| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.10.2012, 14:32
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? Hm, ich lese gerade, dass die Fehlermeldung häufger auftritt  Evtl. ist da ein Bug in der neuen Version - hast du schon versucht das Log im abgesicherten Modus mit Netzwerktreibern mit erstellen?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.10.2012, 14:42
| #17 |
 | GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? Ne selbes Problem.
__________________Soll ich Custom Scan probieren? |
|
01.10.2012, 15:03
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? Du meinst ohne CustomScan?
__________________ Wenn ja, dann mal so probieren: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
__________________ |
|
01.10.2012, 15:11
| #19 |
| | GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? ok geht auch nicht ;-) |
|
01.10.2012, 15:20
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? Hmpf, hast du zufällig noch die Vorgängerversion von OTL?  Ich vermute, dass da irgendein Bug drin ist in der jetzt aktuellen Version 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.10.2012, 15:40
| #21 |
| | GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? Ne leider, nicht hab die andere überschrieben. Hab da ne OTL über Chip.de gefunden. Code:
ATTFilter OTL logfile created on: 01.10.2012 19:00:45 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mahoo\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 75,93% Memory free 7,00 Gb Paging File | 5,96 Gb Available in Paging File | 85,24% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,40 Gb Total Space | 15,46 Gb Free Space | 20,78% Space Free | Partition Type: NTFS Drive D: | 74,53 Gb Total Space | 33,42 Gb Free Space | 44,85% Space Free | Partition Type: NTFS Computer Name: MAHOO-PC | User Name: Mahoo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mahoo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Dokan\DokanLibrary\mounter.exe () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll () MOD - C:\Users\Mahoo\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files\WinRAR\rarext.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll () SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (Samsung UPD Service2) -- C:\Windows\System32\SUPDSvc2.exe (Samsung Electronics) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.) SRV - (Installer Service) -- C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (DokanMounter) -- C:\Program Files\Dokan\DokanLibrary\mounter.exe () SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (netr28u) -- system32\DRIVERS\netr28u.sys File not found DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (LADF_CaptureOnly) -- C:\Windows\System32\drivers\ladfGSCi386.sys (Logitech) DRV - (LADF_RenderOnly) -- C:\Windows\System32\drivers\ladfGSRi386.sys (Logitech) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (Dokan) -- C:\Windows\System32\drivers\dokan.sys (Windows (R) Win 7 DDK provider) DRV - (MQAC) -- C:\Windows\System32\drivers\mqac.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (LADF_SBVM) -- C:\Windows\System32\drivers\ladfSBVMi386.sys (Logitech) DRV - (LADF_DHP2) -- C:\Windows\System32\drivers\ladfDHP2i386.sys (Logitech) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (nmwcdsa) -- C:\Windows\System32\drivers\nmwcdsa.sys (Nokia) DRV - (nmwcdsacm) -- C:\Windows\System32\drivers\nmwcdsacm.sys (Nokia) DRV - (nmwcdsacj) -- C:\Windows\System32\drivers\nmwcdsacj.sys (Nokia) DRV - (nmwcdsac) -- C:\Windows\System32\drivers\nmwcdsac.sys (Nokia) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 D0 99 56 9A 57 CB 01 [binary data] IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 17:18:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 17:18:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.01 11:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\Extensions [2012.09.28 11:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\Firefox\Profiles\3gn9tca2.default\extensions [2012.09.19 13:13:24 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\extensions\testpilot@labs.mozilla.com.xpi [2012.07.26 09:54:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.12.19 21:48:10 | 000,000,933 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\11-suche.xml [2012.01.30 17:24:52 | 000,002,059 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\absearch-search.xml [2011.12.19 21:48:10 | 000,002,419 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\englische-ergebnisse.xml [2011.12.19 21:48:10 | 000,010,525 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\gmx-suche.xml [2011.12.19 21:48:10 | 000,002,457 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\lastminute.xml [2011.12.19 21:48:10 | 000,005,508 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\webde-suche.xml [2012.04.19 19:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.09.09 17:18:50 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.05.03 00:56:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 17:18:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.03 00:56:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.03 00:56:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.03 00:56:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.03 00:56:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\Toolbar\WebBrowser: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MsmqIntCert] C:\Windows\System32\mqrt.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..Trusted Domains: blank ([]about in Computer) O15 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2D2E33-477C-49ED-B1CB-85DBD5256716}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /p \??\G:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.01 18:59:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mahoo\Desktop\OTL.exe [2012.10.01 15:51:45 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\ElevatedDiagnostics [2012.09.28 22:12:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mahoo\Desktop\esetsmartinstaller_enu.exe [2012.09.28 12:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.09.28 06:48:37 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Roaming\Malwarebytes [2012.09.28 06:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.28 06:48:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.28 06:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.28 06:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.28 02:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.24 00:03:30 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\Desktop\Logo [2012.09.23 22:00:16 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\.thumbnails [2012.09.23 20:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012.09.23 20:14:00 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\webkit [2012.09.23 19:33:49 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\fontconfig [2012.09.23 19:33:47 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\gegl-0.2 [2012.09.23 19:33:47 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\.gimp-2.8 [2012.09.02 00:03:28 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Roaming\WOT Statistics [2012.09.02 00:03:07 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WOT Statistics [2012.09.02 00:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\WOT Statistics [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.01 18:59:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mahoo\Desktop\OTL.exe [2012.10.01 18:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.01 16:00:14 | 000,013,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.01 16:00:14 | 000,013,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.01 15:52:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.01 15:52:39 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys [2012.09.29 10:18:24 | 000,513,501 | ---- | M] () -- C:\Users\Mahoo\Desktop\adwcleaner.exe [2012.09.28 22:12:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mahoo\Desktop\esetsmartinstaller_enu.exe [2012.09.28 11:01:47 | 002,141,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.28 11:01:47 | 001,140,448 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.28 11:01:47 | 000,605,286 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.28 11:01:47 | 000,527,272 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.28 06:48:29 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.28 02:48:03 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.27 20:52:21 | 000,003,055 | ---- | M] () -- C:\Users\Mahoo\Desktop\WOT Statistics.lnk [2012.09.24 00:03:44 | 000,003,922 | ---- | M] () -- C:\Users\Mahoo\AppData\Local\recently-used.xbel [2012.09.23 23:05:42 | 000,476,975 | ---- | M] () -- C:\Users\Mahoo\Documents\test2.xcf [2012.09.23 22:02:51 | 000,001,049 | ---- | M] () -- C:\Users\Mahoo\Desktop\GIMP 2.lnk [2012.09.23 22:00:16 | 000,458,498 | ---- | M] () -- C:\Users\Mahoo\Documents\test1.xcf [2012.09.09 17:23:32 | 000,001,102 | ---- | M] () -- C:\Users\Mahoo\Desktop\wot-xvm-proxy - Verknüpfung.lnk [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.07 11:28:56 | 000,430,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.29 10:18:23 | 000,513,501 | ---- | C] () -- C:\Users\Mahoo\Desktop\adwcleaner.exe [2012.09.28 06:48:29 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.27 23:14:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.24 00:03:44 | 000,003,922 | ---- | C] () -- C:\Users\Mahoo\AppData\Local\recently-used.xbel [2012.09.23 23:05:42 | 000,476,975 | ---- | C] () -- C:\Users\Mahoo\Documents\test2.xcf [2012.09.23 22:02:51 | 000,001,049 | ---- | C] () -- C:\Users\Mahoo\Desktop\GIMP 2.lnk [2012.09.23 22:00:16 | 000,458,498 | ---- | C] () -- C:\Users\Mahoo\Documents\test1.xcf [2012.09.23 20:26:32 | 000,001,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.09.09 17:23:32 | 000,001,102 | ---- | C] () -- C:\Users\Mahoo\Desktop\wot-xvm-proxy - Verknüpfung.lnk [2012.09.07 11:28:41 | 000,430,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.02 00:03:07 | 000,003,055 | ---- | C] () -- C:\Users\Mahoo\Desktop\WOT Statistics.lnk [2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012.07.11 13:18:32 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe [2012.07.11 13:17:42 | 000,310,272 | ---- | C] () -- C:\Windows\System32\UPDIO2.dll [2012.07.11 13:17:41 | 000,254,464 | ---- | C] () -- C:\Windows\System32\SUPDRun.exe [2012.07.11 13:17:41 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe [2012.07.11 13:17:41 | 000,024,064 | ---- | C] () -- C:\Windows\System32\spd__l.dll [2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.17 13:20:29 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2012.03.26 17:32:51 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.03.10 22:55:29 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2011.11.06 17:21:39 | 000,076,360 | ---- | C] () -- C:\Windows\System32\ladfGSRCoinst_i386.dll [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.21 08:42:38 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll [2011.01.16 23:12:01 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011.01.10 14:49:16 | 000,035,840 | ---- | C] () -- C:\Windows\System32\dokan.dll [2010.10.25 21:56:28 | 000,007,596 | ---- | C] () -- C:\Users\Mahoo\AppData\Local\resmon.resmoncfg [2010.10.19 20:27:34 | 000,139,488 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.10.19 20:27:10 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe [2010.10.02 23:38:51 | 000,022,328 | ---- | C] () -- C:\Users\Mahoo\AppData\Roaming\PnkBstrK.sys [2010.10.02 23:38:28 | 000,270,776 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.10.02 23:38:27 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.28 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited [2012.09.27 23:47:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite [2010.11.14 00:27:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite [2010.11.14 19:54:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client [2012.06.17 20:05:14 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Canneverbe Limited [2012.06.17 01:11:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Lite [2012.01.30 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Net [2012.03.26 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DesktopIconForAmazon [2010.09.19 03:51:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Leadertech [2011.05.19 22:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Nokia [2010.09.27 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\OpenOffice.org [2010.12.25 00:30:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\PC Suite [2012.06.04 18:24:58 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Samsung [2012.06.04 18:51:30 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Temp [2012.05.01 17:31:50 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\TS3Client [2011.12.21 00:50:43 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\TuneUp Software [2011.07.10 23:22:12 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\wargaming.net [2012.09.02 00:05:33 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\WOT Statistics ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.05.13 22:49:47 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Adobe [2012.04.01 17:48:12 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Avira [2012.06.17 20:05:14 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Canneverbe Limited [2012.06.17 01:11:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Lite [2012.01.30 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Net [2012.03.26 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DesktopIconForAmazon [2012.05.17 13:27:40 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Google Inc [2012.05.13 22:54:09 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Help [2012.05.17 14:15:48 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Identities [2010.09.19 03:51:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Leadertech [2011.12.21 00:20:57 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Logishrd [2010.09.19 04:11:17 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Logitech [2010.09.19 03:33:24 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Macromedia [2012.09.28 06:48:37 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Malwarebytes [2012.05.13 22:54:19 | 000,000,000 | --SD | M] -- C:\Users\Mahoo\AppData\Roaming\Microsoft [2010.11.28 22:33:05 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Mozilla [2011.05.19 22:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Nokia [2011.11.14 23:01:02 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\NVIDIA [2010.09.27 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\OpenOffice.org [2010.12.25 00:30:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\PC Suite [2012.06.04 18:24:58 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Samsung [2012.06.04 18:51:30 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Temp [2012.05.01 17:31:50 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\TS3Client [2011.12.21 00:50:43 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\TuneUp Software [2012.05.21 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\vlc [2011.07.10 23:22:12 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\wargaming.net [2010.09.20 15:21:58 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\WinRAR [2012.09.02 00:05:33 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\WOT Statistics < %APPDATA%\*.exe /s > [2012.03.26 17:32:50 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Mahoo\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe [2010.10.04 22:12:25 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Mahoo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.11.20 23:06:50 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2012.09.27 20:52:21 | 000,332,328 | R--- | M] () -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{F8A2AB6C-CB98-419C-BC96-95809B455AA7}\_853F67D554F05449430E7E.exe [2012.09.27 20:52:21 | 000,332,328 | R--- | M] () -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{F8A2AB6C-CB98-419C-BC96-95809B455AA7}\_AE6D52766A4C6A7E5B422D.exe [2012.09.27 20:52:21 | 000,332,328 | R--- | M] () -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{F8A2AB6C-CB98-419C-BC96-95809B455AA7}\_CF295D5069A02809E63991.exe [2012.05.30 03:17:52 | 000,958,392 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe [2012.05.30 03:17:54 | 000,278,968 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe [2012.05.23 18:51:18 | 000,318,976 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesLogger.exe [2012.05.30 03:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe [2012.05.23 18:50:32 | 000,180,224 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe [2012.05.23 18:50:32 | 000,321,024 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe [2012.05.30 02:49:14 | 000,721,920 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe [2012.05.30 03:18:02 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe [2012.05.23 18:50:18 | 000,106,960 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe [2012.05.23 18:50:18 | 000,101,328 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe [2012.05.30 03:18:04 | 000,183,736 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2012.05.30 03:18:06 | 000,021,432 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe [2012.05.30 03:18:08 | 003,570,352 | ---- | M] (Freeware) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe [2012.05.23 18:50:02 | 000,221,184 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\TransModules\SelfMV.exe [2012.05.23 18:50:04 | 000,061,440 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\TransModules\SelfMV2.exe [2012.05.23 18:49:28 | 024,162,120 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2012.07.03 08:16:26 | 000,975,288 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe [2012.07.03 08:16:28 | 000,278,968 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe [2012.06.26 09:04:30 | 000,320,000 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesLogger.exe [2012.07.03 08:16:26 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe [2012.06.26 09:03:34 | 000,182,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe [2012.06.26 09:03:34 | 000,321,536 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe [2012.06.26 09:03:38 | 000,716,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe [2012.07.03 08:16:32 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe [2012.06.26 09:03:16 | 000,106,960 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe [2012.06.26 09:03:16 | 000,101,328 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe [2012.07.03 08:16:34 | 000,183,736 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\BinaryLoaderMgr.exe [2012.07.03 08:16:36 | 000,021,432 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe [2012.07.03 08:16:36 | 003,742,648 | ---- | M] (Freeware) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe [2012.06.26 09:03:02 | 000,262,144 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV.exe [2012.06.26 09:03:04 | 000,090,112 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV2.exe [2012.06.26 09:02:34 | 024,164,152 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2012.05.30 03:18:10 | 000,371,128 | ---- | M] (ml) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2012.07.03 08:16:38 | 000,450,488 | ---- | M] (ml) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > |
|
02.10.2012, 10:37
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? Version 3.2.70.1 ist draußen - bitte damit nochmal versuchen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.10.2012, 19:06
| #23 |
| | GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? Hi Cosinus hier die Log mit der neuen Vesion. Code:
ATTFilter OTL logfile created on: 02.10.2012 19:54:56 - Run 5 OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Mahoo\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 74,65% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,40 Gb Total Space | 22,72 Gb Free Space | 30,54% Space Free | Partition Type: NTFS Drive D: | 74,53 Gb Total Space | 33,42 Gb Free Space | 44,85% Space Free | Partition Type: NTFS Computer Name: MAHOO-PC | User Name: Mahoo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mahoo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () PRC - C:\Program Files\Samsung\Kies\Kies.exe (Samsung) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Dokan\DokanLibrary\mounter.exe () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\5552b27237c3dbe4f21a10e97adf2edc\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\94b346f2ab12d38efb1331ded5783396\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll () MOD - C:\Users\Mahoo\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll () MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () MOD - C:\Program Files\WinRAR\rarext.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_5891ae0.dll () SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (Samsung UPD Service2) -- C:\Windows\System32\SUPDSvc2.exe (Samsung Electronics) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.) SRV - (Installer Service) -- C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (DokanMounter) -- C:\Program Files\Dokan\DokanLibrary\mounter.exe () SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation) SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION) SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV - (netr28u) -- system32\DRIVERS\netr28u.sys File not found DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (LADF_CaptureOnly) -- C:\Windows\System32\drivers\ladfGSCi386.sys (Logitech) DRV - (LADF_RenderOnly) -- C:\Windows\System32\drivers\ladfGSRi386.sys (Logitech) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (Dokan) -- C:\Windows\System32\drivers\dokan.sys (Windows (R) Win 7 DDK provider) DRV - (MQAC) -- C:\Windows\System32\drivers\mqac.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) 2000 DDK provider) DRV - (LADF_SBVM) -- C:\Windows\System32\drivers\ladfSBVMi386.sys (Logitech) DRV - (LADF_DHP2) -- C:\Windows\System32\drivers\ladfDHP2i386.sys (Logitech) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.) DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (nmwcdsa) -- C:\Windows\System32\drivers\nmwcdsa.sys (Nokia) DRV - (nmwcdsacm) -- C:\Windows\System32\drivers\nmwcdsacm.sys (Nokia) DRV - (nmwcdsacj) -- C:\Windows\System32\drivers\nmwcdsacj.sys (Nokia) DRV - (nmwcdsac) -- C:\Windows\System32\drivers\nmwcdsac.sys (Nokia) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 D0 99 56 9A 57 CB 01 [binary data] IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: testpilot@labs.mozilla.com:1.2.2 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 17:18:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.09 17:18:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.01 11:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\Extensions [2012.09.28 11:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\Firefox\Profiles\3gn9tca2.default\extensions [2012.09.19 13:13:24 | 000,621,521 | ---- | M] () (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\extensions\testpilot@labs.mozilla.com.xpi [2012.07.26 09:54:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011.12.19 21:48:10 | 000,000,933 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\11-suche.xml [2012.01.30 17:24:52 | 000,002,059 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\absearch-search.xml [2011.12.19 21:48:10 | 000,002,419 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\englische-ergebnisse.xml [2011.12.19 21:48:10 | 000,010,525 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\gmx-suche.xml [2011.12.19 21:48:10 | 000,002,457 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\lastminute.xml [2011.12.19 21:48:10 | 000,005,508 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\webde-suche.xml [2012.04.19 19:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.09.09 17:18:50 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.05.03 00:56:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.09 17:18:47 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.05.03 00:56:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.05.03 00:56:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.03 00:56:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.03 00:56:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\Toolbar\WebBrowser: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [MsmqIntCert] C:\Windows\System32\mqrt.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..Trusted Domains: blank ([]about in Computer) O15 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Unable to open value key) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Unable to open value key) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Unable to open value key) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Unable to open value key) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2D2E33-477C-49ED-B1CB-85DBD5256716}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /p \??\G:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.02 19:53:17 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Mahoo\Desktop\OTL.exe [2012.10.01 15:51:45 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\ElevatedDiagnostics [2012.09.28 22:12:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mahoo\Desktop\esetsmartinstaller_enu.exe [2012.09.28 12:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.09.28 06:48:37 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Roaming\Malwarebytes [2012.09.28 06:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.28 06:48:28 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.28 06:48:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.09.28 06:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.28 02:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.09.24 00:03:30 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\Desktop\Logo [2012.09.23 22:00:16 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\.thumbnails [2012.09.23 20:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012.09.23 20:14:00 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\webkit [2012.09.23 19:33:49 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\fontconfig [2012.09.23 19:33:47 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\AppData\Local\gegl-0.2 [2012.09.23 19:33:47 | 000,000,000 | ---D | C] -- C:\Users\Mahoo\.gimp-2.8 [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.10.02 19:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.02 19:53:18 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Mahoo\Desktop\OTL.exe [2012.10.02 19:51:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.02 19:50:58 | 2817,384,448 | -HS- | M] () -- C:\hiberfil.sys [2012.10.02 15:06:57 | 000,013,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.02 15:06:57 | 000,013,776 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.29 10:18:24 | 000,513,501 | ---- | M] () -- C:\Users\Mahoo\Desktop\adwcleaner.exe [2012.09.28 22:12:35 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mahoo\Desktop\esetsmartinstaller_enu.exe [2012.09.28 11:01:47 | 002,141,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.28 11:01:47 | 001,140,448 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.28 11:01:47 | 000,605,286 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.09.28 11:01:47 | 000,527,272 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.28 06:48:29 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.28 02:48:03 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.27 20:52:21 | 000,003,055 | ---- | M] () -- C:\Users\Mahoo\Desktop\WOT Statistics.lnk [2012.09.24 00:03:44 | 000,003,922 | ---- | M] () -- C:\Users\Mahoo\AppData\Local\recently-used.xbel [2012.09.23 23:05:42 | 000,476,975 | ---- | M] () -- C:\Users\Mahoo\Documents\test2.xcf [2012.09.23 22:02:51 | 000,001,049 | ---- | M] () -- C:\Users\Mahoo\Desktop\GIMP 2.lnk [2012.09.23 22:00:16 | 000,458,498 | ---- | M] () -- C:\Users\Mahoo\Documents\test1.xcf [2012.09.09 17:23:32 | 000,001,102 | ---- | M] () -- C:\Users\Mahoo\Desktop\wot-xvm-proxy - Verknüpfung.lnk [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.07 11:28:56 | 000,430,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.29 10:18:23 | 000,513,501 | ---- | C] () -- C:\Users\Mahoo\Desktop\adwcleaner.exe [2012.09.28 06:48:29 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.27 23:14:31 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.24 00:03:44 | 000,003,922 | ---- | C] () -- C:\Users\Mahoo\AppData\Local\recently-used.xbel [2012.09.23 23:05:42 | 000,476,975 | ---- | C] () -- C:\Users\Mahoo\Documents\test2.xcf [2012.09.23 22:02:51 | 000,001,049 | ---- | C] () -- C:\Users\Mahoo\Desktop\GIMP 2.lnk [2012.09.23 22:00:16 | 000,458,498 | ---- | C] () -- C:\Users\Mahoo\Documents\test1.xcf [2012.09.23 20:26:32 | 000,001,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.09.09 17:23:32 | 000,001,102 | ---- | C] () -- C:\Users\Mahoo\Desktop\wot-xvm-proxy - Verknüpfung.lnk [2012.09.07 11:28:41 | 000,430,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2012.08.30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2012.07.11 13:18:32 | 001,558,432 | ---- | C] () -- C:\Windows\TotalUninstaller.exe [2012.07.11 13:17:42 | 000,310,272 | ---- | C] () -- C:\Windows\System32\UPDIO2.dll [2012.07.11 13:17:41 | 000,254,464 | ---- | C] () -- C:\Windows\System32\SUPDRun.exe [2012.07.11 13:17:41 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe [2012.07.11 13:17:41 | 000,024,064 | ---- | C] () -- C:\Windows\System32\spd__l.dll [2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.05.17 13:20:29 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2012.03.26 17:32:51 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll [2012.03.10 22:55:29 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2011.11.06 17:21:39 | 000,076,360 | ---- | C] () -- C:\Windows\System32\ladfGSRCoinst_i386.dll [2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.06.21 08:42:38 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll [2011.01.16 23:12:01 | 000,682,280 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2011.01.10 14:49:16 | 000,035,840 | ---- | C] () -- C:\Windows\System32\dokan.dll [2010.10.25 21:56:28 | 000,007,596 | ---- | C] () -- C:\Users\Mahoo\AppData\Local\resmon.resmoncfg [2010.10.19 20:27:34 | 000,139,488 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.10.19 20:27:10 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe [2010.10.02 23:38:51 | 000,022,328 | ---- | C] () -- C:\Users\Mahoo\AppData\Roaming\PnkBstrK.sys ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.09.28 00:22:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited [2012.09.27 23:47:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite [2010.11.14 00:27:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite [2010.11.14 19:54:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client [2012.06.17 20:05:14 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Canneverbe Limited [2012.06.17 01:11:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Lite [2012.01.30 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Net [2012.03.26 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DesktopIconForAmazon [2010.09.19 03:51:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Leadertech [2011.05.19 22:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Nokia [2010.09.27 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\OpenOffice.org [2010.12.25 00:30:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\PC Suite [2012.06.04 18:24:58 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Samsung [2012.06.04 18:51:30 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Temp [2012.05.01 17:31:50 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\TS3Client [2011.07.10 23:22:12 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\wargaming.net [2012.09.02 00:05:33 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\WOT Statistics ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.05.13 22:49:47 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Adobe [2012.04.01 17:48:12 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Avira [2012.06.17 20:05:14 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Canneverbe Limited [2012.06.17 01:11:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Lite [2012.01.30 15:53:13 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DAEMON Tools Net [2012.03.26 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\DesktopIconForAmazon [2012.05.17 13:27:40 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Google Inc [2012.05.13 22:54:09 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Help [2012.05.17 14:15:48 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Identities [2010.09.19 03:51:51 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Leadertech [2011.12.21 00:20:57 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Logishrd [2010.09.19 04:11:17 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Logitech [2010.09.19 03:33:24 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Macromedia [2012.09.28 06:48:37 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Malwarebytes [2012.05.13 22:54:19 | 000,000,000 | --SD | M] -- C:\Users\Mahoo\AppData\Roaming\Microsoft [2010.11.28 22:33:05 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Mozilla [2011.05.19 22:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Nokia [2011.11.14 23:01:02 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\NVIDIA [2010.09.27 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\OpenOffice.org [2010.12.25 00:30:27 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\PC Suite [2012.06.04 18:24:58 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Samsung [2012.06.04 18:51:30 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\Temp [2012.05.01 17:31:50 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\TS3Client [2012.05.21 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\vlc [2011.07.10 23:22:12 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\wargaming.net [2010.09.20 15:21:58 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\WinRAR [2012.09.02 00:05:33 | 000,000,000 | ---D | M] -- C:\Users\Mahoo\AppData\Roaming\WOT Statistics < %APPDATA%\*.exe /s > [2012.03.26 17:32:50 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Mahoo\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe [2010.10.04 22:12:25 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Mahoo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.11.20 23:06:50 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2012.09.27 20:52:21 | 000,332,328 | R--- | M] () -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{F8A2AB6C-CB98-419C-BC96-95809B455AA7}\_853F67D554F05449430E7E.exe [2012.09.27 20:52:21 | 000,332,328 | R--- | M] () -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{F8A2AB6C-CB98-419C-BC96-95809B455AA7}\_AE6D52766A4C6A7E5B422D.exe [2012.09.27 20:52:21 | 000,332,328 | R--- | M] () -- C:\Users\Mahoo\AppData\Roaming\Microsoft\Installer\{F8A2AB6C-CB98-419C-BC96-95809B455AA7}\_CF295D5069A02809E63991.exe [2012.05.30 03:17:52 | 000,958,392 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\Kies.exe [2012.05.30 03:17:54 | 000,278,968 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesDriverInstaller.exe [2012.05.23 18:51:18 | 000,318,976 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesLogger.exe [2012.05.30 03:17:54 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\KiesTrayAgent.exe [2012.05.23 18:50:32 | 000,180,224 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\ConnectionManager.exe [2012.05.23 18:50:32 | 000,321,024 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceDataService.exe [2012.05.30 02:49:14 | 000,721,920 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\DeviceManager.exe [2012.05.30 03:18:02 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\DeviceModules\Kies_Tutorial.exe [2012.05.23 18:50:18 | 000,106,960 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentInstaller.exe [2012.05.23 18:50:18 | 000,101,328 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\AgentUpdate.exe [2012.05.30 03:18:04 | 000,183,736 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2012.05.30 03:18:06 | 000,021,432 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\FirmwareUpdate\KiesPDLR.exe [2012.05.30 03:18:08 | 003,570,352 | ---- | M] (Freeware) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\MediaModules\MyFreeCodecPack.exe [2012.05.23 18:50:02 | 000,221,184 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\TransModules\SelfMV.exe [2012.05.23 18:50:04 | 000,061,440 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\External\TransModules\SelfMV2.exe [2012.05.23 18:49:28 | 024,162,120 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2012.07.03 08:16:26 | 000,975,288 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe [2012.07.03 08:16:28 | 000,278,968 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe [2012.06.26 09:04:30 | 000,320,000 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesLogger.exe [2012.07.03 08:16:26 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe [2012.06.26 09:03:34 | 000,182,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe [2012.06.26 09:03:34 | 000,321,536 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe [2012.06.26 09:03:38 | 000,716,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe [2012.07.03 08:16:32 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe [2012.06.26 09:03:16 | 000,106,960 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe [2012.06.26 09:03:16 | 000,101,328 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe [2012.07.03 08:16:34 | 000,183,736 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\BinaryLoaderMgr.exe [2012.07.03 08:16:36 | 000,021,432 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe [2012.07.03 08:16:36 | 003,742,648 | ---- | M] (Freeware) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe [2012.06.26 09:03:02 | 000,262,144 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV.exe [2012.06.26 09:03:04 | 000,090,112 | ---- | M] (ENJsoft corp.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV2.exe [2012.06.26 09:02:34 | 024,164,152 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2012.05.30 03:18:10 | 000,371,128 | ---- | M] (ml) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2012.07.03 08:16:38 | 000,450,488 | ---- | M] (ml) -- C:\Users\Mahoo\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < End of report > |
|
02.10.2012, 20:35
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
[2012.01.30 17:24:52 | 000,002,059 | ---- | M] () -- C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\absearch-search.xml
O3 - HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\..\Toolbar\WebBrowser: (no name) - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.10.2012, 20:45
| #25 |
| | GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? Hi hier das Log Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Users\Mahoo\AppData\Roaming\mozilla\firefox\profiles\3gn9tca2.default\searchplugins\absearch-search.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-1056468692-1839014824-3167116617-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Mahoo\Desktop\cmd.bat deleted successfully.
C:\Users\Mahoo\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 28419267 bytes
->Temporary Internet Files folder emptied: 3278505 bytes
->FireFox cache emptied: 135376447 bytes
->Flash cache emptied: 57202 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
User: Mahoo
->Temp folder emptied: 108999569 bytes
->Temporary Internet Files folder emptied: 7991158 bytes
->Java cache emptied: 26336327 bytes
->FireFox cache emptied: 159333590 bytes
->Google Chrome cache emptied: 17589113 bytes
->Flash cache emptied: 60404 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 29504 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 573686 bytes
RecycleBin emptied: 128685588 bytes
Total Files Cleaned = 588,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.70.1 log created on 10022012_214037
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
03.10.2012, 17:56
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.10.2012, 18:41
| #27 |
| | GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? Hallo Cosinus hat bei mir Threats detected (medium risk) angezeigt mit den optionen skip,copy to quarantäne und Delete. habe Skip ausgewählt. Hier die Log Code:
ATTFilter 19:35:27.0691 1660 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:35:27.0940 1660 ============================================================
19:35:27.0940 1660 Current date / time: 2012/10/03 19:35:27.0940
19:35:27.0940 1660 SystemInfo:
19:35:27.0940 1660
19:35:27.0940 1660 OS Version: 6.1.7601 ServicePack: 1.0
19:35:27.0940 1660 Product type: Workstation
19:35:27.0940 1660 ComputerName: MAHOO-PC
19:35:27.0940 1660 UserName: Mahoo
19:35:27.0940 1660 Windows directory: C:\Windows
19:35:27.0940 1660 System windows directory: C:\Windows
19:35:27.0940 1660 Processor architecture: Intel x86
19:35:27.0940 1660 Number of processors: 2
19:35:27.0940 1660 Page size: 0x1000
19:35:27.0940 1660 Boot type: Normal boot
19:35:27.0940 1660 ============================================================
19:35:30.0311 1660 Drive \Device\Harddisk0\DR0 - Size: 0x1299D15400 (74.40 Gb), SectorSize: 0x200, Cylinders: 0x284F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
19:35:30.0311 1660 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:30.0311 1660 ============================================================
19:35:30.0311 1660 \Device\Harddisk0\DR0:
19:35:30.0311 1660 MBR partitions:
19:35:30.0311 1660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94CE000
19:35:30.0311 1660 \Device\Harddisk1\DR1:
19:35:30.0311 1660 MBR partitions:
19:35:30.0311 1660 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E800
19:35:30.0311 1660 ============================================================
19:35:30.0327 1660 C: <-> \Device\Harddisk0\DR0\Partition1
19:35:30.0327 1660 D: <-> \Device\Harddisk1\DR1\Partition1
19:35:30.0327 1660 ============================================================
19:35:30.0327 1660 Initialize success
19:35:30.0327 1660 ============================================================
19:36:24.0896 2424 ============================================================
19:36:24.0896 2424 Scan started
19:36:24.0896 2424 Mode: Manual; SigCheck; TDLFS;
19:36:24.0896 2424 ============================================================
19:36:25.0832 2424 ================ Scan system memory ========================
19:36:25.0832 2424 System memory - ok
19:36:25.0832 2424 ================ Scan services =============================
19:36:25.0957 2424 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:36:26.0050 2424 1394ohci - ok
19:36:26.0081 2424 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:36:26.0081 2424 ACPI - ok
19:36:26.0113 2424 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:36:26.0175 2424 AcpiPmi - ok
19:36:26.0315 2424 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:36:26.0331 2424 AdobeARMservice - ok
19:36:26.0425 2424 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:36:26.0440 2424 AdobeFlashPlayerUpdateSvc - ok
19:36:26.0503 2424 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:36:26.0534 2424 adp94xx - ok
19:36:26.0549 2424 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:36:26.0565 2424 adpahci - ok
19:36:26.0581 2424 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:36:26.0596 2424 adpu320 - ok
19:36:26.0612 2424 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:36:26.0659 2424 AeLookupSvc - ok
19:36:26.0705 2424 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:36:26.0752 2424 AFD - ok
19:36:26.0799 2424 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:36:26.0815 2424 agp440 - ok
19:36:26.0830 2424 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:36:26.0830 2424 aic78xx - ok
19:36:27.0002 2424 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
19:36:27.0002 2424 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
19:36:27.0017 2424 Akamai ( HiddenFile.Multi.Generic ) - warning
19:36:27.0017 2424 Akamai - detected HiddenFile.Multi.Generic (1)
19:36:27.0049 2424 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:36:27.0111 2424 ALG - ok
19:36:27.0142 2424 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:36:27.0158 2424 aliide - ok
19:36:27.0158 2424 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:36:27.0173 2424 amdagp - ok
19:36:27.0189 2424 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:36:27.0205 2424 amdide - ok
19:36:27.0220 2424 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:36:27.0267 2424 AmdK8 - ok
19:36:27.0267 2424 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:36:27.0298 2424 AmdPPM - ok
19:36:27.0314 2424 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:36:27.0329 2424 amdsata - ok
19:36:27.0345 2424 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:36:27.0361 2424 amdsbs - ok
19:36:27.0361 2424 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:36:27.0376 2424 amdxata - ok
19:36:27.0454 2424 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:36:27.0454 2424 AntiVirSchedulerService - ok
19:36:27.0501 2424 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:36:27.0501 2424 AntiVirService - ok
19:36:27.0579 2424 [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
19:36:27.0610 2424 AppHostSvc - ok
19:36:27.0641 2424 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:36:27.0735 2424 AppID - ok
19:36:27.0766 2424 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:36:27.0813 2424 AppIDSvc - ok
19:36:27.0844 2424 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:36:27.0875 2424 Appinfo - ok
19:36:27.0907 2424 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:36:27.0922 2424 arc - ok
19:36:27.0922 2424 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:36:27.0938 2424 arcsas - ok
19:36:28.0047 2424 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:36:28.0094 2424 aspnet_state - ok
19:36:28.0109 2424 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:36:28.0219 2424 AsyncMac - ok
19:36:28.0234 2424 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:36:28.0250 2424 atapi - ok
19:36:28.0297 2424 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:36:28.0328 2424 AudioEndpointBuilder - ok
19:36:28.0343 2424 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:36:28.0359 2424 Audiosrv - ok
19:36:28.0406 2424 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:36:28.0421 2424 avgntflt - ok
19:36:28.0468 2424 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:36:28.0468 2424 avipbb - ok
19:36:28.0499 2424 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:36:28.0515 2424 avkmgr - ok
19:36:28.0531 2424 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:36:28.0593 2424 AxInstSV - ok
19:36:28.0640 2424 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:36:28.0671 2424 b06bdrv - ok
19:36:28.0687 2424 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:36:28.0702 2424 b57nd60x - ok
19:36:28.0749 2424 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:36:28.0796 2424 BDESVC - ok
19:36:28.0811 2424 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:36:28.0843 2424 Beep - ok
19:36:28.0889 2424 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:36:28.0921 2424 BFE - ok
19:36:28.0952 2424 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:36:28.0983 2424 BITS - ok
19:36:28.0999 2424 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:36:29.0030 2424 blbdrive - ok
19:36:29.0077 2424 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:36:29.0108 2424 bowser - ok
19:36:29.0123 2424 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:36:29.0186 2424 BrFiltLo - ok
19:36:29.0201 2424 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:36:29.0233 2424 BrFiltUp - ok
19:36:29.0264 2424 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:36:29.0295 2424 Browser - ok
19:36:29.0326 2424 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:36:29.0373 2424 Brserid - ok
19:36:29.0373 2424 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:36:29.0404 2424 BrSerWdm - ok
19:36:29.0435 2424 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:36:29.0451 2424 BrUsbMdm - ok
19:36:29.0467 2424 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:36:29.0498 2424 BrUsbSer - ok
19:36:29.0498 2424 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:36:29.0513 2424 BTHMODEM - ok
19:36:29.0560 2424 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:36:29.0591 2424 bthserv - ok
19:36:29.0623 2424 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:36:29.0654 2424 cdfs - ok
19:36:29.0701 2424 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:36:29.0732 2424 cdrom - ok
19:36:29.0779 2424 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:36:29.0810 2424 CertPropSvc - ok
19:36:29.0857 2424 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:36:29.0872 2424 circlass - ok
19:36:29.0888 2424 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:36:29.0888 2424 CLFS - ok
19:36:29.0935 2424 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:29.0950 2424 clr_optimization_v2.0.50727_32 - ok
19:36:29.0997 2424 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:36:30.0075 2424 clr_optimization_v4.0.30319_32 - ok
19:36:30.0075 2424 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:36:30.0091 2424 CmBatt - ok
19:36:30.0122 2424 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:36:30.0122 2424 cmdide - ok
19:36:30.0153 2424 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:36:30.0184 2424 CNG - ok
19:36:30.0184 2424 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:36:30.0200 2424 Compbatt - ok
19:36:30.0215 2424 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:36:30.0231 2424 CompositeBus - ok
19:36:30.0231 2424 COMSysApp - ok
19:36:30.0247 2424 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:36:30.0262 2424 crcdisk - ok
19:36:30.0309 2424 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:36:30.0356 2424 CryptSvc - ok
19:36:30.0403 2424 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:36:30.0449 2424 DcomLaunch - ok
19:36:30.0481 2424 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:36:30.0512 2424 defragsvc - ok
19:36:30.0543 2424 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:36:30.0574 2424 DfsC - ok
19:36:30.0605 2424 DgiVecp - ok
19:36:30.0637 2424 [ 7BEF2E2159EDB03105BC7A8BABE04726 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
19:36:30.0652 2424 dg_ssudbus - ok
19:36:30.0683 2424 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:36:30.0730 2424 Dhcp - ok
19:36:30.0746 2424 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:36:30.0777 2424 discache - ok
19:36:30.0808 2424 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:36:30.0824 2424 Disk - ok
19:36:30.0855 2424 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:36:30.0886 2424 Dnscache - ok
19:36:30.0933 2424 [ 04036AB29BC52A71A70BAA16FA33F8AE ] Dokan C:\Windows\system32\drivers\dokan.sys
19:36:30.0933 2424 Dokan ( UnsignedFile.Multi.Generic ) - warning
19:36:30.0933 2424 Dokan - detected UnsignedFile.Multi.Generic (1)
19:36:30.0964 2424 [ 8C856E531A1170F53AC6844E89CD0B5F ] DokanMounter C:\Program Files\Dokan\DokanLibrary\mounter.exe
19:36:30.0980 2424 DokanMounter ( UnsignedFile.Multi.Generic ) - warning
19:36:30.0980 2424 DokanMounter - detected UnsignedFile.Multi.Generic (1)
19:36:30.0995 2424 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:36:31.0027 2424 dot3svc - ok
19:36:31.0058 2424 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:36:31.0089 2424 DPS - ok
19:36:31.0136 2424 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:36:31.0151 2424 drmkaud - ok
19:36:31.0198 2424 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:36:31.0214 2424 DXGKrnl - ok
19:36:31.0229 2424 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:36:31.0261 2424 EapHost - ok
19:36:31.0354 2424 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:36:31.0417 2424 ebdrv - ok
19:36:31.0448 2424 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:36:31.0479 2424 EFS - ok
19:36:31.0526 2424 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:36:31.0557 2424 ehRecvr - ok
19:36:31.0573 2424 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:36:31.0604 2424 ehSched - ok
19:36:31.0666 2424 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:36:31.0682 2424 elxstor - ok
19:36:31.0775 2424 [ EC6A73CD8413F68655E5E0B99C415A21 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
19:36:31.0791 2424 EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
19:36:31.0791 2424 EPSON_EB_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
19:36:31.0807 2424 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
19:36:31.0822 2424 EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
19:36:31.0822 2424 EPSON_PM_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
19:36:31.0838 2424 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:36:31.0853 2424 ErrDev - ok
19:36:31.0885 2424 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:36:31.0916 2424 EventSystem - ok
19:36:31.0931 2424 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:36:31.0978 2424 exfat - ok
19:36:31.0994 2424 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:36:32.0041 2424 fastfat - ok
19:36:32.0087 2424 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:36:32.0119 2424 Fax - ok
19:36:32.0150 2424 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:36:32.0165 2424 fdc - ok
19:36:32.0165 2424 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:36:32.0197 2424 fdPHost - ok
19:36:32.0212 2424 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:36:32.0243 2424 FDResPub - ok
19:36:32.0259 2424 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:36:32.0275 2424 FileInfo - ok
19:36:32.0290 2424 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:36:32.0321 2424 Filetrace - ok
19:36:32.0337 2424 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:36:32.0353 2424 flpydisk - ok
19:36:32.0368 2424 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:36:32.0384 2424 FltMgr - ok
19:36:32.0431 2424 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:36:32.0462 2424 FontCache - ok
19:36:32.0524 2424 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:32.0540 2424 FontCache3.0.0.0 - ok
19:36:32.0555 2424 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:36:32.0571 2424 FsDepends - ok
19:36:32.0602 2424 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:36:32.0602 2424 Fs_Rec - ok
19:36:32.0633 2424 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:36:32.0649 2424 fvevol - ok
19:36:32.0680 2424 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:36:32.0680 2424 gagp30kx - ok
19:36:32.0727 2424 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\Windows\gdrv.sys
19:36:32.0743 2424 gdrv - ok
19:36:32.0774 2424 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:36:32.0821 2424 gpsvc - ok
19:36:32.0836 2424 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:36:32.0852 2424 hcw85cir - ok
19:36:32.0899 2424 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:36:32.0930 2424 HdAudAddService - ok
19:36:32.0945 2424 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:36:32.0977 2424 HDAudBus - ok
19:36:32.0992 2424 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:36:33.0023 2424 HidBatt - ok
19:36:33.0039 2424 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:36:33.0070 2424 HidBth - ok
19:36:33.0117 2424 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:36:33.0179 2424 HidIr - ok
19:36:33.0211 2424 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:36:33.0242 2424 hidserv - ok
19:36:33.0304 2424 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:36:33.0320 2424 HidUsb - ok
19:36:33.0335 2424 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:36:33.0367 2424 hkmsvc - ok
19:36:33.0398 2424 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:36:33.0460 2424 HomeGroupListener - ok
19:36:33.0491 2424 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:36:33.0507 2424 HomeGroupProvider - ok
19:36:33.0538 2424 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:36:33.0538 2424 HpSAMD - ok
19:36:33.0585 2424 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:36:33.0616 2424 HTTP - ok
19:36:33.0632 2424 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:36:33.0647 2424 hwpolicy - ok
19:36:33.0663 2424 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:36:33.0679 2424 i8042prt - ok
19:36:33.0710 2424 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:36:33.0725 2424 iaStorV - ok
19:36:33.0772 2424 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:33.0788 2424 idsvc - ok
19:36:33.0819 2424 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:36:33.0835 2424 iirsp - ok
19:36:33.0850 2424 [ FC9735B66850CF8AEBBC1E207ECB2AD8 ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
19:36:33.0897 2424 IISADMIN - ok
19:36:33.0944 2424 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:36:33.0975 2424 IKEEXT - ok
19:36:34.0100 2424 [ C3D76557FB27F1DD28A6AD947C1E3E9C ] Installer Service C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe
19:36:34.0115 2424 Installer Service ( UnsignedFile.Multi.Generic ) - warning
19:36:34.0115 2424 Installer Service - detected UnsignedFile.Multi.Generic (1)
19:36:34.0240 2424 [ B44C0357D1FC7C9E4C0B0983A9E96FF9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:36:34.0287 2424 IntcAzAudAddService - ok
19:36:34.0303 2424 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:36:34.0303 2424 intelide - ok
19:36:34.0334 2424 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:36:34.0349 2424 intelppm - ok
19:36:34.0381 2424 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:36:34.0412 2424 IPBusEnum - ok
19:36:34.0427 2424 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:36:34.0459 2424 IpFilterDriver - ok
19:36:34.0490 2424 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:36:34.0537 2424 iphlpsvc - ok
19:36:34.0568 2424 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:36:34.0583 2424 IPMIDRV - ok
19:36:34.0599 2424 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:36:34.0630 2424 IPNAT - ok
19:36:34.0646 2424 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:36:34.0661 2424 IRENUM - ok
19:36:34.0677 2424 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:36:34.0693 2424 isapnp - ok
19:36:34.0708 2424 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:36:34.0724 2424 iScsiPrt - ok
19:36:34.0739 2424 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:36:34.0755 2424 kbdclass - ok
19:36:34.0771 2424 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:36:34.0786 2424 kbdhid - ok
19:36:34.0802 2424 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:36:34.0817 2424 KeyIso - ok
19:36:34.0833 2424 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:36:34.0849 2424 KSecDD - ok
19:36:34.0880 2424 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:36:34.0895 2424 KSecPkg - ok
19:36:34.0911 2424 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:36:34.0958 2424 KtmRm - ok
19:36:35.0005 2424 [ F824476E660DD910E627615C700D2BEC ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCi386.sys
19:36:35.0020 2424 LADF_CaptureOnly - ok
19:36:35.0051 2424 [ AB62392549FF7EEEC3506F6B0030D75C ] LADF_DHP2 C:\Windows\system32\DRIVERS\ladfDHP2i386.sys
19:36:35.0067 2424 LADF_DHP2 - ok
19:36:35.0083 2424 [ 36A5647162101C3497B821FD368EF736 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRi386.sys
19:36:35.0098 2424 LADF_RenderOnly - ok
19:36:35.0114 2424 [ 61A7ADEC7C4B11548CB2C8B2FBB0A498 ] LADF_SBVM C:\Windows\system32\DRIVERS\ladfSBVMi386.sys
19:36:35.0129 2424 LADF_SBVM - ok
19:36:35.0161 2424 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:36:35.0192 2424 LanmanServer - ok
19:36:35.0207 2424 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:36:35.0239 2424 LanmanWorkstation - ok
19:36:35.0332 2424 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:36:35.0348 2424 LBTServ - ok
19:36:35.0395 2424 [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
19:36:35.0410 2424 LGBusEnum - ok
19:36:35.0410 2424 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
19:36:35.0426 2424 LGVirHid - ok
19:36:35.0473 2424 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:36:35.0488 2424 LHidFilt - ok
19:36:35.0519 2424 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:36:35.0566 2424 lltdio - ok
19:36:35.0597 2424 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:36:35.0613 2424 lltdsvc - ok
19:36:35.0629 2424 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:36:35.0660 2424 lmhosts - ok
19:36:35.0691 2424 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:36:35.0691 2424 LMouFilt - ok
19:36:35.0722 2424 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:36:35.0722 2424 LSI_FC - ok
19:36:35.0738 2424 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:36:35.0753 2424 LSI_SAS - ok
19:36:35.0753 2424 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:36:35.0769 2424 LSI_SAS2 - ok
19:36:35.0785 2424 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:36:35.0800 2424 LSI_SCSI - ok
19:36:35.0816 2424 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:36:35.0831 2424 luafv - ok
19:36:35.0894 2424 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:36:35.0909 2424 MBAMProtector - ok
19:36:35.0956 2424 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:36:35.0972 2424 MBAMScheduler - ok
19:36:36.0019 2424 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:36:36.0050 2424 MBAMService - ok
19:36:36.0081 2424 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:36:36.0097 2424 Mcx2Svc - ok
19:36:36.0097 2424 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:36:36.0112 2424 megasas - ok
19:36:36.0143 2424 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:36:36.0159 2424 MegaSR - ok
19:36:36.0221 2424 Microsoft SharePoint Workspace Audit Service - ok
19:36:36.0237 2424 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:36:36.0268 2424 MMCSS - ok
19:36:36.0284 2424 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:36:36.0299 2424 Modem - ok
19:36:36.0331 2424 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:36:36.0362 2424 monitor - ok
19:36:36.0377 2424 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:36:36.0393 2424 mouclass - ok
19:36:36.0409 2424 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:36:36.0424 2424 mouhid - ok
19:36:36.0455 2424 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:36:36.0455 2424 mountmgr - ok
19:36:36.0518 2424 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:36:36.0533 2424 MozillaMaintenance - ok
19:36:36.0565 2424 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:36:36.0580 2424 mpio - ok
19:36:36.0596 2424 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:36:36.0643 2424 mpsdrv - ok
19:36:36.0674 2424 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:36:36.0721 2424 MpsSvc - ok
19:36:36.0752 2424 [ A5888C609EFCC07B060DD823FA3D474A ] MQAC C:\Windows\system32\drivers\mqac.sys
19:36:36.0799 2424 MQAC - ok
19:36:36.0814 2424 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:36:36.0845 2424 MRxDAV - ok
19:36:36.0877 2424 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:36:36.0923 2424 mrxsmb - ok
19:36:36.0939 2424 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:36:36.0970 2424 mrxsmb10 - ok
19:36:36.0986 2424 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:36:37.0001 2424 mrxsmb20 - ok
19:36:37.0017 2424 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:36:37.0033 2424 msahci - ok
19:36:37.0048 2424 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:36:37.0064 2424 msdsm - ok
19:36:37.0079 2424 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:36:37.0095 2424 MSDTC - ok
19:36:37.0126 2424 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:36:37.0142 2424 Msfs - ok
19:36:37.0157 2424 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:36:37.0189 2424 mshidkmdf - ok
19:36:37.0204 2424 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:36:37.0220 2424 msisadrv - ok
19:36:37.0251 2424 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:36:37.0298 2424 MSiSCSI - ok
19:36:37.0298 2424 msiserver - ok
19:36:37.0329 2424 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:36:37.0345 2424 MSKSSRV - ok
19:36:37.0360 2424 [ E582B9E88EF4980C3B76276620FE667B ] MSMQ C:\Windows\system32\mqsvc.exe
19:36:37.0407 2424 MSMQ - ok
19:36:37.0438 2424 [ 9CCED9B5AD63BECE2F8BC75A5E04CDAB ] MSMQTriggers C:\Windows\system32\mqtgsvc.exe
19:36:37.0438 2424 MSMQTriggers - ok
19:36:37.0454 2424 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:36:37.0485 2424 MSPCLOCK - ok
19:36:37.0485 2424 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:36:37.0516 2424 MSPQM - ok
19:36:37.0532 2424 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:36:37.0547 2424 MsRPC - ok
19:36:37.0563 2424 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:36:37.0579 2424 mssmbios - ok
19:36:37.0579 2424 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:36:37.0610 2424 MSTEE - ok
19:36:37.0610 2424 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:36:37.0625 2424 MTConfig - ok
19:36:37.0625 2424 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:36:37.0641 2424 Mup - ok
19:36:37.0672 2424 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:36:37.0703 2424 napagent - ok
19:36:37.0735 2424 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:36:37.0750 2424 NativeWifiP - ok
19:36:37.0781 2424 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:36:37.0813 2424 NDIS - ok
19:36:37.0813 2424 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:36:37.0859 2424 NdisCap - ok
19:36:37.0875 2424 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:36:37.0906 2424 NdisTapi - ok
19:36:37.0922 2424 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:36:37.0953 2424 Ndisuio - ok
19:36:37.0953 2424 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:36:38.0000 2424 NdisWan - ok
19:36:38.0015 2424 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:36:38.0031 2424 NDProxy - ok
19:36:38.0047 2424 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:36:38.0062 2424 NetBIOS - ok
19:36:38.0078 2424 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:36:38.0125 2424 NetBT - ok
19:36:38.0140 2424 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:36:38.0156 2424 Netlogon - ok
19:36:38.0203 2424 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:36:38.0234 2424 Netman - ok
19:36:38.0281 2424 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0312 2424 NetMsmqActivator - ok
19:36:38.0327 2424 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0327 2424 NetPipeActivator - ok
19:36:38.0343 2424 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:36:38.0374 2424 netprofm - ok
19:36:38.0390 2424 netr28u - ok
19:36:38.0405 2424 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0421 2424 NetTcpActivator - ok
19:36:38.0421 2424 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0437 2424 NetTcpPortSharing - ok
19:36:38.0468 2424 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:36:38.0483 2424 nfrd960 - ok
19:36:38.0515 2424 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:36:38.0546 2424 NlaSvc - ok
19:36:38.0608 2424 [ CFE3462A9E94A57DCD9676F6B7FE7F67 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
19:36:38.0655 2424 nmwcd - ok
19:36:38.0671 2424 [ 8F2A94F991F8C73CEC26B4B5620D1EDC ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
19:36:38.0686 2424 nmwcdc - ok
19:36:38.0717 2424 [ A579A2CC4768B4B3F7E4F86808EA8206 ] nmwcdsa C:\Windows\system32\drivers\nmwcdsa.sys
19:36:38.0733 2424 nmwcdsa - ok
19:36:38.0764 2424 [ 0A6436274D5CDB33B6AC2FC304037D82 ] nmwcdsac C:\Windows\system32\drivers\nmwcdsac.sys
19:36:38.0780 2424 nmwcdsac - ok
19:36:38.0795 2424 [ 23CA32DEC0F1E68448C9C3C1F2E1DEEE ] nmwcdsacj C:\Windows\system32\drivers\nmwcdsacj.sys
19:36:38.0827 2424 nmwcdsacj - ok
19:36:38.0858 2424 [ 23CA32DEC0F1E68448C9C3C1F2E1DEEE ] nmwcdsacm C:\Windows\system32\drivers\nmwcdsacm.sys
19:36:38.0858 2424 nmwcdsacm - ok
19:36:38.0889 2424 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:36:38.0920 2424 Npfs - ok
19:36:38.0936 2424 npggsvc - ok
19:36:38.0967 2424 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:36:38.0983 2424 nsi - ok
19:36:38.0983 2424 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:36:39.0014 2424 nsiproxy - ok
19:36:39.0061 2424 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:36:39.0092 2424 Ntfs - ok
19:36:39.0092 2424 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:36:39.0123 2424 Null - ok
19:36:39.0404 2424 [ D3F22DA8F670EFD15D348B5952769CEF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:36:39.0544 2424 nvlddmkm - ok
19:36:39.0591 2424 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:36:39.0591 2424 nvraid - ok
19:36:39.0607 2424 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:36:39.0622 2424 nvstor - ok
19:36:39.0669 2424 [ A3B80E6B7CDE9660F639658739A5824E ] nvsvc C:\Windows\system32\nvvsvc.exe
19:36:39.0685 2424 nvsvc - ok
19:36:39.0778 2424 [ 61FF84F865B4414EFDC11856BF5757AD ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:36:39.0809 2424 nvUpdatusService - ok
19:36:39.0841 2424 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:36:39.0841 2424 nv_agp - ok
19:36:39.0856 2424 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:36:39.0887 2424 ohci1394 - ok
19:36:39.0934 2424 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:36:39.0950 2424 ose - ok
19:36:40.0106 2424 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:36:40.0199 2424 osppsvc - ok
19:36:40.0231 2424 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:36:40.0262 2424 p2pimsvc - ok
19:36:40.0277 2424 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:36:40.0309 2424 p2psvc - ok
19:36:40.0340 2424 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:36:40.0355 2424 Parport - ok
19:36:40.0387 2424 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:36:40.0402 2424 partmgr - ok
19:36:40.0418 2424 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:36:40.0449 2424 Parvdm - ok
19:36:40.0465 2424 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:36:40.0480 2424 PcaSvc - ok
19:36:40.0527 2424 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
19:36:40.0558 2424 pccsmcfd - ok
19:36:40.0574 2424 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:36:40.0589 2424 pci - ok
19:36:40.0605 2424 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:36:40.0605 2424 pciide - ok
19:36:40.0636 2424 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:36:40.0652 2424 pcmcia - ok
19:36:40.0652 2424 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:36:40.0652 2424 pcw - ok
19:36:40.0683 2424 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:36:40.0730 2424 PEAUTH - ok
19:36:40.0792 2424 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:36:40.0839 2424 pla - ok
19:36:40.0870 2424 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:36:40.0901 2424 PlugPlay - ok
19:36:40.0948 2424 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
19:36:40.0948 2424 PnkBstrA - ok
19:36:40.0979 2424 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:36:40.0995 2424 PNRPAutoReg - ok
19:36:41.0011 2424 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:36:41.0026 2424 PNRPsvc - ok
19:36:41.0042 2424 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:36:41.0089 2424 PolicyAgent - ok
19:36:41.0104 2424 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:36:41.0135 2424 Power - ok
19:36:41.0167 2424 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:36:41.0213 2424 PptpMiniport - ok
19:36:41.0245 2424 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:36:41.0245 2424 Processor - ok
19:36:41.0276 2424 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:36:41.0323 2424 ProfSvc - ok
19:36:41.0354 2424 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:36:41.0369 2424 ProtectedStorage - ok
19:36:41.0385 2424 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:36:41.0416 2424 Psched - ok
19:36:41.0463 2424 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:36:41.0494 2424 ql2300 - ok
19:36:41.0510 2424 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:36:41.0525 2424 ql40xx - ok
19:36:41.0557 2424 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:36:41.0588 2424 QWAVE - ok
19:36:41.0588 2424 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:36:41.0603 2424 QWAVEdrv - ok
19:36:41.0619 2424 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:36:41.0650 2424 RasAcd - ok
19:36:41.0681 2424 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:36:41.0713 2424 RasAgileVpn - ok
19:36:41.0728 2424 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:36:41.0759 2424 RasAuto - ok
19:36:41.0759 2424 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:36:41.0791 2424 Rasl2tp - ok
19:36:41.0853 2424 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:36:41.0884 2424 RasMan - ok
19:36:41.0915 2424 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:36:41.0947 2424 RasPppoe - ok
19:36:41.0962 2424 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:36:41.0993 2424 RasSstp - ok
19:36:42.0025 2424 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:36:42.0056 2424 rdbss - ok
19:36:42.0071 2424 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:36:42.0087 2424 rdpbus - ok
19:36:42.0118 2424 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:36:42.0149 2424 RDPCDD - ok
19:36:42.0165 2424 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:36:42.0196 2424 RDPENCDD - ok
19:36:42.0196 2424 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:36:42.0227 2424 RDPREFMP - ok
19:36:42.0243 2424 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:36:42.0274 2424 RDPWD - ok
19:36:42.0321 2424 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:36:42.0337 2424 rdyboost - ok
19:36:42.0368 2424 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:36:42.0399 2424 RemoteAccess - ok
19:36:42.0415 2424 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:36:42.0461 2424 RemoteRegistry - ok
19:36:42.0477 2424 [ 906DCFC5EBF4EC0433F8D4FFFB0BA334 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
19:36:42.0493 2424 RMCAST - ok
19:36:42.0508 2424 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:36:42.0555 2424 RpcEptMapper - ok
19:36:42.0571 2424 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:36:42.0602 2424 RpcLocator - ok
19:36:42.0617 2424 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:36:42.0633 2424 RpcSs - ok
19:36:42.0664 2424 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:36:42.0695 2424 rspndr - ok
19:36:42.0695 2424 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:36:42.0711 2424 SamSs - ok
19:36:42.0758 2424 [ E17FE33C703FFBE1A0AF66B9DCF49345 ] Samsung UPD Service2 C:\Windows\System32\SUPDSvc2.exe
19:36:42.0773 2424 Samsung UPD Service2 ( UnsignedFile.Multi.Generic ) - warning
19:36:42.0773 2424 Samsung UPD Service2 - detected UnsignedFile.Multi.Generic (1)
19:36:42.0789 2424 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:36:42.0805 2424 sbp2port - ok
19:36:42.0820 2424 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:36:42.0867 2424 SCardSvr - ok
19:36:42.0867 2424 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:36:42.0898 2424 scfilter - ok
19:36:42.0929 2424 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:36:42.0992 2424 Schedule - ok
19:36:43.0007 2424 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:36:43.0039 2424 SCPolicySvc - ok
19:36:43.0070 2424 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:36:43.0101 2424 SDRSVC - ok
19:36:43.0132 2424 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:36:43.0179 2424 secdrv - ok
19:36:43.0195 2424 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:36:43.0226 2424 seclogon - ok
19:36:43.0241 2424 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:36:43.0273 2424 SENS - ok
19:36:43.0304 2424 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:36:43.0319 2424 SensrSvc - ok
19:36:43.0351 2424 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:36:43.0382 2424 Serenum - ok
19:36:43.0382 2424 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:36:43.0397 2424 Serial - ok
19:36:43.0413 2424 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:36:43.0429 2424 sermouse - ok
19:36:43.0507 2424 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:36:43.0522 2424 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:36:43.0522 2424 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:36:43.0553 2424 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:36:43.0600 2424 SessionEnv - ok
19:36:43.0600 2424 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:36:43.0647 2424 sffdisk - ok
19:36:43.0647 2424 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:36:43.0678 2424 sffp_mmc - ok
19:36:43.0678 2424 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:36:43.0678 2424 sffp_sd - ok
19:36:43.0725 2424 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:36:43.0741 2424 sfloppy - ok
19:36:43.0772 2424 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:36:43.0803 2424 SharedAccess - ok
19:36:43.0819 2424 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:36:43.0850 2424 ShellHWDetection - ok
19:36:43.0865 2424 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:36:43.0881 2424 sisagp - ok
19:36:43.0897 2424 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:36:43.0897 2424 SiSRaid2 - ok
19:36:43.0912 2424 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:36:43.0928 2424 SiSRaid4 - ok
19:36:43.0943 2424 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:36:43.0975 2424 Smb - ok
19:36:44.0006 2424 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:36:44.0021 2424 SNMPTRAP - ok
19:36:44.0037 2424 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:36:44.0037 2424 spldr - ok
19:36:44.0068 2424 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:36:44.0099 2424 Spooler - ok
19:36:44.0177 2424 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:36:44.0240 2424 sppsvc - ok
19:36:44.0255 2424 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:36:44.0318 2424 sppuinotify - ok
19:36:44.0349 2424 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:36:44.0396 2424 srv - ok
19:36:44.0411 2424 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:36:44.0443 2424 srv2 - ok
19:36:44.0458 2424 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:36:44.0474 2424 srvnet - ok
19:36:44.0505 2424 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:36:44.0521 2424 SSDPSRV - ok
19:36:44.0567 2424 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
19:36:44.0583 2424 ssmdrv - ok
19:36:44.0630 2424 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
19:36:44.0630 2424 SSPORT ( UnsignedFile.Multi.Generic ) - warning
19:36:44.0630 2424 SSPORT - detected UnsignedFile.Multi.Generic (1)
19:36:44.0645 2424 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:36:44.0692 2424 SstpSvc - ok
19:36:44.0739 2424 [ BCB4E273147AFCAFDFC0DA59AF9E6E25 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
19:36:44.0755 2424 ssudmdm - ok
19:36:44.0801 2424 Steam Client Service - ok
19:36:44.0864 2424 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:36:44.0879 2424 Stereo Service - ok
19:36:44.0895 2424 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:36:44.0911 2424 stexstor - ok
19:36:44.0957 2424 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:36:45.0004 2424 StiSvc - ok
19:36:45.0020 2424 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:36:45.0035 2424 swenum - ok
19:36:45.0067 2424 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:36:45.0098 2424 swprv - ok
19:36:45.0145 2424 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:36:45.0176 2424 SysMain - ok
19:36:45.0191 2424 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:36:45.0207 2424 TabletInputService - ok
19:36:45.0238 2424 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
19:36:45.0254 2424 taphss - ok
19:36:45.0285 2424 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:36:45.0301 2424 TapiSrv - ok
19:36:45.0316 2424 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:36:45.0347 2424 TBS - ok
19:36:45.0394 2424 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:36:45.0441 2424 Tcpip - ok
19:36:45.0472 2424 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:36:45.0488 2424 TCPIP6 - ok
19:36:45.0519 2424 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:36:45.0550 2424 tcpipreg - ok
19:36:45.0566 2424 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:36:45.0597 2424 TDPIPE - ok
19:36:45.0628 2424 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:36:45.0644 2424 TDTCP - ok
19:36:45.0659 2424 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:36:45.0691 2424 tdx - ok
19:36:45.0706 2424 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:36:45.0722 2424 TermDD - ok
19:36:45.0753 2424 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:36:45.0800 2424 TermService - ok
19:36:45.0831 2424 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:36:45.0831 2424 Themes - ok
19:36:45.0847 2424 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:36:45.0878 2424 THREADORDER - ok
19:36:45.0893 2424 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:36:45.0925 2424 TrkWks - ok
19:36:45.0956 2424 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:36:45.0987 2424 TrustedInstaller - ok
19:36:46.0003 2424 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:46.0034 2424 tssecsrv - ok
19:36:46.0049 2424 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:36:46.0096 2424 TsUsbFlt - ok
19:36:46.0127 2424 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:36:46.0159 2424 tunnel - ok
19:36:46.0174 2424 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:36:46.0190 2424 uagp35 - ok
19:36:46.0205 2424 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:36:46.0237 2424 udfs - ok
19:36:46.0252 2424 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:36:46.0283 2424 UI0Detect - ok
19:36:46.0299 2424 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:36:46.0315 2424 uliagpkx - ok
19:36:46.0330 2424 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:36:46.0346 2424 umbus - ok
19:36:46.0361 2424 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:36:46.0393 2424 UmPass - ok
19:36:46.0408 2424 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:36:46.0424 2424 upnphost - ok
19:36:46.0486 2424 [ EC01DA44B090D2651FC032C8B9257232 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
19:36:46.0517 2424 upperdev - ok
19:36:46.0549 2424 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:36:46.0580 2424 usbaudio - ok
19:36:46.0595 2424 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:46.0627 2424 usbccgp - ok
19:36:46.0642 2424 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:36:46.0658 2424 usbcir - ok
19:36:46.0673 2424 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:36:46.0673 2424 usbehci - ok
19:36:46.0705 2424 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:36:46.0720 2424 usbhub - ok
19:36:46.0736 2424 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:36:46.0751 2424 usbohci - ok
19:36:46.0767 2424 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:36:46.0767 2424 usbprint - ok
19:36:46.0798 2424 [ 4ABD37CFBD710E64F01F9DA8710C73F7 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
19:36:46.0845 2424 UsbserFilt - ok
19:36:46.0876 2424 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:36:46.0907 2424 USBSTOR - ok
19:36:46.0923 2424 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:36:46.0939 2424 usbuhci - ok
19:36:46.0954 2424 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:36:46.0985 2424 UxSms - ok
19:36:47.0001 2424 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:36:47.0001 2424 VaultSvc - ok
19:36:47.0032 2424 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:36:47.0032 2424 vdrvroot - ok
19:36:47.0063 2424 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:36:47.0095 2424 vds - ok
19:36:47.0095 2424 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:47.0126 2424 vga - ok
19:36:47.0126 2424 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:36:47.0157 2424 VgaSave - ok
19:36:47.0173 2424 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:36:47.0188 2424 vhdmp - ok
19:36:47.0204 2424 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:36:47.0219 2424 viaagp - ok
19:36:47.0235 2424 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:36:47.0251 2424 ViaC7 - ok
19:36:47.0282 2424 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:36:47.0282 2424 viaide - ok
19:36:47.0297 2424 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:36:47.0297 2424 volmgr - ok
19:36:47.0313 2424 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:36:47.0329 2424 volmgrx - ok
19:36:47.0344 2424 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:36:47.0344 2424 volsnap - ok
19:36:47.0375 2424 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:36:47.0391 2424 vsmraid - ok
19:36:47.0422 2424 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:36:47.0469 2424 VSS - ok
19:36:47.0485 2424 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:36:47.0500 2424 vwifibus - ok
19:36:47.0531 2424 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:36:47.0563 2424 W32Time - ok
19:36:47.0609 2424 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
19:36:47.0625 2424 W3SVC - ok
19:36:47.0625 2424 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:36:47.0656 2424 WacomPen - ok
19:36:47.0687 2424 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:36:47.0719 2424 WANARP - ok
19:36:47.0719 2424 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:36:47.0734 2424 Wanarpv6 - ok
19:36:47.0765 2424 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
19:36:47.0765 2424 WAS - ok
19:36:47.0843 2424 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:36:47.0890 2424 WatAdminSvc - ok
19:36:47.0921 2424 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:36:47.0984 2424 wbengine - ok
19:36:47.0999 2424 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:36:48.0015 2424 WbioSrvc - ok
19:36:48.0046 2424 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:36:48.0077 2424 wcncsvc - ok
19:36:48.0093 2424 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:36:48.0124 2424 WcsPlugInService - ok
19:36:48.0140 2424 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:36:48.0155 2424 Wd - ok
19:36:48.0171 2424 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:36:48.0187 2424 Wdf01000 - ok
19:36:48.0202 2424 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:36:48.0233 2424 WdiServiceHost - ok
19:36:48.0233 2424 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:36:48.0249 2424 WdiSystemHost - ok
19:36:48.0280 2424 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:36:48.0296 2424 WebClient - ok
19:36:48.0311 2424 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:36:48.0343 2424 Wecsvc - ok
19:36:48.0358 2424 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:36:48.0389 2424 wercplsupport - ok
19:36:48.0405 2424 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:36:48.0452 2424 WerSvc - ok
19:36:48.0467 2424 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:48.0483 2424 WfpLwf - ok
19:36:48.0499 2424 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:36:48.0499 2424 WIMMount - ok
19:36:48.0561 2424 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:36:48.0592 2424 WinDefend - ok
19:36:48.0608 2424 WinHttpAutoProxySvc - ok
19:36:48.0670 2424 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:36:48.0717 2424 Winmgmt - ok
19:36:48.0764 2424 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:36:48.0826 2424 WinRM - ok
19:36:48.0857 2424 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:36:48.0873 2424 WinUsb - ok
19:36:48.0920 2424 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:36:48.0967 2424 Wlansvc - ok
19:36:48.0982 2424 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:36:49.0013 2424 WmiAcpi - ok
19:36:49.0029 2424 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:36:49.0060 2424 wmiApSrv - ok
19:36:49.0123 2424 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:36:49.0169 2424 WMPNetworkSvc - ok
19:36:49.0201 2424 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:36:49.0232 2424 WPCSvc - ok
19:36:49.0247 2424 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:36:49.0279 2424 WPDBusEnum - ok
19:36:49.0310 2424 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:36:49.0341 2424 ws2ifsl - ok
19:36:49.0341 2424 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:36:49.0372 2424 wscsvc - ok
19:36:49.0372 2424 WSearch - ok
19:36:49.0450 2424 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:36:49.0497 2424 wuauserv - ok
19:36:49.0513 2424 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:36:49.0544 2424 WudfPf - ok
19:36:49.0559 2424 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:49.0575 2424 WUDFRd - ok
19:36:49.0606 2424 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:36:49.0622 2424 wudfsvc - ok
19:36:49.0653 2424 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:36:49.0669 2424 WwanSvc - ok
19:36:49.0715 2424 [ E931E624B1A2FBD34A7C95608388C38E ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
19:36:49.0731 2424 yukonw7 - ok
19:36:49.0731 2424 ================ Scan global ===============================
19:36:49.0747 2424 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:36:49.0778 2424 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:36:49.0793 2424 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:36:49.0809 2424 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:36:49.0840 2424 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:36:49.0840 2424 [Global] - ok
19:36:49.0840 2424 ================ Scan MBR ==================================
19:36:49.0856 2424 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:36:50.0152 2424 \Device\Harddisk0\DR0 - ok
19:36:50.0152 2424 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:36:50.0246 2424 \Device\Harddisk1\DR1 - ok
19:36:50.0246 2424 ================ Scan VBR ==================================
19:36:50.0261 2424 [ D6A794010AF187B2D404B858EBCB1B35 ] \Device\Harddisk0\DR0\Partition1
19:36:50.0277 2424 \Device\Harddisk0\DR0\Partition1 - ok
19:36:50.0277 2424 [ A75036C4D6E7B655DFF32AB1F1694483 ] \Device\Harddisk1\DR1\Partition1
19:36:50.0277 2424 \Device\Harddisk1\DR1\Partition1 - ok
19:36:50.0277 2424 ============================================================
19:36:50.0277 2424 Scan finished
19:36:50.0277 2424 ============================================================
19:36:50.0277 3300 Detected object count: 9
19:36:50.0277 3300 Actual detected object count: 9
Geändert von Mahoo (03.10.2012 um 18:55 Uhr) |
|
03.10.2012, 19:59
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? Log ist unvollständig, die untere Zusammenfassung fehlt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.10.2012, 20:05
| #29 |
| | GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los?Code:
ATTFilter 19:35:27.0691 1660 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
19:35:27.0940 1660 ============================================================
19:35:27.0940 1660 Current date / time: 2012/10/03 19:35:27.0940
19:35:27.0940 1660 SystemInfo:
19:35:27.0940 1660
19:35:27.0940 1660 OS Version: 6.1.7601 ServicePack: 1.0
19:35:27.0940 1660 Product type: Workstation
19:35:27.0940 1660 ComputerName: MAHOO-PC
19:35:27.0940 1660 UserName: Mahoo
19:35:27.0940 1660 Windows directory: C:\Windows
19:35:27.0940 1660 System windows directory: C:\Windows
19:35:27.0940 1660 Processor architecture: Intel x86
19:35:27.0940 1660 Number of processors: 2
19:35:27.0940 1660 Page size: 0x1000
19:35:27.0940 1660 Boot type: Normal boot
19:35:27.0940 1660 ============================================================
19:35:30.0311 1660 Drive \Device\Harddisk0\DR0 - Size: 0x1299D15400 (74.40 Gb), SectorSize: 0x200, Cylinders: 0x284F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
19:35:30.0311 1660 Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:30.0311 1660 ============================================================
19:35:30.0311 1660 \Device\Harddisk0\DR0:
19:35:30.0311 1660 MBR partitions:
19:35:30.0311 1660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94CE000
19:35:30.0311 1660 \Device\Harddisk1\DR1:
19:35:30.0311 1660 MBR partitions:
19:35:30.0311 1660 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950E800
19:35:30.0311 1660 ============================================================
19:35:30.0327 1660 C: <-> \Device\Harddisk0\DR0\Partition1
19:35:30.0327 1660 D: <-> \Device\Harddisk1\DR1\Partition1
19:35:30.0327 1660 ============================================================
19:35:30.0327 1660 Initialize success
19:35:30.0327 1660 ============================================================
19:36:24.0896 2424 ============================================================
19:36:24.0896 2424 Scan started
19:36:24.0896 2424 Mode: Manual; SigCheck; TDLFS;
19:36:24.0896 2424 ============================================================
19:36:25.0832 2424 ================ Scan system memory ========================
19:36:25.0832 2424 System memory - ok
19:36:25.0832 2424 ================ Scan services =============================
19:36:25.0957 2424 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:36:26.0050 2424 1394ohci - ok
19:36:26.0081 2424 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:36:26.0081 2424 ACPI - ok
19:36:26.0113 2424 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:36:26.0175 2424 AcpiPmi - ok
19:36:26.0315 2424 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:36:26.0331 2424 AdobeARMservice - ok
19:36:26.0425 2424 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:36:26.0440 2424 AdobeFlashPlayerUpdateSvc - ok
19:36:26.0503 2424 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:36:26.0534 2424 adp94xx - ok
19:36:26.0549 2424 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:36:26.0565 2424 adpahci - ok
19:36:26.0581 2424 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:36:26.0596 2424 adpu320 - ok
19:36:26.0612 2424 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:36:26.0659 2424 AeLookupSvc - ok
19:36:26.0705 2424 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:36:26.0752 2424 AFD - ok
19:36:26.0799 2424 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:36:26.0815 2424 agp440 - ok
19:36:26.0830 2424 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:36:26.0830 2424 aic78xx - ok
19:36:27.0002 2424 [ 0923671CF87CD511E46D4668B53F5E76 ] Akamai c:\program files\common files\akamai/netsession_win_5891ae0.dll
19:36:27.0002 2424 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_5891ae0.dll. md5: 0923671CF87CD511E46D4668B53F5E76
19:36:27.0017 2424 Akamai ( HiddenFile.Multi.Generic ) - warning
19:36:27.0017 2424 Akamai - detected HiddenFile.Multi.Generic (1)
19:36:27.0049 2424 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:36:27.0111 2424 ALG - ok
19:36:27.0142 2424 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:36:27.0158 2424 aliide - ok
19:36:27.0158 2424 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:36:27.0173 2424 amdagp - ok
19:36:27.0189 2424 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:36:27.0205 2424 amdide - ok
19:36:27.0220 2424 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:36:27.0267 2424 AmdK8 - ok
19:36:27.0267 2424 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:36:27.0298 2424 AmdPPM - ok
19:36:27.0314 2424 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:36:27.0329 2424 amdsata - ok
19:36:27.0345 2424 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:36:27.0361 2424 amdsbs - ok
19:36:27.0361 2424 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:36:27.0376 2424 amdxata - ok
19:36:27.0454 2424 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:36:27.0454 2424 AntiVirSchedulerService - ok
19:36:27.0501 2424 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:36:27.0501 2424 AntiVirService - ok
19:36:27.0579 2424 [ D1AF38FBAC0DC7E6D796B0ED01707EE0 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
19:36:27.0610 2424 AppHostSvc - ok
19:36:27.0641 2424 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:36:27.0735 2424 AppID - ok
19:36:27.0766 2424 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:36:27.0813 2424 AppIDSvc - ok
19:36:27.0844 2424 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:36:27.0875 2424 Appinfo - ok
19:36:27.0907 2424 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:36:27.0922 2424 arc - ok
19:36:27.0922 2424 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:36:27.0938 2424 arcsas - ok
19:36:28.0047 2424 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:36:28.0094 2424 aspnet_state - ok
19:36:28.0109 2424 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:36:28.0219 2424 AsyncMac - ok
19:36:28.0234 2424 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:36:28.0250 2424 atapi - ok
19:36:28.0297 2424 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:36:28.0328 2424 AudioEndpointBuilder - ok
19:36:28.0343 2424 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:36:28.0359 2424 Audiosrv - ok
19:36:28.0406 2424 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:36:28.0421 2424 avgntflt - ok
19:36:28.0468 2424 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:36:28.0468 2424 avipbb - ok
19:36:28.0499 2424 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:36:28.0515 2424 avkmgr - ok
19:36:28.0531 2424 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:36:28.0593 2424 AxInstSV - ok
19:36:28.0640 2424 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:36:28.0671 2424 b06bdrv - ok
19:36:28.0687 2424 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:36:28.0702 2424 b57nd60x - ok
19:36:28.0749 2424 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:36:28.0796 2424 BDESVC - ok
19:36:28.0811 2424 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:36:28.0843 2424 Beep - ok
19:36:28.0889 2424 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:36:28.0921 2424 BFE - ok
19:36:28.0952 2424 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:36:28.0983 2424 BITS - ok
19:36:28.0999 2424 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:36:29.0030 2424 blbdrive - ok
19:36:29.0077 2424 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:36:29.0108 2424 bowser - ok
19:36:29.0123 2424 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:36:29.0186 2424 BrFiltLo - ok
19:36:29.0201 2424 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:36:29.0233 2424 BrFiltUp - ok
19:36:29.0264 2424 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:36:29.0295 2424 Browser - ok
19:36:29.0326 2424 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:36:29.0373 2424 Brserid - ok
19:36:29.0373 2424 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:36:29.0404 2424 BrSerWdm - ok
19:36:29.0435 2424 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:36:29.0451 2424 BrUsbMdm - ok
19:36:29.0467 2424 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:36:29.0498 2424 BrUsbSer - ok
19:36:29.0498 2424 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:36:29.0513 2424 BTHMODEM - ok
19:36:29.0560 2424 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:36:29.0591 2424 bthserv - ok
19:36:29.0623 2424 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:36:29.0654 2424 cdfs - ok
19:36:29.0701 2424 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:36:29.0732 2424 cdrom - ok
19:36:29.0779 2424 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:36:29.0810 2424 CertPropSvc - ok
19:36:29.0857 2424 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:36:29.0872 2424 circlass - ok
19:36:29.0888 2424 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:36:29.0888 2424 CLFS - ok
19:36:29.0935 2424 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:29.0950 2424 clr_optimization_v2.0.50727_32 - ok
19:36:29.0997 2424 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:36:30.0075 2424 clr_optimization_v4.0.30319_32 - ok
19:36:30.0075 2424 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:36:30.0091 2424 CmBatt - ok
19:36:30.0122 2424 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:36:30.0122 2424 cmdide - ok
19:36:30.0153 2424 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:36:30.0184 2424 CNG - ok
19:36:30.0184 2424 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:36:30.0200 2424 Compbatt - ok
19:36:30.0215 2424 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:36:30.0231 2424 CompositeBus - ok
19:36:30.0231 2424 COMSysApp - ok
19:36:30.0247 2424 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:36:30.0262 2424 crcdisk - ok
19:36:30.0309 2424 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:36:30.0356 2424 CryptSvc - ok
19:36:30.0403 2424 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:36:30.0449 2424 DcomLaunch - ok
19:36:30.0481 2424 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:36:30.0512 2424 defragsvc - ok
19:36:30.0543 2424 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:36:30.0574 2424 DfsC - ok
19:36:30.0605 2424 DgiVecp - ok
19:36:30.0637 2424 [ 7BEF2E2159EDB03105BC7A8BABE04726 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
19:36:30.0652 2424 dg_ssudbus - ok
19:36:30.0683 2424 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:36:30.0730 2424 Dhcp - ok
19:36:30.0746 2424 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:36:30.0777 2424 discache - ok
19:36:30.0808 2424 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:36:30.0824 2424 Disk - ok
19:36:30.0855 2424 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:36:30.0886 2424 Dnscache - ok
19:36:30.0933 2424 [ 04036AB29BC52A71A70BAA16FA33F8AE ] Dokan C:\Windows\system32\drivers\dokan.sys
19:36:30.0933 2424 Dokan ( UnsignedFile.Multi.Generic ) - warning
19:36:30.0933 2424 Dokan - detected UnsignedFile.Multi.Generic (1)
19:36:30.0964 2424 [ 8C856E531A1170F53AC6844E89CD0B5F ] DokanMounter C:\Program Files\Dokan\DokanLibrary\mounter.exe
19:36:30.0980 2424 DokanMounter ( UnsignedFile.Multi.Generic ) - warning
19:36:30.0980 2424 DokanMounter - detected UnsignedFile.Multi.Generic (1)
19:36:30.0995 2424 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:36:31.0027 2424 dot3svc - ok
19:36:31.0058 2424 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:36:31.0089 2424 DPS - ok
19:36:31.0136 2424 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:36:31.0151 2424 drmkaud - ok
19:36:31.0198 2424 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:36:31.0214 2424 DXGKrnl - ok
19:36:31.0229 2424 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:36:31.0261 2424 EapHost - ok
19:36:31.0354 2424 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:36:31.0417 2424 ebdrv - ok
19:36:31.0448 2424 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:36:31.0479 2424 EFS - ok
19:36:31.0526 2424 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:36:31.0557 2424 ehRecvr - ok
19:36:31.0573 2424 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:36:31.0604 2424 ehSched - ok
19:36:31.0666 2424 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:36:31.0682 2424 elxstor - ok
19:36:31.0775 2424 [ EC6A73CD8413F68655E5E0B99C415A21 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
19:36:31.0791 2424 EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
19:36:31.0791 2424 EPSON_EB_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
19:36:31.0807 2424 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
19:36:31.0822 2424 EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - warning
19:36:31.0822 2424 EPSON_PM_RPCV4_01 - detected UnsignedFile.Multi.Generic (1)
19:36:31.0838 2424 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:36:31.0853 2424 ErrDev - ok
19:36:31.0885 2424 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:36:31.0916 2424 EventSystem - ok
19:36:31.0931 2424 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:36:31.0978 2424 exfat - ok
19:36:31.0994 2424 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:36:32.0041 2424 fastfat - ok
19:36:32.0087 2424 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:36:32.0119 2424 Fax - ok
19:36:32.0150 2424 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:36:32.0165 2424 fdc - ok
19:36:32.0165 2424 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:36:32.0197 2424 fdPHost - ok
19:36:32.0212 2424 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:36:32.0243 2424 FDResPub - ok
19:36:32.0259 2424 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:36:32.0275 2424 FileInfo - ok
19:36:32.0290 2424 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:36:32.0321 2424 Filetrace - ok
19:36:32.0337 2424 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:36:32.0353 2424 flpydisk - ok
19:36:32.0368 2424 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:36:32.0384 2424 FltMgr - ok
19:36:32.0431 2424 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:36:32.0462 2424 FontCache - ok
19:36:32.0524 2424 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:32.0540 2424 FontCache3.0.0.0 - ok
19:36:32.0555 2424 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:36:32.0571 2424 FsDepends - ok
19:36:32.0602 2424 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:36:32.0602 2424 Fs_Rec - ok
19:36:32.0633 2424 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:36:32.0649 2424 fvevol - ok
19:36:32.0680 2424 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:36:32.0680 2424 gagp30kx - ok
19:36:32.0727 2424 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\Windows\gdrv.sys
19:36:32.0743 2424 gdrv - ok
19:36:32.0774 2424 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:36:32.0821 2424 gpsvc - ok
19:36:32.0836 2424 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:36:32.0852 2424 hcw85cir - ok
19:36:32.0899 2424 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:36:32.0930 2424 HdAudAddService - ok
19:36:32.0945 2424 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:36:32.0977 2424 HDAudBus - ok
19:36:32.0992 2424 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:36:33.0023 2424 HidBatt - ok
19:36:33.0039 2424 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:36:33.0070 2424 HidBth - ok
19:36:33.0117 2424 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:36:33.0179 2424 HidIr - ok
19:36:33.0211 2424 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:36:33.0242 2424 hidserv - ok
19:36:33.0304 2424 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:36:33.0320 2424 HidUsb - ok
19:36:33.0335 2424 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:36:33.0367 2424 hkmsvc - ok
19:36:33.0398 2424 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:36:33.0460 2424 HomeGroupListener - ok
19:36:33.0491 2424 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:36:33.0507 2424 HomeGroupProvider - ok
19:36:33.0538 2424 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:36:33.0538 2424 HpSAMD - ok
19:36:33.0585 2424 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:36:33.0616 2424 HTTP - ok
19:36:33.0632 2424 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:36:33.0647 2424 hwpolicy - ok
19:36:33.0663 2424 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:36:33.0679 2424 i8042prt - ok
19:36:33.0710 2424 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:36:33.0725 2424 iaStorV - ok
19:36:33.0772 2424 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:33.0788 2424 idsvc - ok
19:36:33.0819 2424 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:36:33.0835 2424 iirsp - ok
19:36:33.0850 2424 [ FC9735B66850CF8AEBBC1E207ECB2AD8 ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
19:36:33.0897 2424 IISADMIN - ok
19:36:33.0944 2424 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:36:33.0975 2424 IKEEXT - ok
19:36:34.0100 2424 [ C3D76557FB27F1DD28A6AD947C1E3E9C ] Installer Service C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe
19:36:34.0115 2424 Installer Service ( UnsignedFile.Multi.Generic ) - warning
19:36:34.0115 2424 Installer Service - detected UnsignedFile.Multi.Generic (1)
19:36:34.0240 2424 [ B44C0357D1FC7C9E4C0B0983A9E96FF9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:36:34.0287 2424 IntcAzAudAddService - ok
19:36:34.0303 2424 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:36:34.0303 2424 intelide - ok
19:36:34.0334 2424 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:36:34.0349 2424 intelppm - ok
19:36:34.0381 2424 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:36:34.0412 2424 IPBusEnum - ok
19:36:34.0427 2424 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:36:34.0459 2424 IpFilterDriver - ok
19:36:34.0490 2424 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:36:34.0537 2424 iphlpsvc - ok
19:36:34.0568 2424 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:36:34.0583 2424 IPMIDRV - ok
19:36:34.0599 2424 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:36:34.0630 2424 IPNAT - ok
19:36:34.0646 2424 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:36:34.0661 2424 IRENUM - ok
19:36:34.0677 2424 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:36:34.0693 2424 isapnp - ok
19:36:34.0708 2424 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:36:34.0724 2424 iScsiPrt - ok
19:36:34.0739 2424 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:36:34.0755 2424 kbdclass - ok
19:36:34.0771 2424 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:36:34.0786 2424 kbdhid - ok
19:36:34.0802 2424 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:36:34.0817 2424 KeyIso - ok
19:36:34.0833 2424 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:36:34.0849 2424 KSecDD - ok
19:36:34.0880 2424 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:36:34.0895 2424 KSecPkg - ok
19:36:34.0911 2424 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:36:34.0958 2424 KtmRm - ok
19:36:35.0005 2424 [ F824476E660DD910E627615C700D2BEC ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCi386.sys
19:36:35.0020 2424 LADF_CaptureOnly - ok
19:36:35.0051 2424 [ AB62392549FF7EEEC3506F6B0030D75C ] LADF_DHP2 C:\Windows\system32\DRIVERS\ladfDHP2i386.sys
19:36:35.0067 2424 LADF_DHP2 - ok
19:36:35.0083 2424 [ 36A5647162101C3497B821FD368EF736 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRi386.sys
19:36:35.0098 2424 LADF_RenderOnly - ok
19:36:35.0114 2424 [ 61A7ADEC7C4B11548CB2C8B2FBB0A498 ] LADF_SBVM C:\Windows\system32\DRIVERS\ladfSBVMi386.sys
19:36:35.0129 2424 LADF_SBVM - ok
19:36:35.0161 2424 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:36:35.0192 2424 LanmanServer - ok
19:36:35.0207 2424 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:36:35.0239 2424 LanmanWorkstation - ok
19:36:35.0332 2424 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:36:35.0348 2424 LBTServ - ok
19:36:35.0395 2424 [ 170E7093A77AD586F3A012A3DB651D94 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
19:36:35.0410 2424 LGBusEnum - ok
19:36:35.0410 2424 [ D2DD04D1C8DF65EECD1F2C7FB947D43E ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
19:36:35.0426 2424 LGVirHid - ok
19:36:35.0473 2424 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:36:35.0488 2424 LHidFilt - ok
19:36:35.0519 2424 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:36:35.0566 2424 lltdio - ok
19:36:35.0597 2424 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:36:35.0613 2424 lltdsvc - ok
19:36:35.0629 2424 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:36:35.0660 2424 lmhosts - ok
19:36:35.0691 2424 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:36:35.0691 2424 LMouFilt - ok
19:36:35.0722 2424 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:36:35.0722 2424 LSI_FC - ok
19:36:35.0738 2424 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:36:35.0753 2424 LSI_SAS - ok
19:36:35.0753 2424 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:36:35.0769 2424 LSI_SAS2 - ok
19:36:35.0785 2424 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:36:35.0800 2424 LSI_SCSI - ok
19:36:35.0816 2424 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:36:35.0831 2424 luafv - ok
19:36:35.0894 2424 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:36:35.0909 2424 MBAMProtector - ok
19:36:35.0956 2424 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:36:35.0972 2424 MBAMScheduler - ok
19:36:36.0019 2424 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:36:36.0050 2424 MBAMService - ok
19:36:36.0081 2424 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:36:36.0097 2424 Mcx2Svc - ok
19:36:36.0097 2424 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:36:36.0112 2424 megasas - ok
19:36:36.0143 2424 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:36:36.0159 2424 MegaSR - ok
19:36:36.0221 2424 Microsoft SharePoint Workspace Audit Service - ok
19:36:36.0237 2424 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:36:36.0268 2424 MMCSS - ok
19:36:36.0284 2424 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:36:36.0299 2424 Modem - ok
19:36:36.0331 2424 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:36:36.0362 2424 monitor - ok
19:36:36.0377 2424 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:36:36.0393 2424 mouclass - ok
19:36:36.0409 2424 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:36:36.0424 2424 mouhid - ok
19:36:36.0455 2424 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:36:36.0455 2424 mountmgr - ok
19:36:36.0518 2424 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:36:36.0533 2424 MozillaMaintenance - ok
19:36:36.0565 2424 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:36:36.0580 2424 mpio - ok
19:36:36.0596 2424 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:36:36.0643 2424 mpsdrv - ok
19:36:36.0674 2424 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:36:36.0721 2424 MpsSvc - ok
19:36:36.0752 2424 [ A5888C609EFCC07B060DD823FA3D474A ] MQAC C:\Windows\system32\drivers\mqac.sys
19:36:36.0799 2424 MQAC - ok
19:36:36.0814 2424 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:36:36.0845 2424 MRxDAV - ok
19:36:36.0877 2424 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:36:36.0923 2424 mrxsmb - ok
19:36:36.0939 2424 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:36:36.0970 2424 mrxsmb10 - ok
19:36:36.0986 2424 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:36:37.0001 2424 mrxsmb20 - ok
19:36:37.0017 2424 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:36:37.0033 2424 msahci - ok
19:36:37.0048 2424 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:36:37.0064 2424 msdsm - ok
19:36:37.0079 2424 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:36:37.0095 2424 MSDTC - ok
19:36:37.0126 2424 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:36:37.0142 2424 Msfs - ok
19:36:37.0157 2424 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:36:37.0189 2424 mshidkmdf - ok
19:36:37.0204 2424 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:36:37.0220 2424 msisadrv - ok
19:36:37.0251 2424 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:36:37.0298 2424 MSiSCSI - ok
19:36:37.0298 2424 msiserver - ok
19:36:37.0329 2424 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:36:37.0345 2424 MSKSSRV - ok
19:36:37.0360 2424 [ E582B9E88EF4980C3B76276620FE667B ] MSMQ C:\Windows\system32\mqsvc.exe
19:36:37.0407 2424 MSMQ - ok
19:36:37.0438 2424 [ 9CCED9B5AD63BECE2F8BC75A5E04CDAB ] MSMQTriggers C:\Windows\system32\mqtgsvc.exe
19:36:37.0438 2424 MSMQTriggers - ok
19:36:37.0454 2424 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:36:37.0485 2424 MSPCLOCK - ok
19:36:37.0485 2424 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:36:37.0516 2424 MSPQM - ok
19:36:37.0532 2424 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:36:37.0547 2424 MsRPC - ok
19:36:37.0563 2424 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:36:37.0579 2424 mssmbios - ok
19:36:37.0579 2424 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:36:37.0610 2424 MSTEE - ok
19:36:37.0610 2424 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:36:37.0625 2424 MTConfig - ok
19:36:37.0625 2424 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:36:37.0641 2424 Mup - ok
19:36:37.0672 2424 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:36:37.0703 2424 napagent - ok
19:36:37.0735 2424 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:36:37.0750 2424 NativeWifiP - ok
19:36:37.0781 2424 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:36:37.0813 2424 NDIS - ok
19:36:37.0813 2424 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:36:37.0859 2424 NdisCap - ok
19:36:37.0875 2424 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:36:37.0906 2424 NdisTapi - ok
19:36:37.0922 2424 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:36:37.0953 2424 Ndisuio - ok
19:36:37.0953 2424 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:36:38.0000 2424 NdisWan - ok
19:36:38.0015 2424 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:36:38.0031 2424 NDProxy - ok
19:36:38.0047 2424 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:36:38.0062 2424 NetBIOS - ok
19:36:38.0078 2424 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:36:38.0125 2424 NetBT - ok
19:36:38.0140 2424 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:36:38.0156 2424 Netlogon - ok
19:36:38.0203 2424 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:36:38.0234 2424 Netman - ok
19:36:38.0281 2424 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0312 2424 NetMsmqActivator - ok
19:36:38.0327 2424 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0327 2424 NetPipeActivator - ok
19:36:38.0343 2424 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:36:38.0374 2424 netprofm - ok
19:36:38.0390 2424 netr28u - ok
19:36:38.0405 2424 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0421 2424 NetTcpActivator - ok
19:36:38.0421 2424 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:36:38.0437 2424 NetTcpPortSharing - ok
19:36:38.0468 2424 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:36:38.0483 2424 nfrd960 - ok
19:36:38.0515 2424 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:36:38.0546 2424 NlaSvc - ok
19:36:38.0608 2424 [ CFE3462A9E94A57DCD9676F6B7FE7F67 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
19:36:38.0655 2424 nmwcd - ok
19:36:38.0671 2424 [ 8F2A94F991F8C73CEC26B4B5620D1EDC ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
19:36:38.0686 2424 nmwcdc - ok
19:36:38.0717 2424 [ A579A2CC4768B4B3F7E4F86808EA8206 ] nmwcdsa C:\Windows\system32\drivers\nmwcdsa.sys
19:36:38.0733 2424 nmwcdsa - ok
19:36:38.0764 2424 [ 0A6436274D5CDB33B6AC2FC304037D82 ] nmwcdsac C:\Windows\system32\drivers\nmwcdsac.sys
19:36:38.0780 2424 nmwcdsac - ok
19:36:38.0795 2424 [ 23CA32DEC0F1E68448C9C3C1F2E1DEEE ] nmwcdsacj C:\Windows\system32\drivers\nmwcdsacj.sys
19:36:38.0827 2424 nmwcdsacj - ok
19:36:38.0858 2424 [ 23CA32DEC0F1E68448C9C3C1F2E1DEEE ] nmwcdsacm C:\Windows\system32\drivers\nmwcdsacm.sys
19:36:38.0858 2424 nmwcdsacm - ok
19:36:38.0889 2424 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:36:38.0920 2424 Npfs - ok
19:36:38.0936 2424 npggsvc - ok
19:36:38.0967 2424 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:36:38.0983 2424 nsi - ok
19:36:38.0983 2424 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:36:39.0014 2424 nsiproxy - ok
19:36:39.0061 2424 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:36:39.0092 2424 Ntfs - ok
19:36:39.0092 2424 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:36:39.0123 2424 Null - ok
19:36:39.0404 2424 [ D3F22DA8F670EFD15D348B5952769CEF ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:36:39.0544 2424 nvlddmkm - ok
19:36:39.0591 2424 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:36:39.0591 2424 nvraid - ok
19:36:39.0607 2424 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:36:39.0622 2424 nvstor - ok
19:36:39.0669 2424 [ A3B80E6B7CDE9660F639658739A5824E ] nvsvc C:\Windows\system32\nvvsvc.exe
19:36:39.0685 2424 nvsvc - ok
19:36:39.0778 2424 [ 61FF84F865B4414EFDC11856BF5757AD ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:36:39.0809 2424 nvUpdatusService - ok
19:36:39.0841 2424 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:36:39.0841 2424 nv_agp - ok
19:36:39.0856 2424 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:36:39.0887 2424 ohci1394 - ok
19:36:39.0934 2424 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:36:39.0950 2424 ose - ok
19:36:40.0106 2424 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:36:40.0199 2424 osppsvc - ok
19:36:40.0231 2424 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:36:40.0262 2424 p2pimsvc - ok
19:36:40.0277 2424 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:36:40.0309 2424 p2psvc - ok
19:36:40.0340 2424 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:36:40.0355 2424 Parport - ok
19:36:40.0387 2424 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:36:40.0402 2424 partmgr - ok
19:36:40.0418 2424 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:36:40.0449 2424 Parvdm - ok
19:36:40.0465 2424 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:36:40.0480 2424 PcaSvc - ok
19:36:40.0527 2424 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
19:36:40.0558 2424 pccsmcfd - ok
19:36:40.0574 2424 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:36:40.0589 2424 pci - ok
19:36:40.0605 2424 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:36:40.0605 2424 pciide - ok
19:36:40.0636 2424 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:36:40.0652 2424 pcmcia - ok
19:36:40.0652 2424 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:36:40.0652 2424 pcw - ok
19:36:40.0683 2424 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:36:40.0730 2424 PEAUTH - ok
19:36:40.0792 2424 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:36:40.0839 2424 pla - ok
19:36:40.0870 2424 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:36:40.0901 2424 PlugPlay - ok
19:36:40.0948 2424 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
19:36:40.0948 2424 PnkBstrA - ok
19:36:40.0979 2424 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:36:40.0995 2424 PNRPAutoReg - ok
19:36:41.0011 2424 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:36:41.0026 2424 PNRPsvc - ok
19:36:41.0042 2424 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:36:41.0089 2424 PolicyAgent - ok
19:36:41.0104 2424 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:36:41.0135 2424 Power - ok
19:36:41.0167 2424 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:36:41.0213 2424 PptpMiniport - ok
19:36:41.0245 2424 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:36:41.0245 2424 Processor - ok
19:36:41.0276 2424 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:36:41.0323 2424 ProfSvc - ok
19:36:41.0354 2424 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:36:41.0369 2424 ProtectedStorage - ok
19:36:41.0385 2424 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:36:41.0416 2424 Psched - ok
19:36:41.0463 2424 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:36:41.0494 2424 ql2300 - ok
19:36:41.0510 2424 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:36:41.0525 2424 ql40xx - ok
19:36:41.0557 2424 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:36:41.0588 2424 QWAVE - ok
19:36:41.0588 2424 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:36:41.0603 2424 QWAVEdrv - ok
19:36:41.0619 2424 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:36:41.0650 2424 RasAcd - ok
19:36:41.0681 2424 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:36:41.0713 2424 RasAgileVpn - ok
19:36:41.0728 2424 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:36:41.0759 2424 RasAuto - ok
19:36:41.0759 2424 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:36:41.0791 2424 Rasl2tp - ok
19:36:41.0853 2424 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:36:41.0884 2424 RasMan - ok
19:36:41.0915 2424 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:36:41.0947 2424 RasPppoe - ok
19:36:41.0962 2424 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:36:41.0993 2424 RasSstp - ok
19:36:42.0025 2424 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:36:42.0056 2424 rdbss - ok
19:36:42.0071 2424 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:36:42.0087 2424 rdpbus - ok
19:36:42.0118 2424 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:36:42.0149 2424 RDPCDD - ok
19:36:42.0165 2424 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:36:42.0196 2424 RDPENCDD - ok
19:36:42.0196 2424 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:36:42.0227 2424 RDPREFMP - ok
19:36:42.0243 2424 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:36:42.0274 2424 RDPWD - ok
19:36:42.0321 2424 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:36:42.0337 2424 rdyboost - ok
19:36:42.0368 2424 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:36:42.0399 2424 RemoteAccess - ok
19:36:42.0415 2424 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:36:42.0461 2424 RemoteRegistry - ok
19:36:42.0477 2424 [ 906DCFC5EBF4EC0433F8D4FFFB0BA334 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
19:36:42.0493 2424 RMCAST - ok
19:36:42.0508 2424 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:36:42.0555 2424 RpcEptMapper - ok
19:36:42.0571 2424 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:36:42.0602 2424 RpcLocator - ok
19:36:42.0617 2424 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:36:42.0633 2424 RpcSs - ok
19:36:42.0664 2424 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:36:42.0695 2424 rspndr - ok
19:36:42.0695 2424 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:36:42.0711 2424 SamSs - ok
19:36:42.0758 2424 [ E17FE33C703FFBE1A0AF66B9DCF49345 ] Samsung UPD Service2 C:\Windows\System32\SUPDSvc2.exe
19:36:42.0773 2424 Samsung UPD Service2 ( UnsignedFile.Multi.Generic ) - warning
19:36:42.0773 2424 Samsung UPD Service2 - detected UnsignedFile.Multi.Generic (1)
19:36:42.0789 2424 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:36:42.0805 2424 sbp2port - ok
19:36:42.0820 2424 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:36:42.0867 2424 SCardSvr - ok
19:36:42.0867 2424 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:36:42.0898 2424 scfilter - ok
19:36:42.0929 2424 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:36:42.0992 2424 Schedule - ok
19:36:43.0007 2424 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:36:43.0039 2424 SCPolicySvc - ok
19:36:43.0070 2424 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:36:43.0101 2424 SDRSVC - ok
19:36:43.0132 2424 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:36:43.0179 2424 secdrv - ok
19:36:43.0195 2424 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:36:43.0226 2424 seclogon - ok
19:36:43.0241 2424 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:36:43.0273 2424 SENS - ok
19:36:43.0304 2424 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:36:43.0319 2424 SensrSvc - ok
19:36:43.0351 2424 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:36:43.0382 2424 Serenum - ok
19:36:43.0382 2424 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:36:43.0397 2424 Serial - ok
19:36:43.0413 2424 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:36:43.0429 2424 sermouse - ok
19:36:43.0507 2424 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
19:36:43.0522 2424 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
19:36:43.0522 2424 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
19:36:43.0553 2424 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:36:43.0600 2424 SessionEnv - ok
19:36:43.0600 2424 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:36:43.0647 2424 sffdisk - ok
19:36:43.0647 2424 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:36:43.0678 2424 sffp_mmc - ok
19:36:43.0678 2424 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:36:43.0678 2424 sffp_sd - ok
19:36:43.0725 2424 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:36:43.0741 2424 sfloppy - ok
19:36:43.0772 2424 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:36:43.0803 2424 SharedAccess - ok
19:36:43.0819 2424 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:36:43.0850 2424 ShellHWDetection - ok
19:36:43.0865 2424 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:36:43.0881 2424 sisagp - ok
19:36:43.0897 2424 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:36:43.0897 2424 SiSRaid2 - ok
19:36:43.0912 2424 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:36:43.0928 2424 SiSRaid4 - ok
19:36:43.0943 2424 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:36:43.0975 2424 Smb - ok
19:36:44.0006 2424 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:36:44.0021 2424 SNMPTRAP - ok
19:36:44.0037 2424 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:36:44.0037 2424 spldr - ok
19:36:44.0068 2424 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:36:44.0099 2424 Spooler - ok
19:36:44.0177 2424 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:36:44.0240 2424 sppsvc - ok
19:36:44.0255 2424 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:36:44.0318 2424 sppuinotify - ok
19:36:44.0349 2424 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:36:44.0396 2424 srv - ok
19:36:44.0411 2424 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:36:44.0443 2424 srv2 - ok
19:36:44.0458 2424 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:36:44.0474 2424 srvnet - ok
19:36:44.0505 2424 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:36:44.0521 2424 SSDPSRV - ok
19:36:44.0567 2424 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
19:36:44.0583 2424 ssmdrv - ok
19:36:44.0630 2424 [ EF3458337D7341A05169CEFC73709264 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
19:36:44.0630 2424 SSPORT ( UnsignedFile.Multi.Generic ) - warning
19:36:44.0630 2424 SSPORT - detected UnsignedFile.Multi.Generic (1)
19:36:44.0645 2424 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:36:44.0692 2424 SstpSvc - ok
19:36:44.0739 2424 [ BCB4E273147AFCAFDFC0DA59AF9E6E25 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
19:36:44.0755 2424 ssudmdm - ok
19:36:44.0801 2424 Steam Client Service - ok
19:36:44.0864 2424 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:36:44.0879 2424 Stereo Service - ok
19:36:44.0895 2424 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:36:44.0911 2424 stexstor - ok
19:36:44.0957 2424 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:36:45.0004 2424 StiSvc - ok
19:36:45.0020 2424 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:36:45.0035 2424 swenum - ok
19:36:45.0067 2424 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:36:45.0098 2424 swprv - ok
19:36:45.0145 2424 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:36:45.0176 2424 SysMain - ok
19:36:45.0191 2424 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:36:45.0207 2424 TabletInputService - ok
19:36:45.0238 2424 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\Windows\system32\DRIVERS\taphss.sys
19:36:45.0254 2424 taphss - ok
19:36:45.0285 2424 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:36:45.0301 2424 TapiSrv - ok
19:36:45.0316 2424 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:36:45.0347 2424 TBS - ok
19:36:45.0394 2424 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:36:45.0441 2424 Tcpip - ok
19:36:45.0472 2424 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:36:45.0488 2424 TCPIP6 - ok
19:36:45.0519 2424 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:36:45.0550 2424 tcpipreg - ok
19:36:45.0566 2424 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:36:45.0597 2424 TDPIPE - ok
19:36:45.0628 2424 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:36:45.0644 2424 TDTCP - ok
19:36:45.0659 2424 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:36:45.0691 2424 tdx - ok
19:36:45.0706 2424 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:36:45.0722 2424 TermDD - ok
19:36:45.0753 2424 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:36:45.0800 2424 TermService - ok
19:36:45.0831 2424 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:36:45.0831 2424 Themes - ok
19:36:45.0847 2424 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:36:45.0878 2424 THREADORDER - ok
19:36:45.0893 2424 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:36:45.0925 2424 TrkWks - ok
19:36:45.0956 2424 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:36:45.0987 2424 TrustedInstaller - ok
19:36:46.0003 2424 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:46.0034 2424 tssecsrv - ok
19:36:46.0049 2424 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:36:46.0096 2424 TsUsbFlt - ok
19:36:46.0127 2424 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:36:46.0159 2424 tunnel - ok
19:36:46.0174 2424 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:36:46.0190 2424 uagp35 - ok
19:36:46.0205 2424 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:36:46.0237 2424 udfs - ok
19:36:46.0252 2424 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:36:46.0283 2424 UI0Detect - ok
19:36:46.0299 2424 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:36:46.0315 2424 uliagpkx - ok
19:36:46.0330 2424 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:36:46.0346 2424 umbus - ok
19:36:46.0361 2424 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:36:46.0393 2424 UmPass - ok
19:36:46.0408 2424 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:36:46.0424 2424 upnphost - ok
19:36:46.0486 2424 [ EC01DA44B090D2651FC032C8B9257232 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
19:36:46.0517 2424 upperdev - ok
19:36:46.0549 2424 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:36:46.0580 2424 usbaudio - ok
19:36:46.0595 2424 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:46.0627 2424 usbccgp - ok
19:36:46.0642 2424 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:36:46.0658 2424 usbcir - ok
19:36:46.0673 2424 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:36:46.0673 2424 usbehci - ok
19:36:46.0705 2424 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:36:46.0720 2424 usbhub - ok
19:36:46.0736 2424 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:36:46.0751 2424 usbohci - ok
19:36:46.0767 2424 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:36:46.0767 2424 usbprint - ok
19:36:46.0798 2424 [ 4ABD37CFBD710E64F01F9DA8710C73F7 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
19:36:46.0845 2424 UsbserFilt - ok
19:36:46.0876 2424 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:36:46.0907 2424 USBSTOR - ok
19:36:46.0923 2424 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:36:46.0939 2424 usbuhci - ok
19:36:46.0954 2424 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:36:46.0985 2424 UxSms - ok
19:36:47.0001 2424 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:36:47.0001 2424 VaultSvc - ok
19:36:47.0032 2424 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:36:47.0032 2424 vdrvroot - ok
19:36:47.0063 2424 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:36:47.0095 2424 vds - ok
19:36:47.0095 2424 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:47.0126 2424 vga - ok
19:36:47.0126 2424 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:36:47.0157 2424 VgaSave - ok
19:36:47.0173 2424 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:36:47.0188 2424 vhdmp - ok
19:36:47.0204 2424 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:36:47.0219 2424 viaagp - ok
19:36:47.0235 2424 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:36:47.0251 2424 ViaC7 - ok
19:36:47.0282 2424 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:36:47.0282 2424 viaide - ok
19:36:47.0297 2424 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:36:47.0297 2424 volmgr - ok
19:36:47.0313 2424 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:36:47.0329 2424 volmgrx - ok
19:36:47.0344 2424 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:36:47.0344 2424 volsnap - ok
19:36:47.0375 2424 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:36:47.0391 2424 vsmraid - ok
19:36:47.0422 2424 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:36:47.0469 2424 VSS - ok
19:36:47.0485 2424 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:36:47.0500 2424 vwifibus - ok
19:36:47.0531 2424 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:36:47.0563 2424 W32Time - ok
19:36:47.0609 2424 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
19:36:47.0625 2424 W3SVC - ok
19:36:47.0625 2424 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:36:47.0656 2424 WacomPen - ok
19:36:47.0687 2424 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:36:47.0719 2424 WANARP - ok
19:36:47.0719 2424 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:36:47.0734 2424 Wanarpv6 - ok
19:36:47.0765 2424 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
19:36:47.0765 2424 WAS - ok
19:36:47.0843 2424 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:36:47.0890 2424 WatAdminSvc - ok
19:36:47.0921 2424 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:36:47.0984 2424 wbengine - ok
19:36:47.0999 2424 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:36:48.0015 2424 WbioSrvc - ok
19:36:48.0046 2424 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:36:48.0077 2424 wcncsvc - ok
19:36:48.0093 2424 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:36:48.0124 2424 WcsPlugInService - ok
19:36:48.0140 2424 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:36:48.0155 2424 Wd - ok
19:36:48.0171 2424 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:36:48.0187 2424 Wdf01000 - ok
19:36:48.0202 2424 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:36:48.0233 2424 WdiServiceHost - ok
19:36:48.0233 2424 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:36:48.0249 2424 WdiSystemHost - ok
19:36:48.0280 2424 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:36:48.0296 2424 WebClient - ok
19:36:48.0311 2424 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:36:48.0343 2424 Wecsvc - ok
19:36:48.0358 2424 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:36:48.0389 2424 wercplsupport - ok
19:36:48.0405 2424 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:36:48.0452 2424 WerSvc - ok
19:36:48.0467 2424 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:48.0483 2424 WfpLwf - ok
19:36:48.0499 2424 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:36:48.0499 2424 WIMMount - ok
19:36:48.0561 2424 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:36:48.0592 2424 WinDefend - ok
19:36:48.0608 2424 WinHttpAutoProxySvc - ok
19:36:48.0670 2424 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:36:48.0717 2424 Winmgmt - ok
19:36:48.0764 2424 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:36:48.0826 2424 WinRM - ok
19:36:48.0857 2424 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:36:48.0873 2424 WinUsb - ok
19:36:48.0920 2424 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:36:48.0967 2424 Wlansvc - ok
19:36:48.0982 2424 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:36:49.0013 2424 WmiAcpi - ok
19:36:49.0029 2424 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:36:49.0060 2424 wmiApSrv - ok
19:36:49.0123 2424 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:36:49.0169 2424 WMPNetworkSvc - ok
19:36:49.0201 2424 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:36:49.0232 2424 WPCSvc - ok
19:36:49.0247 2424 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:36:49.0279 2424 WPDBusEnum - ok
19:36:49.0310 2424 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:36:49.0341 2424 ws2ifsl - ok
19:36:49.0341 2424 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:36:49.0372 2424 wscsvc - ok
19:36:49.0372 2424 WSearch - ok
19:36:49.0450 2424 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:36:49.0497 2424 wuauserv - ok
19:36:49.0513 2424 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:36:49.0544 2424 WudfPf - ok
19:36:49.0559 2424 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:49.0575 2424 WUDFRd - ok
19:36:49.0606 2424 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:36:49.0622 2424 wudfsvc - ok
19:36:49.0653 2424 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:36:49.0669 2424 WwanSvc - ok
19:36:49.0715 2424 [ E931E624B1A2FBD34A7C95608388C38E ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
19:36:49.0731 2424 yukonw7 - ok
19:36:49.0731 2424 ================ Scan global ===============================
19:36:49.0747 2424 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:36:49.0778 2424 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:36:49.0793 2424 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
19:36:49.0809 2424 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:36:49.0840 2424 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:36:49.0840 2424 [Global] - ok
19:36:49.0840 2424 ================ Scan MBR ==================================
19:36:49.0856 2424 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:36:50.0152 2424 \Device\Harddisk0\DR0 - ok
19:36:50.0152 2424 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
19:36:50.0246 2424 \Device\Harddisk1\DR1 - ok
19:36:50.0246 2424 ================ Scan VBR ==================================
19:36:50.0261 2424 [ D6A794010AF187B2D404B858EBCB1B35 ] \Device\Harddisk0\DR0\Partition1
19:36:50.0277 2424 \Device\Harddisk0\DR0\Partition1 - ok
19:36:50.0277 2424 [ A75036C4D6E7B655DFF32AB1F1694483 ] \Device\Harddisk1\DR1\Partition1
19:36:50.0277 2424 \Device\Harddisk1\DR1\Partition1 - ok
19:36:50.0277 2424 ============================================================
19:36:50.0277 2424 Scan finished
19:36:50.0277 2424 ============================================================
19:36:50.0277 3300 Detected object count: 9
19:36:50.0277 3300 Actual detected object count: 9
Code:
ATTFilter 19:53:56.0934 3300 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:53:56.0934 3300 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:53:56.0934 3300 Dokan ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0934 3300 Dokan ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:56.0934 3300 DokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0934 3300 DokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:56.0934 3300 EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0934 3300 EPSON_EB_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:56.0934 3300 EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0934 3300 EPSON_PM_RPCV4_01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:56.0934 3300 Installer Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0934 3300 Installer Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:56.0950 3300 Samsung UPD Service2 ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0950 3300 Samsung UPD Service2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:56.0950 3300 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0950 3300 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:53:56.0950 3300 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
19:53:56.0950 3300 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:45:20.0340 2660 Deinitialize success
|
|
03.10.2012, 21:09
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU Trojaner v 2.07 infiziert meinen rechner. Bin ich ihn los? |
| administrator, anti-malware, antivir, autostart, exp/12-0507.bj.2.c, exp/2012-0507.cu, exp/java.ternub.gen, explorer, infiziert., java/jogek.ay, java/jogek.az, löschen, problem, rechner, registrierung, schädlinge, seite, service, speicher, system, test, trojaner, version, versucht, zufällig |
Linear-Darstellung
