264 5072 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:29:35.0274 5072 sffp_mmc - ok
10:29:35.0274 5072 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:29:35.0284 5072 sffp_sd - ok
10:29:35.0284 5072 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:29:35.0294 5072 sfloppy - ok
10:29:35.0324 5072 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:29:35.0334 5072 SharedAccess - ok
10:29:35.0374 5072 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:29:35.0384 5072 ShellHWDetection - ok
10:29:35.0404 5072 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:29:35.0404 5072 SiSRaid2 - ok
10:29:35.0424 5072 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:29:35.0424 5072 SiSRaid4 - ok
10:29:35.0484 5072 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:29:35.0484 5072 SkypeUpdate - ok
10:29:35.0514 5072 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:29:35.0514 5072 Smb - ok
10:29:35.0564 5072 [ D33F37DD403741982DBE99C7B6B6FF63 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
10:29:35.0564 5072 snapman - ok
10:29:35.0594 5072 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:29:35.0594 5072 SNMPTRAP - ok
10:29:35.0614 5072 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:29:35.0614 5072 spldr - ok
10:29:35.0644 5072 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
10:29:35.0664 5072 Spooler - ok
10:29:35.0754 5072 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:29:35.0824 5072 sppsvc - ok
10:29:35.0844 5072 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:29:35.0844 5072 sppuinotify - ok
10:29:35.0874 5072 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:29:35.0884 5072 srv - ok
10:29:35.0894 5072 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:29:35.0904 5072 srv2 - ok
10:29:35.0924 5072 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:29:35.0924 5072 srvnet - ok
10:29:35.0954 5072 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:29:35.0964 5072 SSDPSRV - ok
10:29:35.0984 5072 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:29:35.0984 5072 SstpSvc - ok
10:29:36.0004 5072 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:29:36.0004 5072 stexstor - ok
10:29:36.0034 5072 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:29:36.0044 5072 stisvc - ok
10:29:36.0054 5072 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:29:36.0054 5072 storflt - ok
10:29:36.0074 5072 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
10:29:36.0084 5072 StorSvc - ok
10:29:36.0114 5072 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:29:36.0114 5072 storvsc - ok
10:29:36.0134 5072 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:29:36.0134 5072 swenum - ok
10:29:36.0154 5072 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:29:36.0164 5072 swprv - ok
10:29:36.0204 5072 [ A7B18B920901CD5E11B196869C6F9F0E ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:29:36.0204 5072 SynTP - ok
10:29:36.0264 5072 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:29:36.0294 5072 SysMain - ok
10:29:36.0314 5072 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:29:36.0314 5072 TabletInputService - ok
10:29:36.0334 5072 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:29:36.0344 5072 TapiSrv - ok
10:29:36.0374 5072 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:29:36.0374 5072 TBS - ok
10:29:36.0434 5072 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:29:36.0464 5072 Tcpip - ok
10:29:36.0514 5072 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:29:36.0534 5072 TCPIP6 - ok
10:29:36.0554 5072 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:29:36.0554 5072 tcpipreg - ok
10:29:36.0574 5072 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:29:36.0574 5072 TDPIPE - ok
10:29:36.0594 5072 [ 0735948466EC4FD24AA4AD36448C6888 ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
10:29:36.0604 5072 tdrpman - ok
10:29:36.0634 5072 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:29:36.0634 5072 TDTCP - ok
10:29:36.0664 5072 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:29:36.0664 5072 tdx - ok
10:29:36.0684 5072 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:29:36.0684 5072 TermDD - ok
10:29:36.0724 5072 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:29:36.0744 5072 TermService - ok
10:29:36.0754 5072 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:29:36.0764 5072 Themes - ok
10:29:36.0784 5072 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:29:36.0794 5072 THREADORDER - ok
10:29:36.0814 5072 [ 8FF7D3276F47938AD11FD15B4EB1ABF6 ] tifsfilter C:\Windows\system32\DRIVERS\tifsfilt.sys
10:29:36.0824 5072 tifsfilter - ok
10:29:36.0844 5072 [ 5D21EC50C03387B9519E87A303D0850B ] timounter C:\Windows\system32\DRIVERS\timntr.sys
10:29:36.0864 5072 timounter - ok
10:29:36.0934 5072 [ E319535A8124F25C1C9C5288CACF3101 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
10:29:36.0944 5072 TomTomHOMEService - ok
10:29:36.0964 5072 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:29:36.0974 5072 TrkWks - ok
10:29:37.0024 5072 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:29:37.0034 5072 TrustedInstaller - ok
10:29:37.0084 5072 [ 7C9159A4647AC97CFA106BFB38789FB8 ] TryAndDecideService C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
10:29:37.0094 5072 TryAndDecideService - ok
10:29:37.0114 5072 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:29:37.0124 5072 tssecsrv - ok
10:29:37.0154 5072 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:29:37.0154 5072 TsUsbFlt - ok
10:29:37.0164 5072 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:29:37.0174 5072 TsUsbGD - ok
10:29:37.0194 5072 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:29:37.0194 5072 tunnel - ok
10:29:37.0204 5072 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:29:37.0214 5072 uagp35 - ok
10:29:37.0224 5072 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:29:37.0234 5072 udfs - ok
10:29:37.0264 5072 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:29:37.0274 5072 UI0Detect - ok
10:29:37.0294 5072 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:29:37.0294 5072 uliagpkx - ok
10:29:37.0324 5072 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:29:37.0324 5072 umbus - ok
10:29:37.0344 5072 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:29:37.0344 5072 UmPass - ok
10:29:37.0374 5072 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:29:37.0384 5072 UmRdpService - ok
10:29:37.0464 5072 [ D80B1075B69B57A3AB78F750CE463ECE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:29:37.0474 5072 UNS - ok
10:29:37.0514 5072 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:29:37.0524 5072 upnphost - ok
10:29:37.0554 5072 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:29:37.0554 5072 USBAAPL64 - ok
10:29:37.0584 5072 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:29:37.0594 5072 usbccgp - ok
10:29:37.0614 5072 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:29:37.0624 5072 usbcir - ok
10:29:37.0634 5072 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:29:37.0644 5072 usbehci - ok
10:29:37.0684 5072 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:29:37.0684 5072 usbhub - ok
10:29:37.0704 5072 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:29:37.0704 5072 usbohci - ok
10:29:37.0724 5072 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:29:37.0724 5072 usbprint - ok
10:29:37.0754 5072 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:29:37.0764 5072 usbscan - ok
10:29:37.0774 5072 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:29:37.0774 5072 USBSTOR - ok
10:29:37.0794 5072 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:29:37.0804 5072 usbuhci - ok
10:29:37.0834 5072 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:29:37.0834 5072 usbvideo - ok
10:29:37.0874 5072 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
10:29:37.0874 5072 usb_rndisx - ok
10:29:37.0904 5072 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:29:37.0914 5072 UxSms - ok
10:29:37.0964 5072 [ 203FD19D70549A2939E1AE3A36608151 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
10:29:37.0964 5072 VAIO Event Service - ok
10:29:38.0034 5072 [ 59308CD511A5F3EE33595FFD46F76B31 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
10:29:38.0044 5072 VAIO Power Management - ok
10:29:38.0054 5072 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:29:38.0064 5072 VaultSvc - ok
10:29:38.0094 5072 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:29:38.0104 5072 vdrvroot - ok
10:29:38.0134 5072 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:29:38.0144 5072 vds - ok
10:29:38.0174 5072 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:29:38.0174 5072 vga - ok
10:29:38.0194 5072 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:29:38.0194 5072 VgaSave - ok
10:29:38.0204 5072 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:29:38.0214 5072 vhdmp - ok
10:29:38.0224 5072 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:29:38.0234 5072 viaide - ok
10:29:38.0244 5072 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:29:38.0244 5072 vmbus - ok
10:29:38.0254 5072 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:29:38.0254 5072 VMBusHID - ok
10:29:38.0274 5072 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:29:38.0284 5072 volmgr - ok
10:29:38.0304 5072 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:29:38.0314 5072 volmgrx - ok
10:29:38.0344 5072 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:29:38.0344 5072 volsnap - ok
10:29:38.0384 5072 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:29:38.0384 5072 vsmraid - ok
10:29:38.0464 5072 [ 809E14B31DCB9BA57F700232FB63AB28 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
10:29:38.0484 5072 VSNService - ok
10:29:38.0544 5072 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:29:38.0574 5072 VSS - ok
10:29:38.0654 5072 [ F5742637A15179AD47C41855A3BF9415 ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
10:29:38.0684 5072 VUAgent - ok
10:29:38.0694 5072 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:29:38.0704 5072 vwifibus - ok
10:29:38.0744 5072 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:29:38.0744 5072 vwififlt - ok
10:29:38.0774 5072 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:29:38.0774 5072 vwifimp - ok
10:29:38.0804 5072 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:29:38.0814 5072 W32Time - ok
10:29:38.0834 5072 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:29:38.0844 5072 WacomPen - ok
10:29:38.0864 5072 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:29:38.0874 5072 WANARP - ok
10:29:38.0884 5072 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:29:38.0884 5072 Wanarpv6 - ok
10:29:38.0934 5072 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:29:38.0964 5072 wbengine - ok
10:29:38.0984 5072 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:29:38.0994 5072 WbioSrvc - ok
10:29:39.0004 5072 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:29:39.0014 5072 wcncsvc - ok
10:29:39.0034 5072 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:29:39.0034 5072 WcsPlugInService - ok
10:29:39.0064 5072 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
10:29:39.0064 5072 Wd - ok
10:29:39.0094 5072 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:29:39.0104 5072 Wdf01000 - ok
10:29:39.0124 5072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:29:39.0134 5072 WdiServiceHost - ok
10:29:39.0134 5072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:29:39.0144 5072 WdiSystemHost - ok
10:29:39.0154 5072 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:29:39.0164 5072 WebClient - ok
10:29:39.0184 5072 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:29:39.0194 5072 Wecsvc - ok
10:29:39.0204 5072 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:29:39.0214 5072 wercplsupport - ok
10:29:39.0244 5072 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:29:39.0244 5072 WerSvc - ok
10:29:39.0274 5072 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:29:39.0274 5072 WfpLwf - ok
10:29:39.0284 5072 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:29:39.0294 5072 WIMMount - ok
10:29:39.0304 5072 WinDefend - ok
10:29:39.0314 5072 WinHttpAutoProxySvc - ok
10:29:39.0364 5072 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:29:39.0374 5072 Winmgmt - ok
10:29:39.0444 5072 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:29:39.0484 5072 WinRM - ok
10:29:39.0534 5072 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:29:39.0554 5072 Wlansvc - ok
10:29:39.0594 5072 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:29:39.0604 5072 wlcrasvc - ok
10:29:39.0694 5072 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:29:39.0724 5072 wlidsvc - ok
10:29:39.0754 5072 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:29:39.0754 5072 WmiAcpi - ok
10:29:39.0784 5072 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:29:39.0794 5072 wmiApSrv - ok
10:29:39.0804 5072 WMPNetworkSvc - ok
10:29:39.0834 5072 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:29:39.0844 5072 WPCSvc - ok
10:29:39.0854 5072 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:29:39.0854 5072 WPDBusEnum - ok
10:29:39.0874 5072 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:29:39.0884 5072 ws2ifsl - ok
10:29:39.0894 5072 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:29:39.0904 5072 wscsvc - ok
10:29:39.0935 5072 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
10:29:39.0945 5072 WSDPrintDevice - ok
10:29:39.0945 5072 WSearch - ok
10:29:40.0025 5072 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:29:40.0065 5072 wuauserv - ok
10:29:40.0075 5072 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:29:40.0075 5072 WudfPf - ok
10:29:40.0105 5072 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:29:40.0105 5072 WUDFRd - ok
10:29:40.0125 5072 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:29:40.0135 5072 wudfsvc - ok
10:29:40.0145 5072 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:29:40.0155 5072 WwanSvc - ok
10:29:40.0225 5072 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
10:29:40.0245 5072 YahooAUService - ok
10:29:40.0325 5072 [ 74713CB32792F9C7632DAA7DA22CA974 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
10:29:40.0335 5072 ZeroConfigService - ok
10:29:40.0375 5072 ================ Scan global ===============================
10:29:40.0395 5072 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:29:40.0435 5072 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:29:40.0445 5072 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:29:40.0485 5072 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:29:40.0505 5072 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:29:40.0515 5072 [Global] - ok
10:29:40.0515 5072 ================ Scan MBR ==================================
10:29:40.0535 5072 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
10:29:40.0545 5072 \Device\Harddisk0\DR0 - ok
10:29:40.0545 5072 ================ Scan VBR ==================================
10:29:40.0555 5072 [ E68D8250A89C4CDEAFBF7B9682FD0F86 ] \Device\Harddisk0\DR0\Partition1
10:29:40.0555 5072 \Device\Harddisk0\DR0\Partition1 - ok
10:29:40.0565 5072 [ 31560D38549544902D9210AB0820900A ] \Device\Harddisk0\DR0\Partition2
10:29:40.0575 5072 \Device\Harddisk0\DR0\Partition2 - ok
10:29:40.0585 5072 [ BEC9B7BD8B9524CAA08F3BBBDBE1E987 ] \Device\Harddisk0\DR0\Partition3
10:29:40.0595 5072 \Device\Harddisk0\DR0\Partition3 - ok
10:29:40.0605 5072 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition4
10:29:40.0605 5072 \Device\Harddisk0\DR0\Partition4 - ok
10:29:40.0615 5072 [ 02EF7F6C4D56F91EC7944FF9BFF0F851 ] \Device\Harddisk0\DR0\Partition5
10:29:40.0625 5072 \Device\Harddisk0\DR0\Partition5 - ok
10:29:40.0645 5072 [ A7E5F208070C8218B020F2830E9A2C48 ] \Device\Harddisk0\DR0\Partition6
10:29:40.0645 5072 \Device\Harddisk0\DR0\Partition6 - ok
10:29:40.0655 5072 ============================================================
10:29:40.0655 5072 Scan finished
10:29:40.0655 5072 ============================================================
10:29:40.0675 1508 Detected object count: 0
10:29:40.0675 1508 Actual detected object count: 0
10:30:31.0994 6024 Deinitialize success
Jenny |
|
19.09.2012, 09:56
| #4 |
| /// Malwareteam | "Dieses Programm kann die Webseite nicht anziegen" - Desktop geblockt Schritt 1: Fix mit OTL
Code:
ATTFilter :files
C:\ProgramData\uwfezwxkmunvkaf
C:\Users\Jeanne\0.8261581603262712.exe
C:\ProgramData\rwjbclvhyhygvvb
C:\Users\Jeanne\0.8514815910704817.exe
C:\Windows\assembly\Desktop.ini
:COMMANDS
[emptytemp]
[emptyflash]
[emptyjava]
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
19.09.2012, 12:48
| #5 |
| | "Dieses Programm kann die Webseite nicht anziegen" - Desktop geblockt Hallo hier die Logs: OTL: Code:
ATTFilter All processes killed
========== FILES ==========
C:\ProgramData\uwfezwxkmunvkaf folder moved successfully.
C:\Users\Jeanne\0.8261581603262712.exe moved successfully.
C:\ProgramData\rwjbclvhyhygvvb moved successfully.
File\Folder C:\Users\Jeanne\0.8514815910704817.exe not found.
C:\Windows\assembly\Desktop.ini moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jeanne
->Temp folder emptied: 5613543102 bytes
->Temporary Internet Files folder emptied: 107286405 bytes
->Java cache emptied: 998311 bytes
->FireFox cache emptied: 111326133 bytes
->Flash cache emptied: 78051 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9335567 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 183105 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 641 bytes
RecycleBin emptied: 9485435106 bytes
Total Files Cleaned = 14.618,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Jeanne
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Jeanne
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.63.0 log created on 09192012_113918
Files\Folders moved on Reboot...
C:\Users\Jeanne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.19.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jeanne :: JEANNE-VAIO [Administrator] 19.09.2012 11:47:55 mbam-log-2012-09-19 (11-47-55).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 507610 Laufzeit: 1 Stunde(n), 52 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\Activation\mini-KMS_Auto_Activation_Tool_Office2010_VL_v1.13.exe (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\actofvl\KMService.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
19.09.2012, 12:54
| #6 | |
| /// Malwareteam | "Dieses Programm kann die Webseite nicht anziegen" - Desktop geblocktZitat:
 Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren. Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malwaredateien ) Dies ist einer der Hauptursachen für Infektionen. Ausserdem sind Cracks, Keygens, usw. illegal und das ist genauso Diebstahl wie in einem Laden. Darum haben wir uns darauf geeinigt: Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems
__________________ --> "Dieses Programm kann die Webseite nicht anziegen" - Desktop geblockt |
|
19.09.2012, 13:26
| #7 |
| | "Dieses Programm kann die Webseite nicht anziegen" - Desktop geblockt Alles klar, trotzdem viel Dank für die Hilfe! |
|
| Themen zu "Dieses Programm kann die Webseite nicht anziegen" - Desktop geblockt |
| adobe, avg, avg secure search, bho, bingbar, bonjour, converter, desktop, document, downloader, fehlermeldung, firefox, flash player, format, home, logfile, monitor, mozilla, mp3, ohne abgesicherten modus, plug-in, problem, programm, realtek, registry, scan, secure search, security, senden, usb 3.0, version., wildtangent games, windows |
Textbox.
Linear-Darstellung
