| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Live Security Platinum hat zugschlagen - Win7 64bit ProWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.09.2012, 08:34
| #1 |
 |  Live Security Platinum hat zugschlagen - Win7 64bit Pro Heute Nacht (20.09.12) - auf einmal trotz Scanner hat sich der Trojaner "Live Security Platinum" bei mir im System eingeschlichen. - Task-Manager funktioniert noch - Microsoft Securtiy Essential - Dienst lässt sich nicht mehr starten (sehe den Dienst auch nicht!?) Was habe ich bisher gemacht: Desinfec’t 2012 gestartet und mit aktualisierten Virenpattern drüber laufen lassen. Ein paar Virendateien wurden gefunden und mit der Endung „.Virus“ versehen. Hat aber nichts gebracht. Nun bin ich auf dieses Forum aufmerksam geworden und hoffe Hilfe von Euch zu bekommen! Malwarebytes Anti-Malware - LOG: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.20.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] Schutz: Deaktiviert 20.09.2012 08:39:28 mbam-log-2012-09-20 (08-39-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 373891 Laufzeit: 20 Minute(n), 39 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 6 C:\$Recycle.Bin\S-1-5-18\$59ee3345a2f46250921637cfa9c46729\n.VIRUS (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-18\$59ee3345a2f46250921637cfa9c46729\U\00000001.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-18\$59ee3345a2f46250921637cfa9c46729\U\80000000.@.VIRUS (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-18\$59ee3345a2f46250921637cfa9c46729\U\800000cb.@.VIRUS (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-1723670816-2989522225-3086513710-1000\$59ee3345a2f46250921637cfa9c46729\n.VIRUS (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\225932FD02D490FB02B98E1AF875EF60\225932FD02D490FB02B98E1AF875EF60.exe.VIRUS (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Defogger-LOG: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:56 on 20/09/2012 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Danach Neustart! OTL-LOGS: Im Anhang ADWCleaner vorsorglich: Code:
ATTFilter # AdwCleaner v2.002 - Datei am 09/20/2012 um 09:46:35 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - ***
# Bootmodus : Normal
# Ausgeführt unter : C:\users\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\ProgramData\boost_interprocess
Ordner Gefunden : C:\Users\***\AppData\Roaming\pdfforge
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Profilname : default
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\2nbiu81a.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v20.0.1132.47
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1272 octets] - [20/09/2012 09:44:47]
AdwCleaner[R2].txt - [1203 octets] - [20/09/2012 09:46:35]
########## EOF - C:\AdwCleaner[R2].txt - [1263 octets] ##########
Danke schonmal im Voraus! Gruß Naga Geändert von Nagamichisan (20.09.2012 um 08:48 Uhr) |
|
20.09.2012, 08:58
| #2 |
| /// Malwareteam    | Live Security Platinum hat zugschlagen - Win7 64bit Pro Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Live Security Platinum ist nicht dein eigentliches Problem - du hast das ZeroAccess-Rootkit am System. Das könnte ein wenig holprig werden! Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
20.09.2012, 09:13
| #3 |
| | Live Security Platinum hat zugschlagen - Win7 64bit Pro Hallo Marius, danke für Deine Hilfe!
__________________Live Security Platinum ist aber dennoch in den Programmen (Systemsteuerung) und im Startmenü vorhanden. aswMBR bricht bei C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Tools.Appplications ... (weiter kann ich nichts lesen) ab! Meldung: "avast! Antirootkit funktioniert nicht mehr!" TDSS-Killer No threats found Code:
ATTFilter 10:10:45.0088 2836 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:10:45.0252 2836 ============================================================
10:10:45.0252 2836 Current date / time: 2012/09/20 10:10:45.0252
10:10:45.0252 2836 SystemInfo:
10:10:45.0252 2836
10:10:45.0252 2836 OS Version: 6.1.7601 ServicePack: 1.0
10:10:45.0252 2836 Product type: Workstation
10:10:45.0252 2836 ComputerName: ***
10:10:45.0252 2836 UserName: ***
10:10:45.0252 2836 Windows directory: C:\Windows
10:10:45.0252 2836 System windows directory: C:\Windows
10:10:45.0252 2836 Running under WOW64
10:10:45.0252 2836 Processor architecture: Intel x64
10:10:45.0252 2836 Number of processors: 8
10:10:45.0252 2836 Page size: 0x1000
10:10:45.0252 2836 Boot type: Normal boot
10:10:45.0252 2836 ============================================================
10:10:45.0415 2836 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:10:45.0434 2836 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C0E00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B600, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:10:45.0440 2836 ============================================================
10:10:45.0441 2836 \Device\Harddisk0\DR0:
10:10:45.0441 2836 MBR partitions:
10:10:45.0441 2836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
10:10:45.0441 2836 \Device\Harddisk1\DR1:
10:10:45.0441 2836 MBR partitions:
10:10:45.0441 2836 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E05800
10:10:45.0441 2836 ============================================================
10:10:45.0442 2836 C: <-> \Device\Harddisk0\DR0\Partition1
10:10:45.0477 2836 D: <-> \Device\Harddisk1\DR1\Partition1
10:10:45.0477 2836 ============================================================
10:10:45.0477 2836 Initialize success
10:10:45.0478 2836 ============================================================
10:11:01.0853 5780 ============================================================
10:11:01.0853 5780 Scan started
10:11:01.0853 5780 Mode: Manual; TDLFS;
10:11:01.0853 5780 ============================================================
10:11:03.0066 5780 ================ Scan system memory ========================
10:11:03.0066 5780 System memory - ok
10:11:03.0067 5780 ================ Scan services =============================
10:11:03.0074 5780 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
10:11:03.0076 5780 !SASCORE - ok
10:11:03.0119 5780 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
10:11:03.0122 5780 1394ohci - ok
10:11:03.0128 5780 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:11:03.0131 5780 ACPI - ok
10:11:03.0134 5780 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:11:03.0134 5780 AcpiPmi - ok
10:11:03.0149 5780 [ 0C9A37D1456F44D7A1F9AE888E62C180 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
10:11:03.0157 5780 AcrSch2Svc - ok
10:11:03.0161 5780 [ D44BCAF639E4E45307C2BC80715273D5 ] adfs C:\Windows\system32\drivers\adfs.sys
10:11:03.0162 5780 adfs - ok
10:11:03.0167 5780 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:11:03.0168 5780 AdobeARMservice - ok
10:11:03.0174 5780 [ 132190688D8E51D61F88A150D7DF9FB4 ] adp3132 C:\Windows\system32\drivers\adp3132.sys
10:11:03.0176 5780 adp3132 - ok
10:11:03.0184 5780 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:11:03.0187 5780 adp94xx - ok
10:11:03.0192 5780 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:11:03.0195 5780 adpahci - ok
10:11:03.0199 5780 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:11:03.0200 5780 adpu320 - ok
10:11:03.0205 5780 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:11:03.0206 5780 AeLookupSvc - ok
10:11:03.0210 5780 [ B794DD8ACC5CC76177156463DAB4BEBB ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
10:11:03.0213 5780 afcdp - ok
10:11:03.0238 5780 [ 50BD54F16710AE4AEF88D57E63ECFEF8 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
10:11:03.0257 5780 afcdpsrv - ok
10:11:03.0263 5780 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:11:03.0265 5780 AFD - ok
10:11:03.0267 5780 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:11:03.0268 5780 agp440 - ok
10:11:03.0272 5780 [ AF53917D9741A84627FA689EA622558A ] ahcix64s C:\Windows\system32\drivers\ahcix64s.sys
10:11:03.0274 5780 ahcix64s - ok
10:11:03.0276 5780 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:11:03.0277 5780 ALG - ok
10:11:03.0279 5780 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:11:03.0279 5780 aliide - ok
10:11:03.0283 5780 [ 812349D328EB406815183A5D17B49E7C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:11:03.0284 5780 AMD External Events Utility - ok
10:11:03.0287 5780 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:11:03.0287 5780 amdide - ok
10:11:03.0289 5780 [ D52A2E98C5EEFF88CED28793B6B04D84 ] amdide64 C:\Windows\system32\drivers\amdide64.sys
10:11:03.0289 5780 amdide64 - ok
10:11:03.0292 5780 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:11:03.0292 5780 AmdK8 - ok
10:11:03.0410 5780 [ 0415FFE1B6A6EA141FEAFCA57567F57F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:11:03.0494 5780 amdkmdag - ok
10:11:03.0501 5780 [ DC24D6F38F17C0D643D9AA8A6852F8D0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:11:03.0504 5780 amdkmdap - ok
10:11:03.0506 5780 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:11:03.0507 5780 AmdPPM - ok
10:11:03.0509 5780 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:11:03.0510 5780 amdsata - ok
10:11:03.0513 5780 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:11:03.0514 5780 amdsbs - ok
10:11:03.0516 5780 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:11:03.0517 5780 amdxata - ok
10:11:03.0520 5780 [ 2FBB00A7616106B95104574C6CD640C2 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys
10:11:03.0520 5780 amd_sata - ok
10:11:03.0523 5780 [ 87D0D7645CB0D53220649BD5FE15D93E ] amd_xata C:\Windows\system32\drivers\amd_xata.sys
10:11:03.0523 5780 amd_xata - ok
10:11:03.0526 5780 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:11:03.0526 5780 AppID - ok
10:11:03.0528 5780 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:11:03.0528 5780 AppIDSvc - ok
10:11:03.0531 5780 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:11:03.0532 5780 Appinfo - ok
10:11:03.0536 5780 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:11:03.0537 5780 Apple Mobile Device - ok
10:11:03.0540 5780 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:11:03.0541 5780 AppMgmt - ok
10:11:03.0544 5780 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
10:11:03.0544 5780 arc - ok
10:11:03.0547 5780 [ 46E8C3EB03224A1E55C6F0C100A9D2CC ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:11:03.0548 5780 arcsas - ok
10:11:03.0560 5780 [ FB03A917C1294D3E6D671F24722E1BA3 ] asComSvc C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
10:11:03.0567 5780 asComSvc - ok
10:11:03.0576 5780 [ A63173897EA1A73A75D0E65036DE5B15 ] asHmComSvc C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
10:11:03.0582 5780 asHmComSvc - ok
10:11:03.0604 5780 [ FEF9DD9EA587F8886ADE43C1BEFBDAFE ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
10:11:03.0604 5780 AsIO - ok
10:11:03.0607 5780 [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3 C:\Windows\system32\drivers\asmthub3.sys
10:11:03.0607 5780 asmthub3 - ok
10:11:03.0612 5780 [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci C:\Windows\system32\drivers\asmtxhci.sys
10:11:03.0615 5780 asmtxhci - ok
10:11:03.0622 5780 [ 5C31DFB196CB3A488A041881634D86D2 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
10:11:03.0627 5780 AsSysCtrlService - ok
10:11:03.0629 5780 [ 1392B92179B07B672720763D9B1028A5 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
10:11:03.0630 5780 AsUpIO - ok
10:11:03.0633 5780 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:11:03.0633 5780 AsyncMac - ok
10:11:03.0636 5780 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:11:03.0636 5780 atapi - ok
10:11:03.0638 5780 [ AAAE03F8EDA817EC28C5445193EA8BF3 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
10:11:03.0638 5780 AthBTPort - ok
10:11:03.0641 5780 [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys
10:11:03.0641 5780 ATHDFU - ok
10:11:03.0644 5780 [ C34B28D6285EAD94B3A2FABA84E90DA5 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
10:11:03.0645 5780 AtherosSvc - ok
10:11:03.0655 5780 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:11:03.0658 5780 AudioEndpointBuilder - ok
10:11:03.0666 5780 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:11:03.0669 5780 AudioSrv - ok
10:11:03.0671 5780 [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject C:\Windows\system32\drivers\avmeject.sys
10:11:03.0672 5780 avmeject - ok
10:11:03.0676 5780 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:11:03.0676 5780 AxInstSV - ok
10:11:03.0685 5780 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:11:03.0690 5780 b06bdrv - ok
10:11:03.0694 5780 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:11:03.0696 5780 b57nd60a - ok
10:11:03.0699 5780 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:11:03.0700 5780 BDESVC - ok
10:11:03.0703 5780 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:11:03.0703 5780 Beep - ok
10:11:03.0705 5780 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:11:03.0706 5780 blbdrive - ok
10:11:03.0711 5780 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:11:03.0714 5780 Bonjour Service - ok
10:11:03.0717 5780 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:11:03.0717 5780 bowser - ok
10:11:03.0720 5780 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:11:03.0720 5780 BrFiltLo - ok
10:11:03.0722 5780 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:11:03.0722 5780 BrFiltUp - ok
10:11:03.0726 5780 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:11:03.0726 5780 Browser - ok
10:11:03.0730 5780 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:11:03.0732 5780 Brserid - ok
10:11:03.0735 5780 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:11:03.0735 5780 BrSerWdm - ok
10:11:03.0737 5780 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:11:03.0738 5780 BrUsbMdm - ok
10:11:03.0740 5780 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:11:03.0740 5780 BrUsbSer - ok
10:11:03.0745 5780 [ 3B1B573371B206D1D5F25E0EF5FCD6D6 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
10:11:03.0748 5780 BTATH_A2DP - ok
10:11:03.0751 5780 [ 2D0446336D9DB55A742B999EC16ADF15 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
10:11:03.0752 5780 BTATH_BUS - ok
10:11:03.0755 5780 [ 9A9694BBEB2849EAF95DFFCAE5DF02AD ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
10:11:03.0756 5780 BTATH_HCRP - ok
10:11:03.0758 5780 [ FC0A8075DDF2E9C66267AEC91E0676F9 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
10:11:03.0759 5780 BTATH_LWFLT - ok
10:11:03.0762 5780 [ 5EB4815CBDDBA4541F2380DAE6E269AB ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
10:11:03.0763 5780 BTATH_RCP - ok
10:11:03.0768 5780 [ 0ECEDE7B33CFD9A52A61220ABBD09A50 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
10:11:03.0770 5780 BtFilter - ok
10:11:03.0772 5780 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:11:03.0773 5780 BthEnum - ok
10:11:03.0775 5780 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:11:03.0775 5780 BTHMODEM - ok
10:11:03.0778 5780 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:11:03.0779 5780 BthPan - ok
10:11:03.0785 5780 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:11:03.0788 5780 BTHPORT - ok
10:11:03.0791 5780 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:11:03.0791 5780 bthserv - ok
10:11:03.0794 5780 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:11:03.0794 5780 BTHUSB - ok
10:11:03.0797 5780 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:11:03.0798 5780 cdfs - ok
10:11:03.0801 5780 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:11:03.0802 5780 cdrom - ok
10:11:03.0804 5780 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:11:03.0805 5780 CertPropSvc - ok
10:11:03.0807 5780 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
10:11:03.0807 5780 circlass - ok
10:11:03.0809 5780 [ FF60401F1C659CA2ED4BAE85D3FD14DA ] CISVC C:\Windows\system32\CISVC.EXE
10:11:03.0810 5780 CISVC - ok
10:11:03.0815 5780 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:11:03.0816 5780 CLFS - ok
10:11:03.0824 5780 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:11:03.0824 5780 clr_optimization_v2.0.50727_32 - ok
10:11:03.0830 5780 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:11:03.0831 5780 clr_optimization_v2.0.50727_64 - ok
10:11:03.0837 5780 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:11:03.0838 5780 clr_optimization_v4.0.30319_32 - ok
10:11:03.0844 5780 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:11:03.0846 5780 clr_optimization_v4.0.30319_64 - ok
10:11:03.0849 5780 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:11:03.0849 5780 CmBatt - ok
10:11:03.0852 5780 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:11:03.0852 5780 cmdide - ok
10:11:03.0866 5780 [ ADDEC51C9ECC4C876E7B51E3B19B1B00 ] cmudaxp C:\Windows\system32\drivers\cmudaxp.sys
10:11:03.0875 5780 cmudaxp - ok
10:11:03.0881 5780 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:11:03.0883 5780 CNG - ok
10:11:03.0886 5780 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:11:03.0886 5780 Compbatt - ok
10:11:03.0889 5780 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:11:03.0889 5780 CompositeBus - ok
10:11:03.0891 5780 COMSysApp - ok
10:11:03.0895 5780 cpudrv64 - ok
10:11:03.0897 5780 cpuz130 - ok
10:11:03.0900 5780 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:11:03.0901 5780 crcdisk - ok
10:11:03.0905 5780 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:11:03.0906 5780 CryptSvc - ok
10:11:03.0913 5780 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:11:03.0915 5780 CSC - ok
10:11:03.0923 5780 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:11:03.0926 5780 CscService - ok
10:11:03.0929 5780 [ B72CF8A0162D285BDA589ECECB8F10EE ] cxbu0x64 C:\Windows\system32\DRIVERS\cxbu0x64.sys
10:11:03.0930 5780 cxbu0x64 - ok
10:11:03.0933 5780 [ 7F61FBE259C18666D8DDF862F13A5EB0 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
10:11:03.0933 5780 dc3d - ok
10:11:03.0941 5780 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:11:03.0943 5780 DcomLaunch - ok
10:11:03.0948 5780 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:11:03.0949 5780 defragsvc - ok
10:11:03.0953 5780 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:11:03.0953 5780 DfsC - ok
10:11:03.0958 5780 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:11:03.0959 5780 Dhcp - ok
10:11:03.0962 5780 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:11:03.0963 5780 discache - ok
10:11:03.0965 5780 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
10:11:03.0966 5780 Disk - ok
10:11:03.0968 5780 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:11:03.0969 5780 dmvsc - ok
10:11:03.0972 5780 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:11:03.0973 5780 Dnscache - ok
10:11:03.0977 5780 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:11:03.0978 5780 dot3svc - ok
10:11:03.0982 5780 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:11:03.0983 5780 DPS - ok
10:11:03.0985 5780 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:11:03.0986 5780 drmkaud - ok
10:11:03.0990 5780 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:11:03.0991 5780 dtsoftbus01 - ok
10:11:04.0003 5780 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:11:04.0007 5780 DXGKrnl - ok
10:11:04.0010 5780 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:11:04.0011 5780 EapHost - ok
10:11:04.0042 5780 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:11:04.0062 5780 ebdrv - ok
10:11:04.0065 5780 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:11:04.0065 5780 EFS - ok
10:11:04.0073 5780 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:11:04.0075 5780 ehRecvr - ok
10:11:04.0078 5780 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:11:04.0079 5780 ehSched - ok
10:11:04.0101 5780 [ 2E5EE71A2643D81B94D90B02A2EC4E4A ] ekey bit service C:\Windows\SysWOW64\ekeybits.exe
10:11:04.0102 5780 ekey bit service - ok
10:11:04.0108 5780 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:11:04.0111 5780 elxstor - ok
10:11:04.0114 5780 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:11:04.0114 5780 ErrDev - ok
10:11:04.0117 5780 [ 3663291D0D26001A2BB67678AB61D14C ] EtronHub3 C:\Windows\System32\Drivers\EtronHub3.sys
10:11:04.0118 5780 EtronHub3 - ok
10:11:04.0121 5780 [ 744420D6C062C38F7361870F010D6D4B ] EtronXHCI C:\Windows\System32\Drivers\EtronXHCI.sys
10:11:04.0122 5780 EtronXHCI - ok
10:11:04.0129 5780 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:11:04.0130 5780 EventSystem - ok
10:11:04.0134 5780 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:11:04.0135 5780 exfat - ok
10:11:04.0145 5780 [ 86B0FBC17425B0A00D431B3C8F4D2F9D ] Ext2Fsd C:\Windows\system32\drivers\Ext2Fsd.sys
10:11:04.0152 5780 Ext2Fsd - ok
10:11:04.0156 5780 Fabs - ok
10:11:04.0160 5780 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:11:04.0161 5780 fastfat - ok
10:11:04.0168 5780 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:11:04.0171 5780 Fax - ok
10:11:04.0174 5780 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
10:11:04.0175 5780 fdc - ok
10:11:04.0178 5780 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:11:04.0178 5780 fdPHost - ok
10:11:04.0180 5780 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:11:04.0181 5780 FDResPub - ok
10:11:04.0183 5780 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:11:04.0184 5780 FileInfo - ok
10:11:04.0187 5780 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:11:04.0187 5780 Filetrace - ok
10:11:04.0206 5780 [ 5BD96D8C5411ACE71A7EAACAF0EF2903 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
10:11:04.0221 5780 FirebirdServerMAGIXInstance - ok
10:11:04.0230 5780 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:11:04.0236 5780 FLEXnet Licensing Service - ok
10:11:04.0238 5780 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:11:04.0239 5780 flpydisk - ok
10:11:04.0243 5780 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:11:04.0244 5780 FltMgr - ok
10:11:04.0249 5780 [ D4463A74E1BFBF3FB9B4FC6CF5390152 ] fltsrv C:\Windows\system32\DRIVERS\fltsrv.sys
10:11:04.0250 5780 fltsrv - ok
10:11:04.0253 5780 [ E35F19855192D025DA41E8DFA318206A ] FLxHCIc C:\Windows\system32\drivers\FLxHCIc.sys
10:11:04.0254 5780 FLxHCIc - ok
10:11:04.0256 5780 [ BBBD5D42D8CB3AD0F43F7BC4DB92EB5E ] FLxHCIh C:\Windows\system32\drivers\FLxHCIh.sys
10:11:04.0256 5780 FLxHCIh - ok
10:11:04.0269 5780 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:11:04.0273 5780 FontCache - ok
10:11:04.0276 5780 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:11:04.0276 5780 FontCache3.0.0.0 - ok
10:11:04.0279 5780 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:11:04.0279 5780 FsDepends - ok
10:11:04.0282 5780 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
10:11:04.0282 5780 fssfltr - ok
10:11:04.0294 5780 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:11:04.0302 5780 fsssvc - ok
10:11:04.0305 5780 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:11:04.0305 5780 Fs_Rec - ok
10:11:04.0308 5780 [ ED07200CFF78FACFB66EBB0B89F503A4 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
10:11:04.0308 5780 FTDIBUS - ok
10:11:04.0311 5780 [ 9980E7584484A009E77E9BFA14C0C18A ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
10:11:04.0312 5780 FTSER2K - ok
10:11:04.0316 5780 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:11:04.0317 5780 fvevol - ok
10:11:04.0325 5780 [ 444534CBA693DD23C1CC589681E01656 ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys
10:11:04.0329 5780 FWLANUSB - ok
10:11:04.0332 5780 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:11:04.0332 5780 gagp30kx - ok
10:11:04.0335 5780 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:11:04.0335 5780 GEARAspiWDM - ok
10:11:04.0338 5780 [ 6D1180296D2B3CBDC9D29B035479259C ] GemCCID C:\Windows\system32\Drivers\GemCCID.sys
10:11:04.0339 5780 GemCCID - ok
10:11:04.0340 5780 GLCKIO - ok
10:11:04.0350 5780 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:11:04.0353 5780 gpsvc - ok
10:11:04.0356 5780 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:11:04.0357 5780 gusvc - ok
10:11:04.0360 5780 [ 27767608C58C328CE854810A02FD80D1 ] hcmon C:\Windows\system32\drivers\hcmon.sys
10:11:04.0360 5780 hcmon - ok
10:11:04.0363 5780 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:11:04.0363 5780 hcw85cir - ok
10:11:04.0368 5780 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:11:04.0370 5780 HdAudAddService - ok
10:11:04.0373 5780 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:11:04.0374 5780 HDAudBus - ok
10:11:04.0376 5780 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:11:04.0377 5780 HidBatt - ok
10:11:04.0379 5780 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:11:04.0380 5780 HidBth - ok
10:11:04.0382 5780 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:11:04.0382 5780 HidIr - ok
10:11:04.0385 5780 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:11:04.0385 5780 hidserv - ok
10:11:04.0388 5780 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:11:04.0388 5780 HidUsb - ok
10:11:04.0391 5780 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:11:04.0391 5780 hkmsvc - ok
10:11:04.0395 5780 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:11:04.0397 5780 HomeGroupListener - ok
10:11:04.0401 5780 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:11:04.0402 5780 HomeGroupProvider - ok
10:11:04.0405 5780 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:11:04.0405 5780 HpSAMD - ok
10:11:04.0414 5780 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:11:04.0416 5780 HTTP - ok
10:11:04.0420 5780 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:11:04.0420 5780 hwpolicy - ok
10:11:04.0423 5780 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:11:04.0424 5780 i8042prt - ok
10:11:04.0431 5780 [ 26CF4275034214ECEDD8EC17B0A18A99 ] iaStor C:\Windows\system32\drivers\iaStor.sys
10:11:04.0433 5780 iaStor - ok
10:11:04.0436 5780 [ E79A8E33BD136D14BAE1FA20EB2EF124 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:11:04.0437 5780 IAStorDataMgrSvc - ok
10:11:04.0441 5780 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:11:04.0444 5780 iaStorV - ok
10:11:04.0447 5780 [ C1010ADD3DDAE1196ED21057AF7B2AAE ] ICCWDT C:\Windows\system32\DRIVERS\ICCWDT.sys
10:11:04.0447 5780 ICCWDT - ok
10:11:04.0455 5780 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:11:04.0458 5780 idsvc - ok
10:11:04.0461 5780 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:11:04.0461 5780 iirsp - ok
10:11:04.0471 5780 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:11:04.0474 5780 IKEEXT - ok
10:11:04.0478 5780 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys
10:11:04.0479 5780 Impcd - ok
10:11:04.0509 5780 [ 26407A11D7E222AFB7CE32700ABBD9D1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:11:04.0530 5780 IntcAzAudAddService - ok
10:11:04.0533 5780 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:11:04.0533 5780 intelide - ok
10:11:04.0537 5780 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:11:04.0537 5780 intelppm - ok
10:11:04.0540 5780 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:11:04.0541 5780 IPBusEnum - ok
10:11:04.0543 5780 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:11:04.0544 5780 IpFilterDriver - ok
10:11:04.0547 5780 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:11:04.0547 5780 IPMIDRV - ok
10:11:04.0550 5780 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:11:04.0551 5780 IPNAT - ok
10:11:04.0560 5780 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:11:04.0565 5780 iPod Service - ok
10:11:04.0568 5780 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:11:04.0568 5780 IRENUM - ok
10:11:04.0572 5780 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:11:04.0572 5780 isapnp - ok
10:11:04.0574 5780 [ AC45D94185CF67267D06BF2F45E9E31E ] ISASerial C:\Windows\system32\drivers\ISASerial.sys
10:11:04.0575 5780 ISASerial - ok
10:11:04.0578 5780 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:11:04.0580 5780 iScsiPrt - ok
10:11:04.0583 5780 [ 50DE7DD7EDB1B512B13666588AEFBF6F ] JRAID C:\Windows\system32\drivers\jraid.sys
10:11:04.0584 5780 JRAID - ok
10:11:04.0587 5780 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:11:04.0588 5780 kbdclass - ok
10:11:04.0590 5780 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:11:04.0590 5780 kbdhid - ok
10:11:04.0592 5780 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:11:04.0593 5780 KeyIso - ok
10:11:04.0595 5780 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:11:04.0596 5780 KSecDD - ok
10:11:04.0599 5780 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:11:04.0599 5780 KSecPkg - ok
10:11:04.0603 5780 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:11:04.0603 5780 ksthunk - ok
10:11:04.0608 5780 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:11:04.0610 5780 KtmRm - ok
10:11:04.0615 5780 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:11:04.0616 5780 LanmanServer - ok
10:11:04.0620 5780 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:11:04.0622 5780 LanmanWorkstation - ok
10:11:04.0627 5780 [ 4ADC135F525D38A498F83B089228CC2D ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
10:11:04.0629 5780 LBTServ - ok
10:11:04.0633 5780 [ 24E09882BA51B9830AE029888A3AAF18 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:11:04.0634 5780 LHidFilt - ok
10:11:04.0637 5780 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:11:04.0638 5780 lltdio - ok
10:11:04.0642 5780 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:11:04.0644 5780 lltdsvc - ok
10:11:04.0646 5780 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:11:04.0647 5780 lmhosts - ok
10:11:04.0649 5780 [ 2F94325D8C10E2B715F3D753C2422AAC ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:11:04.0649 5780 LMouFilt - ok
10:11:04.0654 5780 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:11:04.0654 5780 LSI_FC - ok
10:11:04.0657 5780 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:11:04.0657 5780 LSI_SAS - ok
10:11:04.0660 5780 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:11:04.0660 5780 LSI_SAS2 - ok
10:11:04.0664 5780 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:11:04.0664 5780 LSI_SCSI - ok
10:11:04.0667 5780 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:11:04.0667 5780 luafv - ok
10:11:04.0670 5780 [ 4A503882318BB2F59218D401614E6AF6 ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys
10:11:04.0670 5780 lvpepf64 - ok
10:11:04.0672 5780 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:11:04.0672 5780 LVPr2M64 - ok
10:11:04.0674 5780 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
10:11:04.0674 5780 LVPr2Mon - ok
10:11:04.0678 5780 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
10:11:04.0680 5780 LVPrcS64 - ok
10:11:04.0684 5780 [ 125AE13C293889001B8456CF3EB04A40 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
10:11:04.0686 5780 LVRS64 - ok
10:11:04.0689 5780 [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
10:11:04.0690 5780 LVUSBS64 - ok
10:11:04.0692 5780 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:11:04.0692 5780 MBAMProtector - ok
10:11:04.0697 5780 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:11:04.0699 5780 MBAMScheduler - ok
10:11:04.0706 5780 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:11:04.0710 5780 MBAMService - ok
10:11:04.0713 5780 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:11:04.0714 5780 Mcx2Svc - ok
10:11:04.0716 5780 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
10:11:04.0717 5780 megasas - ok
10:11:04.0722 5780 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:11:04.0724 5780 MegaSR - ok
10:11:04.0730 5780 Microsoft SharePoint Workspace Audit Service - ok
10:11:04.0733 5780 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:11:04.0734 5780 MMCSS - ok
10:11:04.0737 5780 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:11:04.0737 5780 Modem - ok
10:11:04.0739 5780 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:11:04.0739 5780 monitor - ok
10:11:04.0742 5780 [ 95314C3A08589471983C2C8173F23CDA ] MonitorFunction C:\Windows\system32\DRIVERS\TVMonitor.sys
10:11:04.0742 5780 MonitorFunction - ok
10:11:04.0744 5780 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:11:04.0744 5780 mouclass - ok
10:11:04.0746 5780 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:11:04.0747 5780 mouhid - ok
10:11:04.0749 5780 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:11:04.0750 5780 mountmgr - ok
10:11:04.0755 5780 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
10:11:04.0756 5780 MpFilter - ok
10:11:04.0759 5780 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:11:04.0761 5780 mpio - ok
10:11:04.0763 5780 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:11:04.0763 5780 mpsdrv - ok
10:11:04.0767 5780 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
10:11:04.0768 5780 MQAC - ok
10:11:04.0771 5780 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:11:04.0772 5780 MRxDAV - ok
10:11:04.0775 5780 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:11:04.0776 5780 mrxsmb - ok
10:11:04.0780 5780 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:11:04.0781 5780 mrxsmb10 - ok
10:11:04.0784 5780 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:11:04.0785 5780 mrxsmb20 - ok
10:11:04.0788 5780 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:11:04.0788 5780 msahci - ok
10:11:04.0791 5780 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:11:04.0792 5780 msdsm - ok
10:11:04.0795 5780 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:11:04.0796 5780 MSDTC - ok
10:11:04.0800 5780 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:11:04.0800 5780 Msfs - ok
10:11:04.0803 5780 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:11:04.0803 5780 mshidkmdf - ok
10:11:04.0805 5780 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:11:04.0805 5780 msisadrv - ok
10:11:04.0810 5780 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:11:04.0811 5780 MSiSCSI - ok
10:11:04.0812 5780 msiserver - ok
10:11:04.0815 5780 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:11:04.0815 5780 MSKSSRV - ok
10:11:04.0817 5780 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
10:11:04.0818 5780 MSMQ - ok
10:11:04.0820 5780 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:11:04.0820 5780 MSPCLOCK - ok
10:11:04.0822 5780 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:11:04.0822 5780 MSPQM - ok
10:11:04.0827 5780 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:11:04.0828 5780 MsRPC - ok
10:11:04.0831 5780 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:11:04.0832 5780 mssmbios - ok
10:11:04.0834 5780 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:11:04.0834 5780 MSTEE - ok
10:11:04.0837 5780 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:11:04.0838 5780 MTConfig - ok
10:11:04.0839 5780 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\drivers\ASACPI.sys
10:11:04.0840 5780 MTsensor - ok
10:11:04.0842 5780 [ 07AD6825D5C658595CAB7F8F5849401C ] MtsHID C:\Windows\system32\drivers\MtsHID.sys
10:11:04.0842 5780 MtsHID - ok
10:11:04.0844 5780 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:11:04.0845 5780 Mup - ok
10:11:04.0847 5780 [ BAA293F089077FE71F855BA5649648D9 ] mv91cons C:\Windows\system32\drivers\mv91cons.sys
10:11:04.0847 5780 mv91cons - ok
10:11:04.0852 5780 [ A986DC81534582FA478C286E8F57A877 ] mvs91xx C:\Windows\system32\drivers\mvs91xx.sys
10:11:04.0854 5780 mvs91xx - ok
10:11:04.0861 5780 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:11:04.0863 5780 napagent - ok
10:11:04.0868 5780 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:11:04.0869 5780 NativeWifiP - ok
10:11:04.0877 5780 [ 13AA2130F2A104DD775EAD0F0EE5417B ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
10:11:04.0882 5780 NAUpdate - ok
10:11:04.0890 5780 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:11:04.0894 5780 NDIS - ok
10:11:04.0896 5780 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:11:04.0897 5780 NdisCap - ok
10:11:04.0899 5780 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:11:04.0899 5780 NdisTapi - ok
10:11:04.0902 5780 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:11:04.0903 5780 Ndisuio - ok
10:11:04.0907 5780 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:11:04.0908 5780 NdisWan - ok
10:11:04.0910 5780 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:11:04.0910 5780 NDProxy - ok
10:11:04.0913 5780 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:11:04.0913 5780 NetBIOS - ok
10:11:04.0917 5780 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:11:04.0918 5780 NetBT - ok
10:11:04.0920 5780 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:11:04.0921 5780 Netlogon - ok
10:11:04.0926 5780 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:11:04.0928 5780 Netman - ok
10:11:04.0934 5780 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:11:04.0937 5780 netprofm - ok
10:11:04.0946 5780 [ C9E9017AC2291E96ED3376B72BC7CF8D ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
10:11:04.0952 5780 netr28ux - ok
10:11:04.0955 5780 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:11:04.0956 5780 NetTcpPortSharing - ok
10:11:04.0959 5780 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:11:04.0960 5780 nfrd960 - ok
10:11:04.0962 5780 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:11:04.0963 5780 NisDrv - ok
10:11:04.0968 5780 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
10:11:04.0970 5780 NisSrv - ok
10:11:04.0975 5780 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:11:04.0976 5780 NlaSvc - ok
10:11:05.0000 5780 [ B1EF4686961986DFFB7FE8F18E6FCB5B ] nlsX86cc C:\Windows\SysWOW64\nlssrv32.exe
10:11:05.0002 5780 nlsX86cc - ok
10:11:05.0004 5780 NmPar - ok
10:11:05.0008 5780 nmserial - ok
10:11:05.0011 5780 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:11:05.0011 5780 Npfs - ok
10:11:05.0013 5780 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:11:05.0014 5780 nsi - ok
10:11:05.0016 5780 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:11:05.0017 5780 nsiproxy - ok
10:11:05.0036 5780 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:11:05.0042 5780 Ntfs - ok
10:11:05.0045 5780 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
10:11:05.0046 5780 NuidFltr - ok
10:11:05.0048 5780 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:11:05.0048 5780 Null - ok
10:11:05.0050 5780 [ 01266516E6E88D183A2B58722EEB4443 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:11:05.0051 5780 nusb3hub - ok
10:11:05.0055 5780 [ 5EC04F55CC5F165F21752712437DF638 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:11:05.0056 5780 nusb3xhc - ok
10:11:05.0059 5780 [ 7FD5C060CB907489A5702F628226F54A ] nvamacpi C:\Windows\system32\drivers\NVAMACPI.sys
10:11:05.0059 5780 nvamacpi - ok
10:11:05.0062 5780 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:11:05.0063 5780 nvraid - ok
10:11:05.0067 5780 [ 694F5E9D9D624D47F432F5B2E66A0528 ] nvrd64 C:\Windows\system32\drivers\nvrd64.sys
10:11:05.0068 5780 nvrd64 - ok
10:11:05.0070 5780 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\drivers\nvsmu.sys
10:11:05.0071 5780 nvsmu - ok
10:11:05.0074 5780 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:11:05.0075 5780 nvstor - ok
10:11:05.0079 5780 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\drivers\nvstor64.sys
10:11:05.0080 5780 nvstor64 - ok
10:11:05.0083 5780 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:11:05.0084 5780 nv_agp - ok
10:11:05.0091 5780 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:11:05.0093 5780 odserv - ok
10:11:05.0096 5780 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:11:05.0098 5780 ohci1394 - ok
10:11:05.0101 5780 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:11:05.0102 5780 ose - ok
10:11:05.0151 5780 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:11:05.0186 5780 osppsvc - ok
10:11:05.0191 5780 [ 607A26E10AE99558C80C4B097AE57B48 ] OxPCIeSer C:\Windows\system32\drivers\OxPCIeSer.sys
10:11:05.0191 5780 OxPCIeSer - ok
10:11:05.0196 5780 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:11:05.0198 5780 p2pimsvc - ok
10:11:05.0204 5780 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:11:05.0206 5780 p2psvc - ok
10:11:05.0209 5780 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
10:11:05.0210 5780 Parport - ok
10:11:05.0213 5780 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:11:05.0213 5780 partmgr - ok
10:11:05.0217 5780 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:11:05.0219 5780 PcaSvc - ok
10:11:05.0222 5780 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:11:05.0223 5780 pci - ok
10:11:05.0226 5780 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:11:05.0226 5780 pciide - ok
10:11:05.0229 5780 [ D7C203015E2C2A2EAC8DACEF156D8DC3 ] PciIsaSerial C:\Windows\system32\drivers\PciIsaSerial.sys
10:11:05.0229 5780 PciIsaSerial - ok
10:11:05.0232 5780 [ 088B509B2F35A3CEE00AC0E0BC4C5BED ] PciPPorts C:\Windows\system32\drivers\PciPPorts.sys
10:11:05.0233 5780 PciPPorts - ok
10:11:05.0236 5780 [ 7F97CDD5E91FC73DA2B01344957AA058 ] PciSPorts C:\Windows\system32\drivers\PciSPorts.sys
10:11:05.0237 5780 PciSPorts - ok
10:11:05.0240 5780 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:11:05.0242 5780 pcmcia - ok
10:11:05.0245 5780 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:11:05.0245 5780 pcw - ok
10:11:05.0253 5780 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:11:05.0255 5780 PEAUTH - ok
10:11:05.0270 5780 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:11:05.0275 5780 PeerDistSvc - ok
10:11:05.0279 5780 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:11:05.0280 5780 PerfHost - ok
10:11:05.0302 5780 [ AE0B94363DA0F60D42B9D05B352F61ED ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
10:11:05.0316 5780 PID_PEPI - ok
10:11:05.0329 5780 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:11:05.0335 5780 pla - ok
10:11:05.0341 5780 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:11:05.0343 5780 PlugPlay - ok
10:11:05.0346 5780 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:11:05.0346 5780 PNRPAutoReg - ok
10:11:05.0351 5780 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:11:05.0353 5780 PNRPsvc - ok
10:11:05.0355 5780 [ 33328FA8A580885AB0065BE6DB266E9F ] Point64 C:\Windows\system32\DRIVERS\point64.sys
10:11:05.0356 5780 Point64 - ok
10:11:05.0363 5780 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:11:05.0365 5780 PolicyAgent - ok
10:11:05.0370 5780 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:11:05.0372 5780 Power - ok
10:11:05.0375 5780 [ 14C04684A25C221EBE2105D169B4B6FF ] PPorts C:\Windows\system32\drivers\PPorts.sys
10:11:05.0375 5780 PPorts - ok
10:11:05.0378 5780 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:11:05.0379 5780 PptpMiniport - ok
10:11:05.0381 5780 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
10:11:05.0382 5780 Processor - ok
10:11:05.0385 5780 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:11:05.0386 5780 ProfSvc - ok
10:11:05.0389 5780 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:11:05.0389 5780 ProtectedStorage - ok
10:11:05.0392 5780 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:11:05.0393 5780 Psched - ok
10:11:05.0395 5780 [ 6391A2CB8D1EB7E70FC4AE45B4CEBED7 ] PsShutdownSvc C:\Windows\PSSDNSVC.EXE
10:11:05.0395 5780 PsShutdownSvc - ok
10:11:05.0399 5780 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
10:11:05.0399 5780 PxHlpa64 - ok
10:11:05.0412 5780 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:11:05.0420 5780 ql2300 - ok
10:11:05.0423 5780 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:11:05.0425 5780 ql40xx - ok
10:11:05.0429 5780 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:11:05.0430 5780 QWAVE - ok
10:11:05.0433 5780 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:11:05.0433 5780 QWAVEdrv - ok
10:11:05.0435 5780 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:11:05.0436 5780 RasAcd - ok
10:11:05.0438 5780 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:11:05.0439 5780 RasAgileVpn - ok
10:11:05.0441 5780 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:11:05.0442 5780 RasAuto - ok
10:11:05.0445 5780 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:11:05.0446 5780 Rasl2tp - ok
10:11:05.0452 5780 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:11:05.0454 5780 RasMan - ok
10:11:05.0456 5780 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:11:05.0457 5780 RasPppoe - ok
10:11:05.0459 5780 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:11:05.0460 5780 RasSstp - ok
10:11:05.0464 5780 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:11:05.0465 5780 rdbss - ok
10:11:05.0468 5780 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:11:05.0468 5780 rdpbus - ok
10:11:05.0470 5780 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:11:05.0470 5780 RDPCDD - ok
10:11:05.0474 5780 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:11:05.0475 5780 RDPDR - ok
10:11:05.0477 5780 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:11:05.0477 5780 RDPENCDD - ok
10:11:05.0480 5780 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:11:05.0480 5780 RDPREFMP - ok
10:11:05.0484 5780 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:11:05.0485 5780 RDPWD - ok
10:11:05.0488 5780 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:11:05.0489 5780 rdyboost - ok
10:11:05.0493 5780 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:11:05.0493 5780 RemoteAccess - ok
10:11:05.0497 5780 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:11:05.0498 5780 RemoteRegistry - ok
10:11:05.0501 5780 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:11:05.0502 5780 RFCOMM - ok
10:11:05.0505 5780 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:11:05.0506 5780 RpcEptMapper - ok
10:11:05.0508 5780 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:11:05.0508 5780 RpcLocator - ok
10:11:05.0514 5780 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:11:05.0517 5780 RpcSs - ok
10:11:05.0520 5780 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:11:05.0521 5780 rspndr - ok
10:11:05.0525 5780 [ C618475866F6A7129F64A55961C1BB8B ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
10:11:05.0527 5780 RTHDMIAzAudService - ok
10:11:05.0533 5780 [ 16D4E350420BAA7E63E16E3FC033E1F5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
10:11:05.0535 5780 RTL8167 - ok
10:11:05.0541 5780 [ 945AB249D12CBE044782430C6013AA1A ] RTL8187B C:\Windows\system32\DRIVERS\rtl8187B.sys
10:11:05.0544 5780 RTL8187B - ok
10:11:05.0547 5780 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:11:05.0547 5780 s3cap - ok
10:11:05.0549 5780 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:11:05.0549 5780 SamSs - ok
10:11:05.0552 5780 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:11:05.0553 5780 SASDIFSV - ok
10:11:05.0554 5780 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:11:05.0555 5780 SASKUTIL - ok
10:11:05.0557 5780 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:11:05.0558 5780 sbp2port - ok
10:11:05.0562 5780 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:11:05.0563 5780 SCardSvr - ok
10:11:05.0566 5780 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:11:05.0566 5780 scfilter - ok
10:11:05.0577 5780 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:11:05.0581 5780 Schedule - ok
10:11:05.0584 5780 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:11:05.0585 5780 SCPolicySvc - ok
10:11:05.0588 5780 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:11:05.0590 5780 SDRSVC - ok
10:11:05.0592 5780 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:11:05.0592 5780 secdrv - ok
10:11:05.0594 5780 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:11:05.0595 5780 seclogon - ok
10:11:05.0598 5780 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:11:05.0599 5780 SENS - ok
10:11:05.0601 5780 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:11:05.0602 5780 SensrSvc - ok
10:11:05.0604 5780 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:11:05.0605 5780 Serenum - ok
10:11:05.0608 5780 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:11:05.0608 5780 Serial - ok
10:11:05.0611 5780 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:11:05.0611 5780 sermouse - ok
10:11:05.0617 5780 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:11:05.0618 5780 SessionEnv - ok
10:11:05.0620 5780 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:11:05.0621 5780 sffdisk - ok
10:11:05.0623 5780 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:11:05.0623 5780 sffp_mmc - ok
10:11:05.0625 5780 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:11:05.0625 5780 sffp_sd - ok
10:11:05.0627 5780 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:11:05.0628 5780 sfloppy - ok
10:11:05.0633 5780 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:11:05.0636 5780 ShellHWDetection - ok
10:11:05.0640 5780 [ DA492C8305434EC6F9BDD60C8B83B10E ] Si3124r5 C:\Windows\system32\drivers\Si3124r5.sys
10:11:05.0642 5780 Si3124r5 - ok
10:11:05.0645 5780 [ 8D10887A1699CF61E74467694B929B09 ] SiFilter C:\Windows\system32\drivers\SiWinAcc.sys
10:11:05.0645 5780 SiFilter - ok
10:11:05.0647 5780 [ 7799106FEE728B907A86D9C9751E02D5 ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
10:11:05.0648 5780 silabenm - ok
10:11:05.0650 5780 [ 39A6F89D7EFF9B1B839570134170D859 ] silabser C:\Windows\system32\DRIVERS\silabser.sys
10:11:05.0651 5780 silabser - ok
10:11:05.0653 5780 [ 94E1EDA9A0B305A67EE1BBD0A68CE21A ] SiRemFil C:\Windows\system32\drivers\SiRemFil.sys
10:11:05.0653 5780 SiRemFil - ok
10:11:05.0655 5780 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:11:05.0656 5780 SiSRaid2 - ok
10:11:05.0658 5780 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:11:05.0659 5780 SiSRaid4 - ok
10:11:05.0663 5780 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
10:11:05.0664 5780 SkypeUpdate - ok
10:11:05.0667 5780 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:11:05.0668 5780 Smb - ok
10:11:05.0674 5780 [ F26AAD9ADFC9B62AC59A004A913C92DA ] snapman C:\Windows\system32\DRIVERS\snapman.sys
10:11:05.0676 5780 snapman - ok
10:11:05.0679 5780 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:11:05.0680 5780 SNMPTRAP - ok
10:11:05.0682 5780 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:11:05.0682 5780 spldr - ok
10:11:05.0687 5780 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:11:05.0690 5780 Spooler - ok
10:11:05.0694 5780 [ 739C2571867F351167D1D958990E9D84 ] SPorts C:\Windows\system32\drivers\SPorts.sys
10:11:05.0694 5780 SPorts - ok
10:11:05.0728 5780 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:11:05.0741 5780 sppsvc - ok
10:11:05.0744 5780 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:11:05.0745 5780 sppuinotify - ok
10:11:05.0752 5780 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:11:05.0753 5780 srv - ok
10:11:05.0759 5780 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:11:05.0761 5780 srv2 - ok
10:11:05.0764 5780 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:11:05.0765 5780 srvnet - ok
10:11:05.0769 5780 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:11:05.0770 5780 SSDPSRV - ok
10:11:05.0773 5780 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:11:05.0774 5780 SstpSvc - ok
10:11:05.0776 5780 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:11:05.0777 5780 stexstor - ok
10:11:05.0784 5780 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:11:05.0787 5780 stisvc - ok
10:11:05.0789 5780 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:11:05.0790 5780 storflt - ok
10:11:05.0792 5780 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
10:11:05.0792 5780 StorSvc - ok
10:11:05.0795 5780 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:11:05.0795 5780 storvsc - ok
10:11:05.0797 5780 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:11:05.0797 5780 swenum - ok
10:11:05.0804 5780 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:11:05.0807 5780 SwitchBoard - ok
10:11:05.0813 5780 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:11:05.0816 5780 swprv - ok
10:11:05.0858 5780 [ 10196D1696B0B18168AD7FCDB8488F60 ] syncagentsrv C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
10:11:05.0888 5780 syncagentsrv - ok
10:11:05.0907 5780 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:11:05.0914 5780 SysMain - ok
10:11:05.0917 5780 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:11:05.0918 5780 TabletInputService - ok
10:11:05.0973 5780 [ 191394B308BD7FEDB4EBB4F7F04C1339 ] TabletServiceWacom C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
10:11:06.0011 5780 TabletServiceWacom - ok
10:11:06.0017 5780 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:11:06.0019 5780 TapiSrv - ok
10:11:06.0021 5780 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:11:06.0022 5780 TBS - ok
10:11:06.0037 5780 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:11:06.0044 5780 Tcpip - ok
10:11:06.0058 5780 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:11:06.0065 5780 TCPIP6 - ok
10:11:06.0069 5780 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:11:06.0070 5780 tcpipreg - ok
10:11:06.0073 5780 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:11:06.0073 5780 TDPIPE - ok
10:11:06.0084 5780 [ 7BC43335C778370FD0040D5224D8EDEB ] tdrpman C:\Windows\system32\DRIVERS\tdrpman.sys
10:11:06.0091 5780 tdrpman - ok
10:11:06.0094 5780 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:11:06.0094 5780 TDTCP - ok
10:11:06.0097 5780 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:11:06.0097 5780 tdx - ok
10:11:06.0122 5780 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
10:11:06.0140 5780 TeamViewer7 - ok
10:11:06.0143 5780 [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
10:11:06.0143 5780 teamviewervpn - ok
10:11:06.0145 5780 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:11:06.0146 5780 TermDD - ok
10:11:06.0154 5780 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:11:06.0157 5780 TermService - ok
10:11:06.0159 5780 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:11:06.0160 5780 Themes - ok
10:11:06.0163 5780 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:11:06.0163 5780 THREADORDER - ok
10:11:06.0172 5780 [ 7D68EAB50DF8B71408B645BA8581800E ] timounter C:\Windows\system32\DRIVERS\timntr.sys
10:11:06.0177 5780 timounter - ok
10:11:06.0181 5780 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:11:06.0182 5780 TrkWks - ok
10:11:06.0186 5780 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:11:06.0186 5780 TrustedInstaller - ok
10:11:06.0190 5780 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:11:06.0190 5780 tssecsrv - ok
10:11:06.0192 5780 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:11:06.0193 5780 TsUsbFlt - ok
10:11:06.0195 5780 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:11:06.0196 5780 TsUsbGD - ok
10:11:06.0199 5780 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:11:06.0200 5780 tunnel - ok
10:11:06.0203 5780 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:11:06.0203 5780 uagp35 - ok
10:11:06.0207 5780 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:11:06.0209 5780 udfs - ok
10:11:06.0215 5780 [ D2C615D21D4C69459EF2306980FF3E39 ] ufad-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
10:11:06.0216 5780 ufad-ws60 - ok
10:11:06.0222 5780 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:11:06.0223 5780 UI0Detect - ok
10:11:06.0225 5780 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:11:06.0226 5780 uliagpkx - ok
10:11:06.0229 5780 [ 694BCF23662F97D987CF4C6739C35F8B ] UltraMonUtility C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys
10:11:06.0230 5780 UltraMonUtility - ok
10:11:06.0232 5780 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:11:06.0232 5780 umbus - ok
10:11:06.0235 5780 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:11:06.0235 5780 UmPass - ok
10:11:06.0239 5780 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:11:06.0241 5780 UmRdpService - ok
10:11:06.0245 5780 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:11:06.0247 5780 upnphost - ok
10:11:06.0250 5780 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:11:06.0251 5780 USBAAPL64 - ok
10:11:06.0254 5780 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:11:06.0254 5780 usbaudio - ok
10:11:06.0257 5780 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:11:06.0257 5780 usbccgp - ok
10:11:06.0260 5780 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:11:06.0261 5780 usbcir - ok
10:11:06.0263 5780 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:11:06.0264 5780 usbehci - ok
10:11:06.0268 5780 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:11:06.0270 5780 usbhub - ok
10:11:06.0272 5780 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:11:06.0272 5780 usbohci - ok
10:11:06.0274 5780 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:11:06.0275 5780 usbprint - ok
10:11:06.0277 5780 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:11:06.0277 5780 usbscan - ok
10:11:06.0280 5780 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:11:06.0280 5780 USBSTOR - ok
10:11:06.0282 5780 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:11:06.0283 5780 usbuhci - ok
10:11:06.0286 5780 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:11:06.0286 5780 UxSms - ok
10:11:06.0289 5780 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:11:06.0289 5780 VaultSvc - ok
10:11:06.0291 5780 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:11:06.0292 5780 vdrvroot - ok
10:11:06.0298 5780 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:11:06.0301 5780 vds - ok
10:11:06.0303 5780 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:11:06.0304 5780 vga - ok
10:11:06.0306 5780 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:11:06.0306 5780 VgaSave - ok
10:11:06.0310 5780 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:11:06.0312 5780 vhdmp - ok
10:11:06.0314 5780 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:11:06.0315 5780 viaide - ok
10:11:06.0318 5780 [ ACBCBD8421920D20F1F40B6F76A4C213 ] vididr C:\Windows\system32\DRIVERS\vididr.sys
10:11:06.0320 5780 vididr - ok
10:11:06.0323 5780 [ 905DD422D28A32FACE8AE695B3823843 ] vidsflt67 C:\Windows\system32\DRIVERS\vsflt67.sys
10:11:06.0324 5780 vidsflt67 - ok
10:11:06.0327 5780 [ E72DCA96FF461BD94CB432EB1AAB24E5 ] VMAuthdService C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
10:11:06.0328 5780 VMAuthdService - ok
10:11:06.0332 5780 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:11:06.0333 5780 vmbus - ok
10:11:06.0336 5780 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:11:06.0337 5780 VMBusHID - ok
10:11:06.0340 5780 [ 4FE1339D9E8AF0D8EC47E74240FFF98A ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
10:11:06.0340 5780 vmkbd - ok
10:11:06.0342 5780 [ B19471788066B717D3D621FBD0D7A996 ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
10:11:06.0343 5780 VMnetAdapter - ok
10:11:06.0345 5780 [ 878C11E87FA0ED9E4530CC204FC147FC ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
10:11:06.0345 5780 VMnetBridge - ok
10:11:06.0347 5780 VMnetDHCP - ok
10:11:06.0350 5780 [ F7924701B74BFF7ED608BB179D0C7BA8 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
10:11:06.0350 5780 VMnetuserif - ok
10:11:06.0356 5780 [ 7BECF16932ABBCD71627C500E31A8BE6 ] vmount2 C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
10:11:06.0358 5780 vmount2 - ok
10:11:06.0361 5780 [ 0319956F52D04F7154BF692EE95F6B9F ] vmusb C:\Windows\system32\Drivers\vmusb.sys
10:11:06.0361 5780 vmusb - ok
10:11:06.0365 5780 VMware NAT Service - ok
10:11:06.0368 5780 [ FDECD5253C93E7785F1A8A517A750986 ] vmx86 C:\Windows\system32\drivers\vmx86.sys
10:11:06.0369 5780 vmx86 - ok
10:11:06.0371 5780 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:11:06.0372 5780 volmgr - ok
10:11:06.0377 5780 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:11:06.0378 5780 volmgrx - ok
10:11:06.0382 5780 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:11:06.0384 5780 volsnap - ok
10:11:06.0388 5780 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:11:06.0389 5780 vsmraid - ok
10:11:06.0406 5780 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:11:06.0412 5780 VSS - ok
10:11:06.0416 5780 [ 27AEFA452B63AE27CAB446E8FFB64C9A ] vstor2 C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
10:11:06.0416 5780 vstor2 - ok
10:11:06.0419 5780 [ 8F30F673E9D186FA3B86868B87A8E9AC ] vstor2-ws60 C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
10:11:06.0419 5780 vstor2-ws60 - ok
10:11:06.0421 5780 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:11:06.0422 5780 vwifibus - ok
10:11:06.0424 5780 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:11:06.0425 5780 vwififlt - ok
10:11:06.0431 5780 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:11:06.0433 5780 W32Time - ok
10:11:06.0437 5780 [ FE75777289278A4941FE6139E82B3BD9 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
10:11:06.0437 5780 wacmoumonitor - ok
10:11:06.0440 5780 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
10:11:06.0440 5780 wacommousefilter - ok
10:11:06.0442 5780 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:11:06.0442 5780 WacomPen - ok
10:11:06.0444 5780 [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
10:11:06.0445 5780 wacomvhid - ok
10:11:06.0447 5780 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:11:06.0448 5780 WANARP - ok
10:11:06.0450 5780 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:11:06.0450 5780 Wanarpv6 - ok
10:11:06.0467 5780 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:11:06.0473 5780 wbengine - ok
10:11:06.0477 5780 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:11:06.0479 5780 WbioSrvc - ok
10:11:06.0483 5780 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:11:06.0486 5780 wcncsvc - ok
10:11:06.0488 5780 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:11:06.0489 5780 WcsPlugInService - ok
10:11:06.0491 5780 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
10:11:06.0492 5780 Wd - ok
10:11:06.0500 5780 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:11:06.0503 5780 Wdf01000 - ok
10:11:06.0505 5780 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:11:06.0507 5780 WdiServiceHost - ok
10:11:06.0509 5780 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:11:06.0510 5780 WdiSystemHost - ok
10:11:06.0514 5780 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:11:06.0515 5780 WebClient - ok
10:11:06.0519 5780 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:11:06.0521 5780 Wecsvc - ok
10:11:06.0523 5780 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:11:06.0524 5780 wercplsupport - ok
10:11:06.0527 5780 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:11:06.0528 5780 WerSvc - ok
10:11:06.0531 5780 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:11:06.0531 5780 WfpLwf - ok
10:11:06.0533 5780 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:11:06.0533 5780 WIMMount - ok
10:11:06.0536 5780 WinHttpAutoProxySvc - ok
10:11:06.0544 5780 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:11:06.0546 5780 Winmgmt - ok
10:11:06.0565 5780 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:11:06.0573 5780 WinRM - ok
10:11:06.0578 5780 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:11:06.0579 5780 WinUsb - ok
10:11:06.0590 5780 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:11:06.0594 5780 Wlansvc - ok
10:11:06.0598 5780 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:11:06.0599 5780 wlcrasvc - ok
10:11:06.0621 5780 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:11:06.0635 5780 wlidsvc - ok
10:11:06.0638 5780 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:11:06.0638 5780 WmiAcpi - ok
10:11:06.0643 5780 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:11:06.0644 5780 wmiApSrv - ok
10:11:06.0646 5780 WMPNetworkSvc - ok
10:11:06.0649 5780 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:11:06.0649 5780 WPCSvc - ok
10:11:06.0653 5780 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:11:06.0654 5780 WPDBusEnum - ok
10:11:06.0656 5780 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:11:06.0657 5780 ws2ifsl - ok
10:11:06.0659 5780 WSearch - ok
10:11:06.0663 5780 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:11:06.0663 5780 WudfPf - ok
10:11:06.0667 5780 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:11:06.0668 5780 WUDFRd - ok
10:11:06.0671 5780 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:11:06.0672 5780 wudfsvc - ok
10:11:06.0675 5780 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:11:06.0677 5780 WwanSvc - ok
10:11:06.0679 5780 [ 1D9D643CB69654973A0551C17312034F ] X-Rite C:\Windows\system32\DRIVERS\XrUsb64.sys
10:11:06.0680 5780 X-Rite - ok
10:11:06.0690 5780 ================ Scan global ===============================
10:11:06.0692 5780 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:11:06.0695 5780 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:11:06.0699 5780 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:11:06.0702 5780 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:11:06.0707 5780 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:11:06.0709 5780 [Global] - ok
10:11:06.0709 5780 ================ Scan MBR ==================================
10:11:06.0711 5780 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:11:06.0785 5780 \Device\Harddisk0\DR0 - ok
10:11:06.0787 5780 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
10:11:06.0812 5780 \Device\Harddisk1\DR1 - ok
10:11:06.0812 5780 ================ Scan VBR ==================================
10:11:06.0814 5780 [ E0D7BA02B823A72327460DFBF493BBEF ] \Device\Harddisk0\DR0\Partition1
10:11:06.0815 5780 \Device\Harddisk0\DR0\Partition1 - ok
10:11:06.0817 5780 [ CD7C86BD39259869635261F10C15E1A5 ] \Device\Harddisk1\DR1\Partition1
10:11:06.0817 5780 \Device\Harddisk1\DR1\Partition1 - ok
10:11:06.0818 5780 ============================================================
10:11:06.0818 5780 Scan finished
10:11:06.0818 5780 ============================================================
10:11:06.0823 4516 Detected object count: 0
10:11:06.0823 4516 Actual detected object count: 0
10:11:33.0393 4732 Deinitialize success
|
|
20.09.2012, 10:46
| #4 | |
| /// Malwareteam | Live Security Platinum hat zugschlagen - Win7 64bit Pro Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
20.09.2012, 11:15
| #5 |
| | Live Security Platinum hat zugschlagen - Win7 64bit Pro Beim Starten hat Combofix darauf aufmerksam gemacht, dass: antivirus: Microsoft Security Essentials antispyware: Microsoft Security Essentials noch geöffnet sei. Ich habe nach dem Prozess für Microsoft Security Essentials gesucht, aber nicht gefunden. Folgendes ist dann trotzdem herausgekommen: Code:
ATTFilter ComboFix 12-09-18.07 - *** 20.09.2012 11:58:12.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.16361.14281 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\dllhnter.dll.VIRUS
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-20 bis 2012-09-20 ))))))))))))))))))))))))))))))
.
.
2012-09-20 06:38 . 2012-09-20 06:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-19 23:03 . 2012-09-19 23:03 -------- d-----w- c:\program files\Enigma Software Group
2012-09-19 23:03 . 2012-09-19 23:21 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-19 23:03 . 2012-09-19 23:11 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-09-19 22:41 . 2012-09-19 23:11 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-19 22:38 . 2012-09-20 04:52 -------- d-----w- c:\programdata\225932FD02D490FB02B98E1AF875EF60
2012-09-19 22:37 . 2012-09-19 22:37 62976 ---ha-w- c:\windows\system32\dllhnter64.dll
2012-09-19 05:39 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6865CC64-29EC-4B44-B9B6-449C7A54A98D}\mpengine.dll
2012-09-17 14:33 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-15 17:48 . 2012-09-15 17:48 -------- d-----w- c:\users\***\AppData\Local\MAGIX_AG
2012-09-15 14:49 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 14:49 . 2012-09-15 14:49 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-15 14:49 . 2012-09-15 14:49 -------- d-----w- c:\program files\iTunes
2012-09-15 14:49 . 2012-09-15 14:49 -------- d-----w- c:\program files (x86)\iTunes
2012-09-15 14:49 . 2012-09-15 14:49 -------- d-----w- c:\program files\iPod
2012-09-15 14:46 . 2012-09-15 14:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-09-15 14:46 . 2012-09-15 14:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-09-15 14:46 . 2012-09-15 14:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-09-15 14:46 . 2012-09-15 14:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-09-15 14:46 . 2012-09-15 14:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-09-15 14:46 . 2012-09-15 14:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-09-15 14:46 . 2012-09-15 14:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-09-12 04:25 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:25 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:25 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:25 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:25 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 04:25 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 04:25 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 10:02 . 2012-01-25 19:10 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-19 07:55 . 2011-07-26 19:31 87616 ----a-w- c:\windows\PSSDNSVC.EXE
2012-09-12 04:26 . 2011-06-14 17:58 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-07 15:04 . 2011-11-13 15:07 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 21:37 . 2012-03-30 13:23 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-21 21:37 . 2011-06-03 14:27 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 11:01 . 2011-07-18 12:18 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2011-07-18 12:18 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-01 22:55 . 2012-08-01 22:55 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-08-01 22:55 . 2011-12-05 19:12 1294432 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-08-01 22:55 . 2012-08-01 22:55 994912 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-08-01 22:55 . 2012-08-01 22:55 211552 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-08-01 22:55 . 2012-08-01 22:55 146528 ----a-w- c:\windows\system32\drivers\vsflt67.sys
2012-08-01 22:55 . 2011-12-25 16:22 320096 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-08-01 22:55 . 2011-12-05 19:12 137312 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-07-18 18:15 . 2012-08-15 03:53 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 04:25 . 2012-07-12 04:25 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-09 11:42 . 2012-07-09 11:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 11:42 . 2012-07-09 11:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-07-07 11:27 . 2012-07-07 11:27 266632 ----a-w- c:\windows\UltraMon.scr
2012-07-06 20:07 . 2012-08-15 05:17 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-15 03:53 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 03:53 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 03:53 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 03:53 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-03 19:53 . 2012-07-03 19:53 82312 ----a-w- c:\windows\SysWow64\UltraMonHook.dll
2012-07-03 19:52 . 2012-07-03 19:52 338824 ----a-w- c:\windows\SysWow64\UltraMon.dll
2012-06-29 04:55 . 2012-08-15 05:16 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 05:16 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 05:16 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 05:16 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 05:16 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 05:16 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 05:16 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 05:16 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 05:16 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 05:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 05:16 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 05:16 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 05:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 05:16 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 05:16 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 05:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 05:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 05:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 05:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-07-19 13:40 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] .. c:\windows\SysWOW64\ctfmon.exe
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-03-31 19:45 501760 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionMDEngine"="c:\program files (x86)\ATI Technologies\HydraVision\HydraMD.exe" [2011-05-24 569344]
"USB-PwrCtrl_8&4ef7e2c&0&0000"="c:\program files (x86)\USB-PwrCtrl\USB-PwrCtrl.exe" [2007-03-04 344064]
"WistererHX"="c:\program files (x86)\Wisterer HX\WistererHX.exe" [2009-01-19 2658304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2011-7-20 1286144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
QuatoCalibrationLoader.lnk - c:\program files (x86)\Quato\iColorDisplay\QuatoCalibrationLoader.exe [2007-10-1 499712]
ScreenManager Pro for LCD Ver3.2.0.lnk - c:\program files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [2010-11-9 9114992]
UltraMon.lnk - c:\windows\Installer\{A9D0CC6D-A00D-486E-ABF3-D9A30B5143E5}\IcoUltraMon.ico [2012-7-11 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
R3 adp3132;adp3132;c:\windows\system32\drivers\adp3132.sys [2010-01-28 385072]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-08-01 367200]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-07-14 226616]
R3 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-03-04 78976]
R3 amdide64;amdide64;c:\windows\system32\drivers\amdide64.sys [2007-10-12 10632]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-03-04 126952]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-03-04 390632]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 cpuz130;cpuz130;c:\users\***\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2011-03-07 40832]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2011-03-07 65280]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [2010-04-17 108032]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [2010-04-17 44544]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 460800]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 119680]
R3 GLCKIO;GLCKIO;c:\users\***\AppData\Local\Temp\Rar$EX00.806\ASUS_SATA_Port_Verifier\690b33e1-0462-4e84-9bea-c7552b45432a.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-26 158976]
R3 ISASerial;PCIe-ISA Communication Port;c:\windows\system32\drivers\ISASerial.sys [2008-02-20 72192]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2009-04-30 15896]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-04-30 327576]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [2011-12-16 16376]
R3 MtsHID;TechniSat Mantis BDA HID Driver;c:\windows\system32\drivers\MtsHID.sys [2009-07-15 27664]
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys [2011-03-07 24880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [x]
R3 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\nmserial.sys [x]
R3 nvamacpi;nvamacpi;c:\windows\system32\drivers\NVAMACPI.sys [2009-07-16 28192]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 OxPCIeSer;OxPCIeSer;c:\windows\system32\drivers\OxPCIeSer.sys [2008-04-04 101672]
R3 PciIsaSerial;PCI-ISA Communication Port;c:\windows\system32\drivers\PciIsaSerial.sys [2008-05-22 72192]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\drivers\PciPPorts.sys [2008-05-22 95744]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\drivers\PciSPorts.sys [2008-05-22 126464]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 PPorts;PCIe ECP Parallel Port;c:\windows\system32\drivers\PPorts.sys [2008-02-20 95744]
R3 PsShutdownSvc;PsShutdown;c:\windows\PSSDNSVC.EXE [2012-09-19 87616]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [2010-03-31 450048]
R3 Si3124r5;Si3124r5;c:\windows\system32\drivers\Si3124r5.sys [2010-04-13 340008]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2011-02-08 27336]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2011-02-08 69120]
R3 SPorts;High-Speed PCIe Serial Port;c:\windows\system32\drivers\SPorts.sys [2008-02-20 124416]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 13312]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-08-01 3491792]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-03-04 38528]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-08-01 137312]
S0 mvs91xx;mvs91xx;c:\windows\system32\drivers\mvs91xx.sys [2011-03-07 313136]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-08-01 211552]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-08-01 146528]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-19 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-04 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 ekey bit service;ekey bit service;c:\windows\SysWOW64\ekeybits.exe [2008-04-30 65536]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-11-22 66560]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-06-28 5924712]
S2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 10496512]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 326656]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2008-01-18 1197568]
S3 cxbu0x64;SmartTerminal XX44;c:\windows\system32\DRIVERS\cxbu0x64.sys [2010-12-15 173952]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-12 283200]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2010-05-26 1121632]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-04-13 87552]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-04-13 207872]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 35112]
S3 X-Rite;X-Rite USB Service;c:\windows\system32\DRIVERS\XrUsb64.sys [2007-01-29 33600]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-03-31 19:46 625152 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.cpl" [2008-01-10 6475776]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-03-31 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\Classic Shell\ClassicIE9_32.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D537543C-7CB2-44B5-9006-3D5D968B8B6B}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{F8B29D0D-C47E-40E9-B0E5-60663FEA08B1}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-MsMpSvc
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\CP210x\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-WISO Mein Geld 2012 Standard - c:\program files (x86)\Buhl\WISO Mein Geld 2012\setup.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.032"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.int"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mpDRM\LicenseStore*]
"CheckValue"=dword:e3fd43d3
"58729446"="6332CE6D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\program files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
c:\program files\ASUS Xonar DX Audio\Customapp\MXMon.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-20 12:04:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-09-20 10:04
.
Vor Suchlauf: 15 Verzeichnis(se), 25.815.138.304 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 25.331.654.656 Bytes frei
.
- - End Of File - - 439D1F1C75C902BEF3FAD6BF1D9D37A6
Der Live Security Platinum ist jetzt augenscheinlich weg. Der Antivirusscanner Microsoft Security Essentials ist weiterhin "rot" - kein Dienst da zum starten wird gemeldet. Geändert von Nagamichisan (20.09.2012 um 11:31 Uhr) |
|
20.09.2012, 13:14
| #6 |
| /// Malwareteam | Live Security Platinum hat zugschlagen - Win7 64bit Pro Um Security Essentials kümmern wir uns später! CF-Script Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter DIRLOOK::
C:\$Recycle.Bin
C:\ProgramData\225932FD02D490FB02B98E1AF875EF60
FCOPY::
c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe | c:\windows\SysWOW64\ctfmon.exe
CLEARJAVACACHE::
Wichtig:
__________________ --> Live Security Platinum hat zugschlagen - Win7 64bit Pro |
|
20.09.2012, 13:31
| #7 |
| | Live Security Platinum hat zugschlagen - Win7 64bit Pro Alles ohne Mukken gelaufen Combofix Logfile: Code:
ATTFilter ComboFix 12-09-20.01 - *** 20.09.2012 14:23:51.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.16361.14128 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe --> c:\windows\SysWOW64\ctfmon.exe
.
((((((((((((((((((((((( Dateien erstellt von 2012-08-20 bis 2012-09-20 ))))))))))))))))))))))))))))))
.
.
2012-09-20 12:27 . 2012-09-20 12:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-20 06:38 . 2012-09-20 06:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-19 23:03 . 2012-09-19 23:03 -------- d-----w- c:\program files\Enigma Software Group
2012-09-19 23:03 . 2012-09-19 23:21 -------- d-----w- c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-19 23:03 . 2012-09-19 23:11 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-09-19 22:41 . 2012-09-19 23:11 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-19 22:38 . 2012-09-20 04:52 -------- d-----w- c:\programdata\225932FD02D490FB02B98E1AF875EF60
2012-09-19 22:37 . 2012-09-19 22:37 62976 ---ha-w- c:\windows\system32\dllhnter64.dll
2012-09-19 05:39 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6865CC64-29EC-4B44-B9B6-449C7A54A98D}\mpengine.dll
2012-09-17 14:33 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-15 17:48 . 2012-09-15 17:48 -------- d-----w- c:\users\***\AppData\Local\MAGIX_AG
2012-09-15 14:49 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-15 14:49 . 2012-09-15 14:49 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-15 14:49 . 2012-09-15 14:49 -------- d-----w- c:\program files\iTunes
2012-09-15 14:49 . 2012-09-15 14:49 -------- d-----w- c:\program files (x86)\iTunes
2012-09-15 14:49 . 2012-09-15 14:49 -------- d-----w- c:\program files\iPod
2012-09-15 14:46 . 2012-09-15 14:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-09-15 14:46 . 2012-09-15 14:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-09-15 14:46 . 2012-09-15 14:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-09-15 14:46 . 2012-09-15 14:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-09-15 14:46 . 2012-09-15 14:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-09-15 14:46 . 2012-09-15 14:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-09-15 14:46 . 2012-09-15 14:46 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-09-12 04:25 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 04:25 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 04:25 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 04:25 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 04:25 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 04:25 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 04:25 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 10:02 . 2012-01-25 19:10 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-19 07:55 . 2011-07-26 19:31 87616 ----a-w- c:\windows\PSSDNSVC.EXE
2012-09-12 04:26 . 2011-06-14 17:58 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-07 15:04 . 2011-11-13 15:07 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-21 21:37 . 2012-03-30 13:23 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-21 21:37 . 2011-06-03 14:27 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 11:01 . 2011-07-18 12:18 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2011-07-18 12:18 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-01 22:55 . 2012-08-01 22:55 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-08-01 22:55 . 2011-12-05 19:12 1294432 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2012-08-01 22:55 . 2012-08-01 22:55 994912 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-08-01 22:55 . 2012-08-01 22:55 211552 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-08-01 22:55 . 2012-08-01 22:55 146528 ----a-w- c:\windows\system32\drivers\vsflt67.sys
2012-08-01 22:55 . 2011-12-25 16:22 320096 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-08-01 22:55 . 2011-12-05 19:12 137312 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2012-07-18 18:15 . 2012-08-15 03:53 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 04:25 . 2012-07-12 04:25 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-09 11:42 . 2012-07-09 11:42 4547984 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 11:42 . 2012-07-09 11:42 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-07-07 11:27 . 2012-07-07 11:27 266632 ----a-w- c:\windows\UltraMon.scr
2012-07-06 20:07 . 2012-08-15 05:17 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-15 03:53 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 03:53 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 03:53 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 03:53 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-07-03 19:53 . 2012-07-03 19:53 82312 ----a-w- c:\windows\SysWow64\UltraMonHook.dll
2012-07-03 19:52 . 2012-07-03 19:52 338824 ----a-w- c:\windows\SysWow64\UltraMon.dll
2012-06-29 04:55 . 2012-08-15 05:16 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 05:16 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 05:16 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 05:16 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 05:16 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 05:16 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 05:16 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 05:16 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 05:16 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 05:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 05:16 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 05:16 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 05:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 05:16 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 05:16 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 05:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 05:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 05:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 05:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\$Recycle.Bin ----
.
.
---- Directory of c:\programdata\225932FD02D490FB02B98E1AF875EF60 ----
.
2012-09-19 22:40 . 2012-09-19 23:00 1872 ----a-w- c:\programdata\225932FD02D490FB02B98E1AF875EF60\225932FD02D490FB02B98E1AF875EF60
2012-09-19 22:38 . 2012-09-19 22:38 4286 ----a-w- c:\programdata\225932FD02D490FB02B98E1AF875EF60\225932FD02D490FB02B98E1AF875EF60.ico
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-20_10.02.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-09-20 10:04 70666 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-20 10:04 62236 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-09-20 08:17 62236 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-11 11:11 . 2012-09-20 10:04 14144 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1723670816-2989522225-3086513710-1000_UserData.bin
+ 2012-09-20 10:02 . 2012-09-20 10:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-03-31 19:45 501760 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionMDEngine"="c:\program files (x86)\ATI Technologies\HydraVision\HydraMD.exe" [2011-05-24 569344]
"USB-PwrCtrl_8&4ef7e2c&0&0000"="c:\program files (x86)\USB-PwrCtrl\USB-PwrCtrl.exe" [2007-03-04 344064]
"WistererHX"="c:\program files (x86)\Wisterer HX\WistererHX.exe" [2009-01-19 2658304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2011-7-20 1286144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
QuatoCalibrationLoader.lnk - c:\program files (x86)\Quato\iColorDisplay\QuatoCalibrationLoader.exe [2007-10-1 499712]
ScreenManager Pro for LCD Ver3.2.0.lnk - c:\program files (x86)\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe [2010-11-9 9114992]
UltraMon.lnk - c:\windows\Installer\{A9D0CC6D-A00D-486E-ABF3-D9A30B5143E5}\IcoUltraMon.ico [2012-7-11 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 5716848]
R3 adp3132;adp3132;c:\windows\system32\drivers\adp3132.sys [2010-01-28 385072]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-08-01 367200]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-07-14 226616]
R3 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-03-04 78976]
R3 amdide64;amdide64;c:\windows\system32\drivers\amdide64.sys [2007-10-12 10632]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-03-04 126952]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-03-04 390632]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]
R3 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 cpuz130;cpuz130;c:\users\***\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2011-03-07 40832]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2011-03-07 65280]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\drivers\FLxHCIc.sys [2010-04-17 108032]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\drivers\FLxHCIh.sys [2010-04-17 44544]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2010-10-22 460800]
R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2009-08-10 119680]
R3 GLCKIO;GLCKIO;c:\users\***\AppData\Local\Temp\Rar$EX00.806\ASUS_SATA_Port_Verifier\690b33e1-0462-4e84-9bea-c7552b45432a.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-26 158976]
R3 ISASerial;PCIe-ISA Communication Port;c:\windows\system32\drivers\ISASerial.sys [2008-02-20 72192]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2009-04-30 15896]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-04-30 327576]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [2011-12-16 16376]
R3 MtsHID;TechniSat Mantis BDA HID Driver;c:\windows\system32\drivers\MtsHID.sys [2009-07-15 27664]
R3 mv91cons;mv91cons;c:\windows\system32\drivers\mv91cons.sys [2011-03-07 24880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [x]
R3 nmserial;MosChip PCI Serial Port;c:\windows\system32\drivers\nmserial.sys [x]
R3 nvamacpi;nvamacpi;c:\windows\system32\drivers\NVAMACPI.sys [2009-07-16 28192]
R3 OxPCIeSer;OxPCIeSer;c:\windows\system32\drivers\OxPCIeSer.sys [2008-04-04 101672]
R3 PciIsaSerial;PCI-ISA Communication Port;c:\windows\system32\drivers\PciIsaSerial.sys [2008-05-22 72192]
R3 PciPPorts;PCI ECP Parallel Port;c:\windows\system32\drivers\PciPPorts.sys [2008-05-22 95744]
R3 PciSPorts;High-Speed PCI Serial Port;c:\windows\system32\drivers\PciSPorts.sys [2008-05-22 126464]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 PPorts;PCIe ECP Parallel Port;c:\windows\system32\drivers\PPorts.sys [2008-02-20 95744]
R3 PsShutdownSvc;PsShutdown;c:\windows\PSSDNSVC.EXE [2012-09-19 87616]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187B.sys [2010-03-31 450048]
R3 Si3124r5;Si3124r5;c:\windows\system32\drivers\Si3124r5.sys [2010-04-13 340008]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2011-02-08 27336]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2011-02-08 69120]
R3 SPorts;High-Speed PCIe Serial Port;c:\windows\system32\drivers\SPorts.sys [2008-02-20 124416]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 13312]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R4 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-08-01 3491792]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-03-04 38528]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [2012-08-01 137312]
S0 mvs91xx;mvs91xx;c:\windows\system32\drivers\mvs91xx.sys [2011-03-07 313136]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-08-01 211552]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys [2012-08-01 146528]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 Ext2Fsd;Linux ext2 file system driver; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-19 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-04 918144]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 ekey bit service;ekey bit service;c:\windows\SysWOW64\ekeybits.exe [2008-04-30 65536]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-11-22 66560]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-06-28 5924712]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 10496512]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 326656]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2008-01-18 1197568]
S3 cxbu0x64;SmartTerminal XX44;c:\windows\system32\DRIVERS\cxbu0x64.sys [2010-12-15 173952]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-12 283200]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2010-05-26 1121632]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-04-13 87552]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-04-13 207872]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 35112]
S3 X-Rite;X-Rite USB Service;c:\windows\system32\DRIVERS\XrUsb64.sys [2007-01-29 33600]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-03-31 19:46 625152 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.cpl" [2008-01-10 6475776]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-03-31 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\Classic Shell\ClassicIE9_32.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D537543C-7CB2-44B5-9006-3D5D968B8B6B}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
TCP: Interfaces\{F8B29D0D-C47E-40E9-B0E5-60663FEA08B1}: NameServer = 8.8.8.8,8.8.8.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.032"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.int"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-1723670816-2989522225-3086513710-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Foto-Manager 12.xmp"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\mpDRM\LicenseStore*]
"CheckValue"=dword:e3fd43d3
"58729446"="6332CE6D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-20 14:29:04
ComboFix-quarantined-files.txt 2012-09-20 12:29
ComboFix2.txt 2012-09-20 10:04
.
Vor Suchlauf: 19 Verzeichnis(se), 25.166.680.064 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 25.088.913.408 Bytes frei
.
- - End Of File - - 3F46FAF6CCA5E513CCE38E941E6E6E63
|
|
20.09.2012, 13:33
| #8 |
| /// Malwareteam | Live Security Platinum hat zugschlagen - Win7 64bit Pro Sieht ganz gut aus - kontrollieren wir alles nochmal!  Schritt 1: MBAM vollständig Downloade Dir bitte Malwarebytes
Schritt 2: ESET ESET Online Scanner
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
20.09.2012, 18:26
| #9 |
| | Live Security Platinum hat zugschlagen - Win7 64bit Pro Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.20.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] Schutz: Deaktiviert 20.09.2012 14:36:04 mbam-log-2012-09-20 (15-50-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 825251 Laufzeit: 1 Stunde(n), 13 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Datei: 1 D:\users\***\Eigene Dateien von ***\siemens S65\siemens s65 sox\sox_gui.exe (Spyware.Banker) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi Anwendung
C:\Qoobox\Quarantine\C\Windows\SysWOW64\dllhnter.dll.VIRUS.vir Variante von Win32/Kryptik.ALZF Trojaner
C:\users\***\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi Anwendung
C:\users\***\Eigene Dateien von ***\***\Wordpress\Backup\xxx\wp-content\themes\masinop\footer.php PHP/Obfuscated.D Anwendung
C:\users\***\Eigene Dateien von ***\***\Wordpress\Themes\masinop\footer.php PHP/Obfuscated.D Anwendung
D:\users\***\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi Anwendung
D:\users\***\Eigene Dateien von ***\***\Wordpress\Backup\xxx\wp-content\themes\masinop\footer.php PHP/Obfuscated.D Anwendung
D:\users\***\Eigene Dateien von ***\***\Wordpress\Themes\masinop\footer.php PHP/Obfuscated.D Anwendung
Sonst scheint es ja ganz gut auszuschauen. |
|
24.09.2012, 06:20
| #10 |
| | Live Security Platinum hat zugschlagen - Win7 64bit Pro Guten Morgen Marius, ich möchte nun nochmal nachfragen, wie ich noch das Thema Microsoft Security Essentials wieder zum laufen bekomme? Sonst läuft alles stabil. Danke! |
|
24.09.2012, 06:34
| #11 | |
| /// Malwareteam | Live Security Platinum hat zugschlagen - Win7 64bit Pro Guten Morgen, Zitat:
Um MSE kümmern wir uns zum Schluß!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
24.09.2012, 08:40
| #12 |
| | Live Security Platinum hat zugschlagen - Win7 64bit Pro OK! Suchlauf komplett beendet und Funde entfernt: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.24.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 *** :: *** [Administrator] Schutz: Deaktiviert 24.09.2012 08:39:10 mbam-log-2012-09-24 (09-38-33).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 745551 Laufzeit: 56 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Qoobox\Quarantine\C\Windows\SysWOW64\dllhnter.dll.VIRUS.vir (Backdoor.Papras) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\$RECYCLE.BIN\S-1-5-21-1723670816-2989522225-3086513710-1000\$R89Q4EN\sox_gui.exe (Spyware.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
24.09.2012, 08:53
| #13 | |
| /// Malwareteam | Live Security Platinum hat zugschlagen - Win7 64bit ProZitat:
Mit dem MSE-Problem verweise ich dich später an unser Windows-Forum. Macht der Rechne noch Probleme?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
24.09.2012, 08:54
| #14 |
| | Live Security Platinum hat zugschlagen - Win7 64bit Pro OK, habe ich gelöscht und aus dem Papierkorb entfernt. Am Wochenende habe ich keine Probleme mehr feststellen können. |
|
24.09.2012, 09:36
| #15 |
| /// Malwareteam | Live Security Platinum hat zugschlagen - Win7 64bit Pro Dann sind wir durch! Java update Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Defogger re-enable Starte bitte den Defogger und klicke den re-enable Button ComboFix Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren. Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK. Code:
ATTFilter Combofix /Uninstall
 Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden. Nun die eben deaktivierten Programme wieder aktivieren. OTL Starte bitte OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Hier noch ein paar Tipps zur Absicherung deines Systems. Aktualität Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann. MSE: Erstelle hier ein Thema, schildere dein Problem und liefere die nötigen logfiles, dann wird sich darum gekümmert!
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
| Themen zu Live Security Platinum hat zugschlagen - Win7 64bit Pro |
| abgebrochen, administrator, anti-malware, autostart, dateien, explorer, forum, funktioniert, gelöscht, gen, internet browser, live, log, microsoft, neustart, nicht mehr, recycle.bin, registrierungsdatenbank, scan, security, speicher, starten, system, task-manager, trojan.fakealert, trojaner, win7, win7 64bit |
Linear-Darstellung
