| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.09.2012, 14:48
| #1 |
 |  Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden Hallo liebe Leute. Ich habe folgendes Problem. Ich nutze Windows 7 64 bit, Avast free Antivirus und die Comodo Firewall in der neuesten Version. Vom 03.09 bis zum 24.09 war ich im Urlaub. Als ich den Computer nach dem Urlaub eingeschaltet habe, wurde erstmal ein neues Netzwerk gefunden. Mir wurden mehrere Optionen geboten (zu Hause, Im Internetcafe, Flughafen). Ich wählte "Zu Hause". Später fiel mir auf, daß das Wartungscenter mir anzeigte, dass Avast deaktiviert ist. Nämlich die Visthaux.exe Datei, um genau zu sein. Somit konnte ich keine Virendefinitionen mehr herunterladen und auch nicht das Programm updaten. Da hatte ich bereits einen Trojaner/Virus im Verdacht. Ich machte einen Check mit MBRCheck, aber der zeigte mir Standard-Windows 7 Code an. Sämtliche Versuche, die Visthaux.exe Datei im Wartungscenter zu aktivieren, brachten nix. Die Eingabe wurde einfach ignoriert. Schlau, wie ich bin, hatte ich mit Acronis True Image Home (Western Digital Edition) ein Image meiner C Partition auf D gespeichert. Als ich die Recovery starten wollte kam die nächste Überraschung. Der erste Sektor meiner Festplatte konnte nicht gelesen werden. Ich wählte "ignorieren" und das Image wurde neu aufgespielt. Nach einem Reboot war Visthaux.exe immer noch deaktiviert. Ich dachte, wenn es komplex ist, dann denke simpel. Also habe ich den Windows Scripting Host mit Hilfe von xp-antispy ausgeschaltet. Nach einem Reboot lief Avast auf einmal wieder. Ich habe den Verdacht, dass da ein VBScript im Hintergrund lief. Das hat erstmal dafür gesorgt, daß ich Avast wieder benutzen kann, der Übeltäter ist aber immer noch auf meinem System und ich weiß nicht, was der sonst noch so kann. Ich glaube, daß jemand in meiner Wohnung war und den Schädling aufgespielt hat. Jemand, der Informationen sucht. Es geht da um eine Scheidung mit Rechtsstreitigkeiten. Leider habe ich hier ein kleines Büchlein liegen mit sämtlichen Passwörtern. Ich hätte ja nie gedacht, daß die mal jemand zu sehen bekommt. Das ist jedoch nur eine Vermutung - der Trojaner kann auch anders auf mein System gekommen sein. Ich glaube, daß der Trojaner eine Maßanfertigung ist. Daher wird er auch von meinem Scanner nicht erkannt. Was soll ich jetzt machen? Avast habe ich bereits kontaktiert, aber vor Montag wird das wohl nichts. Außerdem habe ich den Verdacht, daß meine Kommunikation jedweder Art kontrolliert wird. Daher weiß ich nicht, ob ich überhaupt eine Antwort-Mail erhalten werde. Am Rande: Die Personen, welche mit der Scheidung zu tun haben, wurden auch gehackt (Symbian Handy, Unix System und Linux). Ich gehe also nicht davon aus, daß ich mir "zufällig" was eingefangen habe. Über Hilfe jeder Art wäre ich sehr dankbar. subvision edit: Welche Logs werden gebraucht? Ich mache, was ich kann. OTL Logs OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.09.2012 16:37:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Micha\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 67,89% Memory free 7,99 Gb Paging File | 6,46 Gb Available in Paging File | 80,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 49,91 Gb Total Space | 22,85 Gb Free Space | 45,78% Space Free | Partition Type: NTFS Drive D: | 415,75 Gb Total Space | 271,35 Gb Free Space | 65,27% Space Free | Partition Type: NTFS Computer Name: X4 | User Name: Micha | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.30 16:35:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe PRC - [2012.08.31 16:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.08.23 10:17:30 | 000,875,216 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\COMODO\GeekBuddy\unit.exe PRC - [2012.08.23 10:17:30 | 000,874,192 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\COMODO\GeekBuddy\unit_manager.exe PRC - [2012.08.23 10:17:28 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- d:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012.06.28 17:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- D:\Program Files (x86)\Winamp\winampa.exe PRC - [2012.01.27 09:47:20 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe PRC - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe ========== Modules (No Company Name) ========== MOD - [2009.07.10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL ========== Services (SafeList) ========== SRV:64bit: - [2012.08.06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.09.30 13:11:55 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.28 18:43:27 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.09.28 14:19:56 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2012.09.28 13:54:28 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2012.09.19 11:29:44 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.31 16:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.08.23 10:17:28 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- d:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2012.01.27 09:47:20 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Comodo\tvnserver.exe -- (tvnserver) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.08.03 10:23:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\CFRMD.sys -- (CFRMD) DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.10.16 06:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2012.09.19 10:50:50 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4C E6 90 83 6F 9D CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.7.0 FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3 FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.6 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: d:\Program Files\AVAST Software\Avast\WebRep\FF [2012.09.28 14:16:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: d:\Program Files (x86)\Mozilla Firefox\components [2012.09.28 13:59:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: d:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.28 14:52:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: d:\Program Files (x86)\Mozilla Thunderbird\components [2012.09.28 14:37:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: d:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.09.28 13:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions [2012.09.28 14:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\bensm4a1.default\extensions [2012.09.28 14:26:28 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Micha\AppData\Roaming\mozilla\Firefox\Profiles\bensm4a1.default\extensions\firefox@ghostery.com [2012.09.28 14:26:24 | 000,213,554 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\bensm4a1.default\extensions\artur.dubovoy@gmail.com.xpi [2012.09.28 14:26:28 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\bensm4a1.default\extensions\stealthyextension@gmail.com.xpi [2012.09.28 14:26:28 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\bensm4a1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.09.28 14:13:12 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\firefox\profiles\bensm4a1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.28 14:16:24 | 000,000,000 | ---D | M] (avast! WebRep) -- D:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF O1 HOSTS File: ([2012.09.29 20:47:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - d:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - d:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - d:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [avast] d:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] D:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{317911D6-43D9-4A2C-9C41-CE2F7CB71F28}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{317911D6-43D9-4A2C-9C41-CE2F7CB71F28}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D00864E-26A5-474A-A715-EE62AAFC2273}: NameServer = 8.26.56.26,156.154.70.22 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.30 16:35:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe [2012.09.30 13:12:08 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Macromedia [2012.09.30 13:11:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012.09.30 13:11:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012.09.30 13:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.09.29 20:47:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2012.09.29 20:39:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.09.29 20:39:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.09.29 20:39:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.09.29 20:34:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.09.29 20:34:38 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.09.29 19:16:49 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Canneverbe Limited [2012.09.29 19:16:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.09.29 13:44:56 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.09.29 13:44:55 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.09.29 13:44:53 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2012.09.29 13:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013 [2012.09.29 13:44:42 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\TuneUp Software [2012.09.29 13:43:13 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.09.29 13:43:02 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2012.09.29 13:43:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.09.29 12:42:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.09.29 12:42:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.09.29 12:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.09.29 12:26:58 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2012.09.29 12:26:24 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2012.09.28 23:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012.09.28 23:10:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd [2012.09.28 18:45:23 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Nexus Mod Manager [2012.09.28 18:45:23 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Network Monitor 3 [2012.09.28 18:45:23 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\My Received Files [2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\My Games [2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\My Drivers [2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\My Curse [2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Meine empfangenen Dateien [2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\LogiShrd [2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\GTA San Andreas User Files [2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Games for Windows - LIVE Demos [2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\ForceField Shared Files [2012.09.28 18:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\ArmA 2 Other Profiles [2012.09.28 18:45:16 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Youcam [2012.09.28 18:45:16 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\The Lord of the Rings Online [2012.09.28 18:45:16 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\ArmA 2 [2012.09.28 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\STALKER-SHOC [2012.09.28 18:45:13 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\S.T.A.L.K.E.R. - Call Of Pripyat [2012.09.28 18:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2012.09.28 18:41:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2012.09.28 18:31:39 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Skype [2012.09.28 18:31:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012.09.28 18:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.28 18:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.09.28 18:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012.09.28 18:15:03 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Logishrd [2012.09.28 18:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2012.09.28 18:07:09 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Leadertech [2012.09.28 18:07:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2012.09.28 18:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.09.28 18:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd [2012.09.28 18:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [2012.09.28 18:05:48 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Logitech [2012.09.28 18:05:48 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Logishrd [2012.09.28 17:04:38 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Macromedia [2012.09.28 17:04:38 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Adobe [2012.09.28 17:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player [2012.09.28 16:59:13 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\FastStone [2012.09.28 16:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2012.09.28 16:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Image Viewer [2012.09.28 14:53:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2012.09.28 14:52:44 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2012.09.28 14:52:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2012.09.28 14:52:35 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Winamp [2012.09.28 14:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMODO [2012.09.28 14:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo [2012.09.28 14:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA [2012.09.28 14:46:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO [2012.09.28 14:39:30 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.09.28 14:38:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.09.28 14:37:44 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Thunderbird [2012.09.28 14:37:44 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Thunderbird [2012.09.28 14:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO [2012.09.28 14:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2012.09.28 14:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2012.09.28 14:16:58 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012.09.28 14:16:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.09.28 14:16:57 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012.09.28 14:16:55 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012.09.28 14:16:55 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012.09.28 14:16:54 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012.09.28 14:16:51 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012.09.28 14:16:51 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012.09.28 14:16:19 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012.09.28 14:16:19 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012.09.28 14:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.09.28 14:09:44 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\AMD [2012.09.28 14:09:27 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\ATI [2012.09.28 14:09:27 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\ATI [2012.09.28 14:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.09.28 14:07:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.09.28 14:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2012.09.28 14:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2012.09.28 14:07:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.09.28 14:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2012.09.28 14:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.09.28 14:06:08 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.09.28 14:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2012.09.28 14:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.09.28 14:05:17 | 000,000,000 | ---D | C] -- C:\AMD [2012.09.28 13:59:51 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Mozilla [2012.09.28 13:59:51 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Mozilla [2012.09.28 13:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.09.28 13:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.28 13:54:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information [2012.09.28 13:54:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative [2012.09.28 13:54:44 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.09.28 13:54:44 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.09.28 13:54:43 | 002,873,820 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll [2012.09.28 13:54:43 | 001,908,736 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll [2012.09.28 13:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative [2012.09.28 13:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared [2012.09.28 13:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Creative [2012.09.28 13:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative [2012.09.28 13:54:06 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012.09.28 13:54:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.09.28 13:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative [2012.09.28 13:52:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data [2012.09.28 13:52:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DATA [2012.09.28 13:47:50 | 000,000,000 | R--D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.09.28 13:47:50 | 000,000,000 | R--D | C] -- C:\Users\Micha\Searches [2012.09.28 13:47:50 | 000,000,000 | R--D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.09.28 13:47:41 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Identities [2012.09.28 13:47:39 | 000,000,000 | R--D | C] -- C:\Users\Micha\Contacts [2012.09.28 13:47:38 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\VirtualStore [2012.09.28 13:47:32 | 000,000,000 | --SD | C] -- C:\Users\Micha\AppData\Roaming\Microsoft [2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Videos [2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Saved Games [2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Pictures [2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Music [2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Links [2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Favorites [2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Downloads [2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Documents [2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\Desktop [2012.09.28 13:47:32 | 000,000,000 | R--D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Vorlagen [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\AppData\Local\Verlauf [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\AppData\Local\Temporary Internet Files [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Startmenü [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\SendTo [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Recent [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Netzwerkumgebung [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Lokale Einstellungen [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Documents\Eigene Videos [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Documents\Eigene Musik [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Eigene Dateien [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Documents\Eigene Bilder [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Druckumgebung [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Cookies [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\AppData\Local\Anwendungsdaten [2012.09.28 13:47:32 | 000,000,000 | -HSD | C] -- C:\Users\Micha\Anwendungsdaten [2012.09.28 13:47:32 | 000,000,000 | -H-D | C] -- C:\Users\Micha\AppData [2012.09.28 13:47:32 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Temp [2012.09.28 13:47:32 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\Microsoft [2012.09.28 13:47:32 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Media Center Programs [2012.09.28 13:47:21 | 000,000,000 | ---D | C] -- C:\Recovery [2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\Programme [2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.09.28 13:47:20 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.09.28 13:47:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.09.28 13:40:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.09.28 13:40:15 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2012.09.30 16:35:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Micha\Desktop\OTL.exe [2012.09.30 15:46:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.30 15:24:20 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.30 15:24:20 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.30 15:23:09 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.30 15:23:09 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.30 15:23:09 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.30 15:23:09 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.30 15:23:09 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.30 15:16:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.30 15:16:41 | 3219,738,624 | -HS- | M] () -- C:\hiberfil.sys [2012.09.29 20:47:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.09.29 19:35:50 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.29 13:44:50 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.09.28 22:15:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012.09.28 22:15:13 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012.09.28 18:42:12 | 000,000,643 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2012.09.28 14:55:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.09.28 14:48:36 | 000,002,043 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2012.09.28 14:16:51 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012.09.28 14:08:55 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2012.09.28 13:54:44 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2012.09.28 13:54:44 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2012.09.28 13:52:29 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc [2012.09.28 13:43:12 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.09.28 13:43:12 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.09.19 11:29:46 | 000,034,656 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.09.19 11:29:40 | 000,025,952 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.09.19 11:29:40 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll ========== Files Created - No Company Name ========== [2012.09.30 13:11:56 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.29 20:39:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.09.29 20:39:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.09.29 20:39:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.09.29 20:39:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.09.29 20:39:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.09.29 19:16:41 | 000,000,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2012.09.29 13:44:50 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk [2012.09.29 13:44:50 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk [2012.09.29 12:28:09 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2012.09.29 12:25:53 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2012.09.29 12:25:34 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2012.09.29 12:25:34 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2012.09.29 12:25:08 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2012.09.28 22:15:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012.09.28 22:15:13 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012.09.28 18:45:16 | 000,148,124 | ---- | C] () -- C:\Users\Micha\Documents\Spiele.7z [2012.09.28 18:45:16 | 000,007,016 | ---- | C] () -- C:\Users\Micha\Documents\stalke~1.ltx [2012.09.28 18:42:12 | 000,000,643 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2012.09.28 16:57:30 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.09.28 14:55:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.09.28 14:48:36 | 000,002,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk [2012.09.28 14:37:41 | 000,000,947 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2012.09.28 14:16:51 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012.09.28 14:08:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.09.28 13:59:48 | 000,000,799 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.09.28 13:55:16 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd [2012.09.28 13:52:29 | 000,214,528 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL [2012.09.28 13:52:29 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2012.09.28 13:52:29 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL [2012.09.28 13:52:29 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2012.09.28 13:52:29 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc [2012.09.28 13:48:54 | 000,001,405 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.09.28 13:48:49 | 000,001,439 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.09.28 13:43:07 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.09.28 13:43:05 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.09.28 13:40:15 | 3219,738,624 | -HS- | C] () -- C:\hiberfil.sys [2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.29 19:16:49 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Canneverbe Limited [2012.09.28 18:07:09 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Leadertech [2012.09.28 14:37:44 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Thunderbird [2012.09.29 13:44:42 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.09.2012 16:37:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Micha\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 67,89% Memory free
7,99 Gb Paging File | 6,46 Gb Available in Paging File | 80,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,91 Gb Total Space | 22,85 Gb Free Space | 45,78% Space Free | Partition Type: NTFS
Drive D: | 415,75 Gb Total Space | 271,35 Gb Free Space | 65,27% Space Free | Partition Type: NTFS
Computer Name: X4 | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "d:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "d:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4810C109-80D8-4E37-AA9F-5C66B60C7F9E}" = rport=445 | protocol=6 | dir=out | app=system |
"{4AD636A3-B1E6-4148-8399-0170D8CBBACE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{570DC54A-1FBC-44F7-8414-6072FF5F0F8B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{574AEA13-709C-4211-AD28-6A5A7E3BB341}" = rport=138 | protocol=17 | dir=out | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6CE8704B-3211-4C70-887D-B9CEF08992BA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F49495F-4D67-457E-9E38-58D5A0637D59}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7976E497-245A-4F1C-9677-11CAC9466A56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{83B9CAFB-69D0-4F95-972A-9001D39A9434}" = lport=137 | protocol=17 | dir=in | app=system |
"{8470297F-3376-4224-8727-0D978BAF4CE3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{88976B1E-79C6-42E4-AF0D-1E42E6226170}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9ABA5117-7CB4-431C-99C2-D531B39A22F9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A4B4993B-559C-47D4-9558-FA3543E38D0C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B56EF66B-A1C6-4EFE-95DF-D99E52766ED8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7181ACC-C4D5-4512-AAF3-B2CAE8AB7190}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BAA119F3-441C-4C55-988A-27AEA27A9900}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C2A4D13A-961E-4BFB-9AE3-6B6E190F1376}" = lport=138 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC9E314B-95DC-40B7-9942-214414DE0C1A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7F8C559-0DFD-49B6-9416-0C102797FE9B}" = rport=139 | protocol=6 | dir=out | app=system |
"{E5A21E87-89BD-49CC-8454-2B33C59220FD}" = lport=445 | protocol=6 | dir=in | app=system |
"{EEB6A9BB-A7DD-4821-A010-9FE92B58FD90}" = lport=139 | protocol=6 | dir=in | app=system |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F92A4524-02D8-460E-BCE2-C846E112E68D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E7F6679-510D-42F2-88CC-7A9C65A86751}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2CCABDB8-759B-4713-9E07-97839453F8A8}" = protocol=6 | dir=out | app=system |
"{471575DE-E82A-4121-8B9A-04371AD35BB1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{549295BD-B95E-4E30-97C2-626203387B9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55384AE6-C304-4442-B979-B753A4C52D66}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{57565851-D5B5-446A-97C5-07B334F0DDA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{690F4192-D01A-4F37-BDDD-7036766F3A4C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{76EE8F32-E271-46B3-B54C-5A60A795353E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B222F82-E2BD-44D6-A7D8-D807F503F45B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AD9E1445-4E34-4E02-824B-BB389CB9F4E0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C7BD812F-76C2-4CD8-AEF6-8D163282BF81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC0788E7-C70D-4ED1-9D48-AD1A53362A49}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE5392CB-F939-4182-9CBA-3FD663E2C455}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E39B3A45-4C07-48D1-9769-8D7E093C8A41}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E3BFCA2C-CA17-44B7-85BE-5D86CA526A20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E4026AA7-03A1-446D-82BE-EF18B8612121}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EF77F35D-C983-4399-9F22-7866E80DFC54}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2A46565-3D03-4FFC-8614-269514F5083F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FC6E344C-38E4-466C-8CA5-3800385B3CE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.32
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19BB1AF9-981C-4539-9113-D2F88F031C1D}" = GeekBuddy
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"FLV Player" = FLV Player 2.0 (build 25)
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TeamViewer 7" = TeamViewer 7
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 28.09.2012 17:06:40 | Computer Name = X4 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TeamViewer_Service.exe, Version:
7.0.14563.0, Zeitstempel: 0x5040c2cd Name des fehlerhaften Moduls: unknown, Version:
0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x742f6a34
ID
des fehlerhaften Prozesses: 0x744 Startzeit der fehlerhaften Anwendung: 0x01cd9dbcd0297eb9
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 6538cdd5-09b0-11e2-bb78-00e04c53cc0c
Error - 29.09.2012 07:12:53 | Computer Name = X4 | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 29.09.2012 07:13:00 | Computer Name = X4 | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 29.09.2012 07:13:05 | Computer Name = X4 | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 29.09.2012 07:13:05 | Computer Name = X4 | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 29.09.2012 07:13:06 | Computer Name = X4 | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 29.09.2012 07:14:02 | Computer Name = X4 | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 29.09.2012 07:14:11 | Computer Name = X4 | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 29.09.2012 07:20:42 | Computer Name = X4 | Source = ESENT | ID = 215
Description = WinMail (3312) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
Error - 29.09.2012 07:20:49 | Computer Name = X4 | Source = ESENT | ID = 215
Description = WinMail (3548) WindowsMail0: Die Sicherung wurde abgebrochen, weil
sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
wurde.
[ System Events ]
Error - 30.09.2012 05:04:57 | Computer Name = X4 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\system32\DRIVERS\CFRMD.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 30.09.2012 05:05:35 | Computer Name = X4 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
CFRMD
Error - 30.09.2012 05:07:40 | Computer Name = X4 | Source = WMPNetworkSvc | ID = 866287
Description =
Error - 30.09.2012 09:14:57 | Computer Name = X4 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\system32\DRIVERS\CFRMD.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 30.09.2012 09:15:35 | Computer Name = X4 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
CFRMD
Error - 30.09.2012 09:15:38 | Computer Name = X4 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1115
Error - 30.09.2012 09:15:38 | Computer Name = X4 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%13
Error - 30.09.2012 09:16:40 | Computer Name = X4 | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\system32\DRIVERS\CFRMD.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Error - 30.09.2012 09:17:16 | Computer Name = X4 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
CFRMD
Error - 30.09.2012 09:19:18 | Computer Name = X4 | Source = WMPNetworkSvc | ID = 866287
Description =
< End of report >
Oh, hatte ich vergessen, zu erwähnen. WLan hab ich ausgestellt. Die Kaspersky Rescue CD 10 kann nicht gebootet werden. Vielleicht hilft das ja jemandem weiter, mir zu helfen. Habe 2 Kopien vom ISO-Image gemacht und beide laufen nicht. Was habe ich mir da bloß eingefangen? Geändert von subvision (30.09.2012 um 15:11 Uhr) |
|
02.10.2012, 06:57
| #2 |
| /// the machine /// TB-Ausbilder    | Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden Hi,
__________________Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________ |
|
02.10.2012, 12:49
| #3 |
| | Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden Ich habe definitiv einen Trojaner auf dem System. Gestern hatte ich einen Bluescreen mit der Meldung "System files have been changed" oder so ähnlich. Bei meinem Glück befindet sich der Trojaner im BIOS und/oder in der Firmware meiner Geräte. Darum bootet die Kasperski Rescue Disk 10 auch nicht.
__________________Zu aswmbr.exe: Ich wurde nicht gefragt, ob ich mit neuen Definitionen arbeiten will. Es kam einfach keine Meldung. Das ist das Log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-02 13:41:53
-----------------------------
13:41:53.515 OS Version: Windows x64 6.1.7601 Service Pack 1
13:41:53.515 Number of processors: 4 586 0x503
13:41:53.515 ComputerName: X4 UserName: Micha
13:41:53.936 Initialize success
13:41:53.998 AVAST engine defs: 12100200
13:42:30.019 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:42:30.019 Disk 0 Vendor: WDC_WD5000AAKS-00WWPA0 01.03B01 Size: 476940MB BusType: 3
13:42:30.034 Disk 0 MBR read successfully
13:42:30.034 Disk 0 MBR scan
13:42:30.050 Disk 0 Windows 7 default MBR code
13:42:30.050 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:42:30.066 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 51106 MB offset 206848
13:42:30.066 Disk 0 Partition - 00 05 Extended 425730 MB offset 104872320
13:42:30.081 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 425730 MB offset 104872383
13:42:30.097 Disk 0 scanning C:\Windows\system32\drivers
13:42:35.416 Service scanning
13:42:46.945 Modules scanning
13:42:46.960 Disk 0 trace - called modules:
13:42:46.976 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:42:47.007 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a13060]
13:42:47.023 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8004795520]
13:42:47.023 5 ACPI.sys[fffff88000f897a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800479b060]
13:42:47.335 AVAST engine scan C:\Windows
13:42:48.692 AVAST engine scan C:\Windows\system32
13:44:08.502 AVAST engine scan C:\Windows\system32\drivers
13:44:14.367 AVAST engine scan C:\Users\Micha
13:44:49.779 AVAST engine scan C:\ProgramData
13:45:01.994 Scan finished successfully
13:45:14.396 Disk 0 MBR has been saved successfully to "C:\Users\Micha\Desktop\MBR.dat"
13:45:14.427 The log file has been saved successfully to "C:\Users\Micha\Desktop\aswMBR.txt"
|
|
02.10.2012, 12:54
| #4 |
| /// the machine /// TB-Ausbilder | Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden Hi, Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.10.2012, 12:58
| #5 |
| | Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werdenCode:
ATTFilter 13:55:49.0588 4016 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
13:55:50.0711 4016 ============================================================
13:55:50.0711 4016 Current date / time: 2012/10/02 13:55:50.0711
13:55:50.0711 4016 SystemInfo:
13:55:50.0711 4016
13:55:50.0711 4016 OS Version: 6.1.7601 ServicePack: 1.0
13:55:50.0711 4016 Product type: Workstation
13:55:50.0711 4016 ComputerName: X4
13:55:50.0727 4016 UserName: Micha
13:55:50.0727 4016 Windows directory: C:\Windows
13:55:50.0727 4016 System windows directory: C:\Windows
13:55:50.0727 4016 Running under WOW64
13:55:50.0727 4016 Processor architecture: Intel x64
13:55:50.0727 4016 Number of processors: 4
13:55:50.0727 4016 Page size: 0x1000
13:55:50.0727 4016 Boot type: Normal boot
13:55:50.0727 4016 ============================================================
13:55:51.0554 4016 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:55:51.0569 4016 ============================================================
13:55:51.0569 4016 \Device\Harddisk0\DR0:
13:55:51.0569 4016 MBR partitions:
13:55:51.0569 4016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:55:51.0569 4016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x63D1180
13:55:51.0569 4016 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x64039BF, BlocksNum 0x33F81282
13:55:51.0569 4016 ============================================================
13:55:51.0601 4016 C: <-> \Device\Harddisk0\DR0\Partition2
13:55:51.0616 4016 D: <-> \Device\Harddisk0\DR0\Partition3
13:55:51.0616 4016 ============================================================
13:55:51.0616 4016 Initialize success
13:55:51.0616 4016 ============================================================
13:55:54.0377 1508 ============================================================
13:55:54.0377 1508 Scan started
13:55:54.0377 1508 Mode: Manual;
13:55:54.0377 1508 ============================================================
13:55:54.0877 1508 ================ Scan system memory ========================
13:55:54.0877 1508 System memory - ok
13:55:54.0877 1508 ================ Scan services =============================
13:55:55.0017 1508 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:55:55.0033 1508 1394ohci - ok
13:55:55.0064 1508 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:55:55.0064 1508 ACPI - ok
13:55:55.0095 1508 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:55:55.0095 1508 AcpiPmi - ok
13:55:55.0189 1508 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:55:55.0204 1508 AdobeFlashPlayerUpdateSvc - ok
13:55:55.0235 1508 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:55:55.0235 1508 adp94xx - ok
13:55:55.0267 1508 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:55:55.0267 1508 adpahci - ok
13:55:55.0282 1508 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:55:55.0282 1508 adpu320 - ok
13:55:55.0298 1508 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:55:55.0298 1508 AeLookupSvc - ok
13:55:55.0329 1508 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:55:55.0345 1508 AFD - ok
13:55:55.0360 1508 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:55:55.0360 1508 agp440 - ok
13:55:55.0376 1508 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:55:55.0376 1508 ALG - ok
13:55:55.0391 1508 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:55:55.0391 1508 aliide - ok
13:55:55.0438 1508 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:55:55.0438 1508 AMD External Events Utility - ok
13:55:55.0501 1508 AMD FUEL Service - ok
13:55:55.0516 1508 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:55:55.0516 1508 amdide - ok
13:55:55.0532 1508 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
13:55:55.0532 1508 amdiox64 - ok
13:55:55.0563 1508 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:55:55.0563 1508 AmdK8 - ok
13:55:55.0735 1508 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:55:55.0922 1508 amdkmdag - ok
13:55:55.0953 1508 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:55:55.0953 1508 amdkmdap - ok
13:55:55.0969 1508 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:55:55.0969 1508 AmdPPM - ok
13:55:55.0984 1508 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:55:55.0984 1508 amdsata - ok
13:55:56.0015 1508 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:55:56.0015 1508 amdsbs - ok
13:55:56.0031 1508 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:55:56.0031 1508 amdxata - ok
13:55:56.0047 1508 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:55:56.0062 1508 AODDriver4.1 - ok
13:55:56.0093 1508 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:55:56.0093 1508 AppID - ok
13:55:56.0125 1508 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:55:56.0125 1508 AppIDSvc - ok
13:55:56.0140 1508 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:55:56.0156 1508 Appinfo - ok
13:55:56.0171 1508 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:55:56.0171 1508 arc - ok
13:55:56.0171 1508 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:55:56.0171 1508 arcsas - ok
13:55:56.0203 1508 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
13:55:56.0203 1508 aswFsBlk - ok
13:55:56.0234 1508 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
13:55:56.0234 1508 aswMonFlt - ok
13:55:56.0249 1508 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
13:55:56.0249 1508 aswRdr - ok
13:55:56.0265 1508 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
13:55:56.0281 1508 aswSnx - ok
13:55:56.0296 1508 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys
13:55:56.0296 1508 aswSP - ok
13:55:56.0312 1508 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
13:55:56.0312 1508 aswTdi - ok
13:55:56.0327 1508 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:55:56.0327 1508 AsyncMac - ok
13:55:56.0359 1508 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:55:56.0359 1508 atapi - ok
13:55:56.0405 1508 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
13:55:56.0405 1508 AtiHDAudioService - ok
13:55:56.0468 1508 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:55:56.0483 1508 AudioEndpointBuilder - ok
13:55:56.0499 1508 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:55:56.0515 1508 AudioSrv - ok
13:55:56.0530 1508 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus d:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:55:56.0530 1508 avast! Antivirus - ok
13:55:56.0593 1508 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:55:56.0593 1508 AxInstSV - ok
13:55:56.0639 1508 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:55:56.0655 1508 b06bdrv - ok
13:55:56.0671 1508 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:55:56.0671 1508 b57nd60a - ok
13:55:56.0717 1508 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:55:56.0717 1508 BDESVC - ok
13:55:56.0733 1508 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:55:56.0733 1508 Beep - ok
13:55:56.0795 1508 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:55:56.0811 1508 BFE - ok
13:55:56.0842 1508 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
13:55:56.0858 1508 BITS - ok
13:55:56.0873 1508 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:55:56.0873 1508 blbdrive - ok
13:55:56.0905 1508 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:55:56.0905 1508 bowser - ok
13:55:56.0920 1508 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:55:56.0920 1508 BrFiltLo - ok
13:55:56.0920 1508 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:55:56.0920 1508 BrFiltUp - ok
13:55:56.0936 1508 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:55:56.0951 1508 BridgeMP - ok
13:55:56.0967 1508 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:55:56.0967 1508 Browser - ok
13:55:56.0983 1508 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:55:56.0983 1508 Brserid - ok
13:55:56.0998 1508 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:55:56.0998 1508 BrSerWdm - ok
13:55:56.0998 1508 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:55:56.0998 1508 BrUsbMdm - ok
13:55:56.0998 1508 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:55:56.0998 1508 BrUsbSer - ok
13:55:57.0014 1508 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:55:57.0014 1508 BTHMODEM - ok
13:55:57.0029 1508 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:55:57.0029 1508 bthserv - ok
13:55:57.0045 1508 catchme - ok
13:55:57.0061 1508 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:55:57.0061 1508 cdfs - ok
13:55:57.0092 1508 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:55:57.0092 1508 cdrom - ok
13:55:57.0139 1508 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:55:57.0139 1508 CertPropSvc - ok
13:55:57.0170 1508 [ 34B4DB818E86C2822C2AF43108D660F1 ] CFRMD C:\Windows\system32\DRIVERS\CFRMD.sys
13:55:57.0170 1508 CFRMD - ok
13:55:57.0185 1508 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:55:57.0185 1508 circlass - ok
13:55:57.0201 1508 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:55:57.0217 1508 CLFS - ok
13:55:57.0279 1508 [ 9A5E6527E49415D6ED1572719AFE2EF0 ] CLPSLauncher C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
13:55:57.0279 1508 CLPSLauncher - ok
13:55:57.0341 1508 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:55:57.0341 1508 clr_optimization_v2.0.50727_32 - ok
13:55:57.0373 1508 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:55:57.0373 1508 clr_optimization_v2.0.50727_64 - ok
13:55:57.0435 1508 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:55:57.0435 1508 clr_optimization_v4.0.30319_32 - ok
13:55:57.0482 1508 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:55:57.0482 1508 clr_optimization_v4.0.30319_64 - ok
13:55:57.0529 1508 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:55:57.0529 1508 CmBatt - ok
13:55:57.0622 1508 [ CEE48CCC4D561DDB19C72F9FB55D28D5 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
13:55:57.0638 1508 cmdAgent - ok
13:55:57.0653 1508 [ 0599D5A458D4E0E37AB84E9D1C5C73E5 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
13:55:57.0653 1508 cmdGuard - ok
13:55:57.0669 1508 [ 2D3E08C7106F748F9EFF3DEC14142D3E ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
13:55:57.0669 1508 cmdHlp - ok
13:55:57.0700 1508 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:55:57.0700 1508 cmdide - ok
13:55:57.0731 1508 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:55:57.0747 1508 CNG - ok
13:55:57.0747 1508 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:55:57.0763 1508 Compbatt - ok
13:55:57.0778 1508 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:55:57.0794 1508 CompositeBus - ok
13:55:57.0794 1508 COMSysApp - ok
13:55:57.0794 1508 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:55:57.0809 1508 crcdisk - ok
13:55:57.0825 1508 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
13:55:57.0841 1508 Creative ALchemy AL6 Licensing Service - ok
13:55:57.0856 1508 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
13:55:57.0856 1508 Creative Audio Engine Licensing Service - ok
13:55:57.0887 1508 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:55:57.0887 1508 CryptSvc - ok
13:55:57.0919 1508 [ 69CDBA2B9C397E349A04FA70DD9170A2 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
13:55:57.0934 1508 CTAudSvcService - ok
13:55:57.0965 1508 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:55:57.0965 1508 DcomLaunch - ok
13:55:57.0997 1508 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:55:58.0012 1508 defragsvc - ok
13:55:58.0028 1508 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:55:58.0028 1508 DfsC - ok
13:55:58.0059 1508 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:55:58.0075 1508 Dhcp - ok
13:55:58.0090 1508 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:55:58.0090 1508 discache - ok
13:55:58.0106 1508 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:55:58.0106 1508 Disk - ok
13:55:58.0137 1508 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:55:58.0137 1508 Dnscache - ok
13:55:58.0168 1508 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:55:58.0168 1508 dot3svc - ok
13:55:58.0199 1508 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:55:58.0199 1508 DPS - ok
13:55:58.0231 1508 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:55:58.0231 1508 drmkaud - ok
13:55:58.0262 1508 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:55:58.0277 1508 DXGKrnl - ok
13:55:58.0309 1508 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:55:58.0309 1508 EapHost - ok
13:55:58.0418 1508 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:55:58.0465 1508 ebdrv - ok
13:55:58.0480 1508 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:55:58.0480 1508 EFS - ok
13:55:58.0543 1508 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:55:58.0558 1508 ehRecvr - ok
13:55:58.0589 1508 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:55:58.0589 1508 ehSched - ok
13:55:58.0621 1508 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:55:58.0636 1508 elxstor - ok
13:55:58.0667 1508 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:55:58.0667 1508 ErrDev - ok
13:55:58.0714 1508 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:55:58.0730 1508 EventSystem - ok
13:55:58.0761 1508 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:55:58.0761 1508 exfat - ok
13:55:58.0777 1508 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:55:58.0777 1508 fastfat - ok
13:55:58.0823 1508 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:55:58.0839 1508 Fax - ok
13:55:58.0855 1508 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:55:58.0855 1508 fdc - ok
13:55:58.0886 1508 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:55:58.0886 1508 fdPHost - ok
13:55:58.0901 1508 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:55:58.0901 1508 FDResPub - ok
13:55:58.0901 1508 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:55:58.0901 1508 FileInfo - ok
13:55:58.0917 1508 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:55:58.0917 1508 Filetrace - ok
13:55:58.0933 1508 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:55:58.0933 1508 flpydisk - ok
13:55:58.0948 1508 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:55:58.0964 1508 FltMgr - ok
13:55:59.0011 1508 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:55:59.0042 1508 FontCache - ok
13:55:59.0089 1508 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:55:59.0089 1508 FontCache3.0.0.0 - ok
13:55:59.0104 1508 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:55:59.0104 1508 FsDepends - ok
13:55:59.0135 1508 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:55:59.0135 1508 Fs_Rec - ok
13:55:59.0182 1508 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:55:59.0182 1508 fvevol - ok
13:55:59.0198 1508 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:55:59.0198 1508 gagp30kx - ok
13:55:59.0229 1508 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:55:59.0245 1508 gpsvc - ok
13:55:59.0245 1508 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:55:59.0245 1508 hcw85cir - ok
13:55:59.0260 1508 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:55:59.0276 1508 HdAudAddService - ok
13:55:59.0291 1508 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:55:59.0307 1508 HDAudBus - ok
13:55:59.0323 1508 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:55:59.0323 1508 HidBatt - ok
13:55:59.0323 1508 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:55:59.0323 1508 HidBth - ok
13:55:59.0323 1508 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:55:59.0338 1508 HidIr - ok
13:55:59.0354 1508 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
13:55:59.0354 1508 hidserv - ok
13:55:59.0385 1508 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
13:55:59.0401 1508 HidUsb - ok
13:55:59.0463 1508 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:55:59.0463 1508 hkmsvc - ok
13:55:59.0525 1508 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:55:59.0572 1508 HomeGroupListener - ok
13:55:59.0603 1508 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:55:59.0619 1508 HomeGroupProvider - ok
13:55:59.0650 1508 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:55:59.0650 1508 HpSAMD - ok
13:55:59.0713 1508 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:55:59.0728 1508 HTTP - ok
13:55:59.0775 1508 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:55:59.0775 1508 hwpolicy - ok
13:55:59.0791 1508 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
13:55:59.0791 1508 i8042prt - ok
13:55:59.0822 1508 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:55:59.0837 1508 iaStorV - ok
13:55:59.0884 1508 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:55:59.0900 1508 idsvc - ok
13:55:59.0931 1508 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:55:59.0931 1508 iirsp - ok
13:55:59.0947 1508 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:55:59.0962 1508 IKEEXT - ok
13:56:00.0009 1508 [ EFFF0AFD27CC97BF0E5E0BAB78419DE7 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
13:56:00.0009 1508 inspect - ok
13:56:00.0025 1508 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:56:00.0025 1508 intelide - ok
13:56:00.0040 1508 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:56:00.0040 1508 intelppm - ok
13:56:00.0071 1508 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:56:00.0071 1508 IPBusEnum - ok
13:56:00.0103 1508 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:56:00.0103 1508 IpFilterDriver - ok
13:56:00.0134 1508 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:56:00.0149 1508 iphlpsvc - ok
13:56:00.0181 1508 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:56:00.0181 1508 IPMIDRV - ok
13:56:00.0181 1508 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:56:00.0181 1508 IPNAT - ok
13:56:00.0196 1508 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:56:00.0196 1508 IRENUM - ok
13:56:00.0227 1508 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:56:00.0227 1508 isapnp - ok
13:56:00.0259 1508 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:56:00.0259 1508 iScsiPrt - ok
13:56:00.0274 1508 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:56:00.0274 1508 kbdclass - ok
13:56:00.0290 1508 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:56:00.0290 1508 kbdhid - ok
13:56:00.0305 1508 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:56:00.0305 1508 KeyIso - ok
13:56:00.0337 1508 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:56:00.0337 1508 KSecDD - ok
13:56:00.0352 1508 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:56:00.0352 1508 KSecPkg - ok
13:56:00.0352 1508 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:56:00.0352 1508 ksthunk - ok
13:56:00.0383 1508 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:56:00.0383 1508 KtmRm - ok
13:56:00.0430 1508 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:56:00.0446 1508 LanmanServer - ok
13:56:00.0477 1508 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:56:00.0493 1508 LanmanWorkstation - ok
13:56:00.0571 1508 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:56:00.0586 1508 LBTServ - ok
13:56:00.0617 1508 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:56:00.0617 1508 LHidFilt - ok
13:56:00.0633 1508 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:56:00.0633 1508 lltdio - ok
13:56:00.0664 1508 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:56:00.0680 1508 lltdsvc - ok
13:56:00.0680 1508 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:56:00.0695 1508 lmhosts - ok
13:56:00.0711 1508 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:56:00.0711 1508 LMouFilt - ok
13:56:00.0727 1508 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:56:00.0727 1508 LSI_FC - ok
13:56:00.0727 1508 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:56:00.0727 1508 LSI_SAS - ok
13:56:00.0742 1508 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:56:00.0742 1508 LSI_SAS2 - ok
13:56:00.0742 1508 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:56:00.0742 1508 LSI_SCSI - ok
13:56:00.0773 1508 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:56:00.0773 1508 luafv - ok
13:56:00.0773 1508 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
13:56:00.0773 1508 LUsbFilt - ok
13:56:00.0805 1508 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:56:00.0805 1508 Mcx2Svc - ok
13:56:00.0820 1508 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:56:00.0820 1508 megasas - ok
13:56:00.0836 1508 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:56:00.0836 1508 MegaSR - ok
13:56:00.0867 1508 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:56:00.0867 1508 MMCSS - ok
13:56:00.0867 1508 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:56:00.0867 1508 Modem - ok
13:56:00.0883 1508 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:56:00.0883 1508 monitor - ok
13:56:00.0898 1508 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
13:56:00.0898 1508 mouclass - ok
13:56:00.0914 1508 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:56:00.0914 1508 mouhid - ok
13:56:00.0929 1508 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:56:00.0929 1508 mountmgr - ok
13:56:00.0992 1508 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:56:00.0992 1508 MozillaMaintenance - ok
13:56:01.0023 1508 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:56:01.0023 1508 mpio - ok
13:56:01.0039 1508 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:56:01.0039 1508 mpsdrv - ok
13:56:01.0085 1508 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:56:01.0117 1508 MpsSvc - ok
13:56:01.0148 1508 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:56:01.0148 1508 MRxDAV - ok
13:56:01.0179 1508 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:56:01.0179 1508 mrxsmb - ok
13:56:01.0210 1508 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:56:01.0210 1508 mrxsmb10 - ok
13:56:01.0241 1508 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:56:01.0241 1508 mrxsmb20 - ok
13:56:01.0288 1508 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:56:01.0288 1508 msahci - ok
13:56:01.0304 1508 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:56:01.0304 1508 msdsm - ok
13:56:01.0319 1508 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:56:01.0319 1508 MSDTC - ok
13:56:01.0351 1508 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:56:01.0351 1508 Msfs - ok
13:56:01.0366 1508 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:56:01.0366 1508 mshidkmdf - ok
13:56:01.0382 1508 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:56:01.0382 1508 msisadrv - ok
13:56:01.0429 1508 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:56:01.0429 1508 MSiSCSI - ok
13:56:01.0444 1508 msiserver - ok
13:56:01.0444 1508 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:56:01.0444 1508 MSKSSRV - ok
13:56:01.0460 1508 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:56:01.0460 1508 MSPCLOCK - ok
13:56:01.0475 1508 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:56:01.0475 1508 MSPQM - ok
13:56:01.0491 1508 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:56:01.0491 1508 MsRPC - ok
13:56:01.0507 1508 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:56:01.0507 1508 mssmbios - ok
13:56:01.0522 1508 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:56:01.0522 1508 MSTEE - ok
13:56:01.0522 1508 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:56:01.0522 1508 MTConfig - ok
13:56:01.0553 1508 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
13:56:01.0553 1508 MTsensor - ok
13:56:01.0569 1508 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:56:01.0569 1508 Mup - ok
13:56:01.0616 1508 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:56:01.0616 1508 napagent - ok
13:56:01.0631 1508 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:56:01.0647 1508 NativeWifiP - ok
13:56:01.0678 1508 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:56:01.0678 1508 NDIS - ok
13:56:01.0694 1508 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:56:01.0694 1508 NdisCap - ok
13:56:01.0694 1508 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:56:01.0694 1508 NdisTapi - ok
13:56:01.0725 1508 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:56:01.0725 1508 Ndisuio - ok
13:56:01.0741 1508 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:56:01.0741 1508 NdisWan - ok
13:56:01.0772 1508 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:56:01.0772 1508 NDProxy - ok
13:56:01.0772 1508 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:56:01.0772 1508 NetBIOS - ok
13:56:01.0787 1508 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:56:01.0803 1508 NetBT - ok
13:56:01.0803 1508 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:56:01.0803 1508 Netlogon - ok
13:56:01.0834 1508 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:56:01.0834 1508 Netman - ok
13:56:01.0850 1508 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:56:01.0865 1508 netprofm - ok
13:56:01.0897 1508 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:56:01.0897 1508 NetTcpPortSharing - ok
13:56:01.0912 1508 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:56:01.0912 1508 nfrd960 - ok
13:56:01.0943 1508 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:56:01.0959 1508 NlaSvc - ok
13:56:01.0975 1508 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:56:01.0975 1508 Npfs - ok
13:56:01.0975 1508 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:56:01.0990 1508 nsi - ok
13:56:01.0990 1508 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:56:01.0990 1508 nsiproxy - ok
13:56:02.0037 1508 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:56:02.0068 1508 Ntfs - ok
13:56:02.0084 1508 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:56:02.0084 1508 Null - ok
13:56:02.0099 1508 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:56:02.0099 1508 nvraid - ok
13:56:02.0131 1508 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:56:02.0131 1508 nvstor - ok
13:56:02.0146 1508 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:56:02.0146 1508 nv_agp - ok
13:56:02.0177 1508 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:56:02.0177 1508 ohci1394 - ok
13:56:02.0209 1508 [ EDD1DCD36F6115ACC6935C3F88FF54D7 ] P17 C:\Windows\system32\drivers\P17.sys
13:56:02.0240 1508 P17 - ok
13:56:02.0271 1508 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:56:02.0271 1508 p2pimsvc - ok
13:56:02.0287 1508 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:56:02.0302 1508 p2psvc - ok
13:56:02.0318 1508 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:56:02.0318 1508 Parport - ok
13:56:02.0333 1508 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:56:02.0349 1508 partmgr - ok
13:56:02.0349 1508 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:56:02.0365 1508 PcaSvc - ok
13:56:02.0380 1508 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:56:02.0380 1508 pci - ok
13:56:02.0396 1508 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:56:02.0396 1508 pciide - ok
13:56:02.0411 1508 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:56:02.0411 1508 pcmcia - ok
13:56:02.0411 1508 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:56:02.0411 1508 pcw - ok
13:56:02.0427 1508 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:56:02.0427 1508 PEAUTH - ok
13:56:02.0505 1508 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:56:02.0505 1508 PerfHost - ok
13:56:02.0552 1508 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:56:02.0583 1508 pla - ok
13:56:02.0614 1508 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:56:02.0645 1508 PlugPlay - ok
13:56:02.0661 1508 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:56:02.0677 1508 PNRPAutoReg - ok
13:56:02.0723 1508 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:56:02.0723 1508 PNRPsvc - ok
13:56:02.0770 1508 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:56:02.0786 1508 PolicyAgent - ok
13:56:02.0801 1508 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:56:02.0817 1508 Power - ok
13:56:02.0833 1508 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:56:02.0848 1508 PptpMiniport - ok
13:56:02.0864 1508 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:56:02.0864 1508 Processor - ok
13:56:02.0895 1508 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:56:02.0895 1508 ProfSvc - ok
13:56:02.0911 1508 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:56:02.0911 1508 ProtectedStorage - ok
13:56:02.0942 1508 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:56:02.0942 1508 Psched - ok
13:56:02.0973 1508 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:56:03.0004 1508 ql2300 - ok
13:56:03.0020 1508 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:56:03.0020 1508 ql40xx - ok
13:56:03.0051 1508 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:56:03.0051 1508 QWAVE - ok
13:56:03.0051 1508 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:56:03.0051 1508 QWAVEdrv - ok
13:56:03.0067 1508 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:56:03.0067 1508 RasAcd - ok
13:56:03.0098 1508 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:56:03.0098 1508 RasAgileVpn - ok
13:56:03.0113 1508 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:56:03.0113 1508 RasAuto - ok
13:56:03.0145 1508 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:56:03.0145 1508 Rasl2tp - ok
13:56:03.0176 1508 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:56:03.0176 1508 RasMan - ok
13:56:03.0191 1508 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:56:03.0191 1508 RasPppoe - ok
13:56:03.0191 1508 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:56:03.0191 1508 RasSstp - ok
13:56:03.0223 1508 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:56:03.0223 1508 rdbss - ok
13:56:03.0223 1508 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:56:03.0223 1508 rdpbus - ok
13:56:03.0238 1508 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:56:03.0238 1508 RDPCDD - ok
13:56:03.0254 1508 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:56:03.0254 1508 RDPENCDD - ok
13:56:03.0254 1508 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:56:03.0269 1508 RDPREFMP - ok
13:56:03.0285 1508 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:56:03.0285 1508 RDPWD - ok
13:56:03.0301 1508 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:56:03.0301 1508 rdyboost - ok
13:56:03.0332 1508 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:56:03.0332 1508 RemoteAccess - ok
13:56:03.0347 1508 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:56:03.0347 1508 RemoteRegistry - ok
13:56:03.0363 1508 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:56:03.0363 1508 RpcEptMapper - ok
13:56:03.0394 1508 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:56:03.0394 1508 RpcLocator - ok
13:56:03.0425 1508 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:56:03.0425 1508 RpcSs - ok
13:56:03.0457 1508 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:56:03.0457 1508 rspndr - ok
13:56:03.0472 1508 [ 68DD0457D18FCCEF7384AE84022F0C86 ] RTL8023x64 C:\Windows\system32\DRIVERS\Rtnic64.sys
13:56:03.0472 1508 RTL8023x64 - ok
13:56:03.0519 1508 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:56:03.0519 1508 RTL8167 - ok
13:56:03.0535 1508 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:56:03.0535 1508 SamSs - ok
13:56:03.0566 1508 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:56:03.0566 1508 sbp2port - ok
13:56:03.0581 1508 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:56:03.0597 1508 SCardSvr - ok
13:56:03.0613 1508 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:56:03.0613 1508 scfilter - ok
13:56:03.0659 1508 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:56:03.0691 1508 Schedule - ok
13:56:03.0722 1508 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:56:03.0722 1508 SCPolicySvc - ok
13:56:03.0737 1508 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:56:03.0753 1508 SDRSVC - ok
13:56:03.0784 1508 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:56:03.0784 1508 secdrv - ok
13:56:03.0815 1508 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:56:03.0815 1508 seclogon - ok
13:56:03.0847 1508 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:56:03.0847 1508 SENS - ok
13:56:03.0862 1508 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:56:03.0862 1508 SensrSvc - ok
13:56:03.0862 1508 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:56:03.0862 1508 Serenum - ok
13:56:03.0878 1508 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:56:03.0878 1508 Serial - ok
13:56:03.0893 1508 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:56:03.0893 1508 sermouse - ok
13:56:03.0940 1508 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:56:03.0940 1508 SessionEnv - ok
13:56:03.0956 1508 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:56:03.0956 1508 sffdisk - ok
13:56:03.0971 1508 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:56:03.0971 1508 sffp_mmc - ok
13:56:03.0987 1508 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:56:03.0987 1508 sffp_sd - ok
13:56:03.0987 1508 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:56:03.0987 1508 sfloppy - ok
13:56:04.0049 1508 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:56:04.0049 1508 SharedAccess - ok
13:56:04.0081 1508 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:56:04.0081 1508 ShellHWDetection - ok
13:56:04.0096 1508 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:56:04.0096 1508 SiSRaid2 - ok
13:56:04.0112 1508 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:56:04.0112 1508 SiSRaid4 - ok
13:56:04.0143 1508 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:56:04.0143 1508 SkypeUpdate - ok
13:56:04.0159 1508 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:56:04.0159 1508 Smb - ok
13:56:04.0205 1508 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:56:04.0205 1508 SNMPTRAP - ok
13:56:04.0205 1508 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:56:04.0221 1508 spldr - ok
13:56:04.0237 1508 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:56:04.0252 1508 Spooler - ok
13:56:04.0330 1508 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:56:04.0361 1508 sppsvc - ok
13:56:04.0377 1508 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:56:04.0377 1508 sppuinotify - ok
13:56:04.0408 1508 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:56:04.0424 1508 srv - ok
13:56:04.0471 1508 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:56:04.0486 1508 srv2 - ok
13:56:04.0502 1508 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:56:04.0517 1508 srvnet - ok
13:56:04.0533 1508 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:56:04.0549 1508 SSDPSRV - ok
13:56:04.0580 1508 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:56:04.0580 1508 SstpSvc - ok
13:56:04.0611 1508 Steam Client Service - ok
13:56:04.0642 1508 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:56:04.0642 1508 stexstor - ok
13:56:04.0689 1508 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:56:04.0720 1508 stisvc - ok
13:56:04.0751 1508 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:56:04.0751 1508 swenum - ok
13:56:04.0767 1508 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:56:04.0798 1508 swprv - ok
13:56:04.0845 1508 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:56:04.0876 1508 SysMain - ok
13:56:04.0907 1508 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:56:04.0907 1508 TabletInputService - ok
13:56:04.0939 1508 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:56:04.0954 1508 TapiSrv - ok
13:56:04.0970 1508 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:56:04.0970 1508 TBS - ok
13:56:05.0032 1508 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:56:05.0079 1508 Tcpip - ok
13:56:05.0126 1508 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:56:05.0141 1508 TCPIP6 - ok
13:56:05.0173 1508 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:56:05.0173 1508 tcpipreg - ok
13:56:05.0188 1508 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:56:05.0188 1508 TDPIPE - ok
13:56:05.0219 1508 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:56:05.0219 1508 TDTCP - ok
13:56:05.0251 1508 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:56:05.0251 1508 tdx - ok
13:56:05.0344 1508 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
13:56:05.0360 1508 TeamViewer7 - ok
13:56:05.0375 1508 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:56:05.0375 1508 TermDD - ok
13:56:05.0391 1508 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:56:05.0407 1508 TermService - ok
13:56:05.0422 1508 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:56:05.0422 1508 Themes - ok
13:56:05.0438 1508 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:56:05.0438 1508 THREADORDER - ok
13:56:05.0453 1508 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:56:05.0453 1508 TrkWks - ok
13:56:05.0500 1508 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:56:05.0500 1508 TrustedInstaller - ok
13:56:05.0547 1508 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:56:05.0547 1508 tssecsrv - ok
13:56:05.0563 1508 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:56:05.0578 1508 TsUsbFlt - ok
13:56:05.0765 1508 [ 25E302D93CBDFA1D1269FE3C41B94390 ] TuneUp.UtilitiesSvc D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
13:56:05.0797 1508 TuneUp.UtilitiesSvc - ok
13:56:05.0828 1508 [ 7BC3381C0713F613B31ACDE38B71CB53 ] TuneUpUtilitiesDrv D:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys
13:56:05.0828 1508 TuneUpUtilitiesDrv - ok
13:56:05.0859 1508 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:56:05.0859 1508 tunnel - ok
13:56:05.0875 1508 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:56:05.0890 1508 uagp35 - ok
13:56:05.0906 1508 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:56:05.0906 1508 udfs - ok
13:56:05.0937 1508 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:56:05.0937 1508 UI0Detect - ok
13:56:05.0968 1508 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:56:05.0968 1508 uliagpkx - ok
13:56:05.0984 1508 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:56:05.0984 1508 umbus - ok
13:56:05.0999 1508 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:56:05.0999 1508 UmPass - ok
13:56:06.0015 1508 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:56:06.0015 1508 upnphost - ok
13:56:06.0046 1508 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
13:56:06.0046 1508 usbaudio - ok
13:56:06.0077 1508 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:56:06.0077 1508 usbccgp - ok
13:56:06.0109 1508 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:56:06.0109 1508 usbcir - ok
13:56:06.0140 1508 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:56:06.0140 1508 usbehci - ok
13:56:06.0155 1508 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:56:06.0155 1508 usbhub - ok
13:56:06.0171 1508 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
13:56:06.0171 1508 usbohci - ok
13:56:06.0187 1508 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:56:06.0187 1508 usbprint - ok
13:56:06.0187 1508 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:56:06.0187 1508 USBSTOR - ok
13:56:06.0218 1508 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:56:06.0218 1508 usbuhci - ok
13:56:06.0233 1508 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:56:06.0233 1508 usbvideo - ok
13:56:06.0249 1508 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:56:06.0265 1508 UxSms - ok
13:56:06.0265 1508 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:56:06.0265 1508 VaultSvc - ok
13:56:06.0280 1508 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:56:06.0280 1508 vdrvroot - ok
13:56:06.0327 1508 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:56:06.0327 1508 vds - ok
13:56:06.0358 1508 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:56:06.0358 1508 vga - ok
13:56:06.0358 1508 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:56:06.0358 1508 VgaSave - ok
13:56:06.0374 1508 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:56:06.0374 1508 vhdmp - ok
13:56:06.0405 1508 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:56:06.0405 1508 viaide - ok
13:56:06.0421 1508 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:56:06.0421 1508 volmgr - ok
13:56:06.0452 1508 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:56:06.0452 1508 volmgrx - ok
13:56:06.0452 1508 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:56:06.0467 1508 volsnap - ok
13:56:06.0483 1508 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:56:06.0483 1508 vsmraid - ok
13:56:06.0545 1508 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:56:06.0577 1508 VSS - ok
13:56:06.0592 1508 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
13:56:06.0592 1508 vwifibus - ok
13:56:06.0623 1508 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:56:06.0639 1508 W32Time - ok
13:56:06.0639 1508 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:56:06.0639 1508 WacomPen - ok
13:56:06.0655 1508 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:56:06.0655 1508 WANARP - ok
13:56:06.0670 1508 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:56:06.0670 1508 Wanarpv6 - ok
13:56:06.0717 1508 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:56:06.0748 1508 wbengine - ok
13:56:06.0764 1508 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:56:06.0764 1508 WbioSrvc - ok
13:56:06.0795 1508 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:56:06.0811 1508 wcncsvc - ok
13:56:06.0826 1508 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:56:06.0826 1508 WcsPlugInService - ok
13:56:06.0842 1508 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:56:06.0842 1508 Wd - ok
13:56:06.0873 1508 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:56:06.0873 1508 Wdf01000 - ok
13:56:06.0889 1508 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:56:06.0889 1508 WdiServiceHost - ok
13:56:06.0889 1508 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:56:06.0904 1508 WdiSystemHost - ok
13:56:06.0920 1508 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:56:06.0935 1508 WebClient - ok
13:56:06.0967 1508 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:56:06.0982 1508 Wecsvc - ok
13:56:06.0998 1508 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:56:06.0998 1508 wercplsupport - ok
13:56:07.0013 1508 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:56:07.0013 1508 WerSvc - ok
13:56:07.0029 1508 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:56:07.0029 1508 WfpLwf - ok
13:56:07.0045 1508 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:56:07.0045 1508 WIMMount - ok
13:56:07.0060 1508 WinDefend - ok
13:56:07.0060 1508 WinHttpAutoProxySvc - ok
13:56:07.0123 1508 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:56:07.0123 1508 Winmgmt - ok
13:56:07.0201 1508 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:56:07.0263 1508 WinRM - ok
13:56:07.0310 1508 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:56:07.0325 1508 Wlansvc - ok
13:56:07.0357 1508 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:56:07.0357 1508 WmiAcpi - ok
13:56:07.0372 1508 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:56:07.0388 1508 wmiApSrv - ok
13:56:07.0403 1508 WMPNetworkSvc - ok
13:56:07.0419 1508 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:56:07.0419 1508 WPCSvc - ok
13:56:07.0450 1508 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:56:07.0450 1508 WPDBusEnum - ok
13:56:07.0481 1508 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:56:07.0481 1508 ws2ifsl - ok
13:56:07.0481 1508 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
13:56:07.0481 1508 wscsvc - ok
13:56:07.0481 1508 WSearch - ok
13:56:07.0559 1508 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:56:07.0637 1508 wuauserv - ok
13:56:07.0669 1508 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:56:07.0669 1508 WudfPf - ok
13:56:07.0700 1508 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:56:07.0700 1508 WUDFRd - ok
13:56:07.0731 1508 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:56:07.0731 1508 wudfsvc - ok
13:56:07.0762 1508 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:56:07.0762 1508 WwanSvc - ok
13:56:07.0778 1508 ================ Scan global ===============================
13:56:07.0793 1508 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:56:07.0840 1508 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:56:07.0856 1508 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
13:56:07.0887 1508 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:56:07.0903 1508 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:56:07.0918 1508 [Global] - ok
13:56:07.0918 1508 ================ Scan MBR ==================================
13:56:07.0918 1508 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:56:08.0168 1508 \Device\Harddisk0\DR0 - ok
13:56:08.0168 1508 ================ Scan VBR ==================================
13:56:08.0168 1508 [ FB340540706FED1677BADC111D0E45CA ] \Device\Harddisk0\DR0\Partition1
13:56:08.0168 1508 \Device\Harddisk0\DR0\Partition1 - ok
13:56:08.0183 1508 [ ABEA0C7B77F536132FDE8B386D9068B7 ] \Device\Harddisk0\DR0\Partition2
13:56:08.0183 1508 \Device\Harddisk0\DR0\Partition2 - ok
13:56:08.0199 1508 [ AED10F24C06F87A4B4B1365A93C38259 ] \Device\Harddisk0\DR0\Partition3
13:56:08.0199 1508 \Device\Harddisk0\DR0\Partition3 - ok
13:56:08.0199 1508 ============================================================
13:56:08.0199 1508 Scan finished
13:56:08.0199 1508 ============================================================
13:56:08.0215 4776 Detected object count: 0
13:56:08.0215 4776 Actual detected object count: 0
Was mir noch so auffällt. Ich habe einen AMD Prozessor und nicht einen von Intel. Geändert von subvision (02.10.2012 um 13:28 Uhr) |
|
02.10.2012, 14:19
| #6 | |
| /// the machine /// TB-Ausbilder | Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werdenCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden |
|
02.10.2012, 14:34
| #7 |
| | Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden Ich mußte nicht neustarten wegen Combofix. Allerdings war nach Beenden meiner Firewall Comodo Defense+ noch aktiv. Ich hoffe, das macht nix. Hier das log: Code:
ATTFilter ComboFix 12-10-02.02 - Micha 02.10.2012 15:25:20.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2681 [GMT 2:00]
ausgeführt von:: c:\users\Micha\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-02 bis 2012-10-02 ))))))))))))))))))))))))))))))
.
.
2012-10-02 13:29 . 2012-10-02 13:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-02 11:50 . 2012-09-18 22:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02D92663-413A-42B1-9884-F4EA7FC77F7D}\mpengine.dll
2012-09-30 18:02 . 2012-09-30 18:02 -------- d-----w- c:\programdata\Malwarebytes
2012-09-30 18:02 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-30 11:11 . 2012-09-30 11:11 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 11:11 . 2012-09-30 11:11 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-30 11:11 . 2012-09-30 11:11 -------- d-----w- c:\windows\SysWow64\Macromed
2012-09-30 11:11 . 2012-09-30 11:11 -------- d-----w- c:\windows\system32\Macromed
2012-09-30 08:57 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-09-30 08:57 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-09-30 07:20 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-30 07:20 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-30 07:20 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-30 07:20 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-30 07:20 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-30 07:19 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-29 17:16 . 2012-09-29 17:16 -------- d-----w- c:\programdata\Canneverbe Limited
2012-09-29 11:44 . 2012-09-19 09:29 34656 ----a-w- c:\windows\system32\TURegOpt.exe
2012-09-29 11:44 . 2012-09-19 09:29 25952 ----a-w- c:\windows\system32\authuitu.dll
2012-09-29 11:44 . 2012-09-19 09:29 21344 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-09-29 11:43 . 2012-09-29 11:44 -------- d-----w- c:\programdata\TuneUp Software
2012-09-29 11:43 . 2012-09-29 11:43 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-09-29 11:43 . 2012-09-29 11:43 -------- d--h--w- c:\programdata\Common Files
2012-09-29 10:42 . 2012-09-29 10:42 -------- d-----w- c:\windows\system32\SPReview
2012-09-29 10:42 . 2012-09-29 10:42 -------- d-----w- c:\windows\system32\EventProviders
2012-09-29 10:27 . 2010-11-20 13:27 750080 ----a-w- c:\windows\system32\TSWorkspace.dll
2012-09-29 10:26 . 2010-11-20 13:25 139264 ----a-w- c:\windows\system32\cabview.dll
2012-09-29 10:25 . 2010-11-20 13:27 681472 ----a-w- c:\windows\system32\WUDFx.dll
2012-09-29 10:24 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-09-29 10:24 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-09-29 10:24 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-09-29 10:21 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-09-29 10:21 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-09-29 10:21 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-09-29 09:51 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-09-29 09:51 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-09-29 09:51 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-09-29 09:51 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-09-29 09:51 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-09-29 09:51 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-09-29 09:51 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-09-29 09:50 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-09-29 09:50 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2012-09-29 09:50 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2012-09-29 09:50 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2012-09-29 09:50 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-09-29 09:50 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-09-29 09:50 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-09-29 09:50 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-09-29 09:50 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-09-29 09:50 . 2011-03-11 04:37 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2012-09-29 09:50 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-09-29 09:50 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-09-28 21:20 . 2012-09-28 21:20 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-09-28 21:05 . 2012-09-28 21:05 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-09-28 21:05 . 2012-09-28 21:05 -------- d-----w- c:\windows\system32\wbem\en-US
2012-09-28 20:18 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-09-28 20:02 . 2012-08-30 22:43 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-28 19:59 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-28 19:59 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-09-28 19:59 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-28 19:59 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-28 19:59 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-09-28 19:59 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-09-28 19:59 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-09-28 19:54 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-09-28 19:53 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-09-28 19:52 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-09-28 19:51 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-28 19:48 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-09-28 19:39 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-09-28 19:39 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-09-28 16:42 . 2012-09-28 21:10 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-09-28 16:31 . 2012-09-28 16:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-28 16:31 . 2012-09-28 16:31 -------- d-----r- c:\program files (x86)\Skype
2012-09-28 16:31 . 2012-09-28 16:31 -------- d-----w- c:\programdata\Skype
2012-09-28 16:14 . 2012-09-28 16:14 -------- d-----w- c:\program files\Logitech
2012-09-28 16:07 . 2012-09-28 16:07 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2012-09-28 16:06 . 2012-09-28 16:14 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-28 16:06 . 2012-09-28 16:14 -------- d-----w- c:\programdata\Logishrd
2012-09-28 16:05 . 2012-09-28 16:15 -------- d-----w- c:\program files\Common Files\LogiShrd
2012-09-28 14:57 . 2012-09-28 14:57 -------- d-----w- c:\program files (x86)\TeamViewer
2012-09-28 12:53 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-09-28 12:53 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
2012-09-28 12:52 . 2012-09-28 12:52 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-09-28 12:48 . 2012-09-28 12:48 -------- d-----w- c:\program files (x86)\COMODO
2012-09-28 12:48 . 2012-09-28 12:48 -------- d-----w- c:\program files (x86)\Common Files\Comodo
2012-09-28 12:48 . 2012-09-28 12:48 -------- d-----w- c:\programdata\CPA_VA
2012-09-28 12:42 . 2012-05-31 10:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-09-28 12:39 . 2012-09-28 11:47 -------- d-----w- c:\windows\Panther
2012-09-28 12:31 . 2012-09-30 10:53 -------- d-----w- c:\programdata\Comodo
2012-09-28 12:31 . 2012-09-28 12:48 -------- d-----w- c:\program files\COMODO
2012-09-28 12:31 . 2012-09-28 12:31 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-09-28 12:31 . 2012-09-28 12:31 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-09-28 12:31 . 2012-09-28 12:31 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-09-28 12:19 . 2006-10-06 12:17 53248 ------w- c:\windows\Ctregrun.exe
2012-09-28 12:19 . 2000-05-22 14:58 647872 ------w- c:\windows\SysWow64\Mscomct2.ocx
2012-09-28 12:16 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-28 12:16 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-28 12:16 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-28 12:16 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-28 12:16 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-28 12:16 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-28 12:16 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-28 12:16 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-28 12:16 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-09-28 12:16 . 2012-09-28 12:16 -------- d-----w- c:\programdata\AVAST Software
2012-09-28 12:09 . 2012-09-28 12:09 -------- d-----w- c:\programdata\ATI
2012-09-28 12:08 . 2012-09-28 12:08 0 ----a-w- c:\windows\ativpsrm.bin
2012-09-28 12:07 . 2012-09-28 12:07 -------- d-----w- c:\program files (x86)\AMD APP
2012-09-28 12:07 . 2012-09-28 12:07 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-09-28 12:07 . 2012-09-28 12:07 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-09-28 12:06 . 2012-09-28 12:06 -------- d-----w- c:\programdata\AMD
2012-09-28 12:06 . 2010-02-18 07:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2012-09-28 12:06 . 2012-09-28 12:06 -------- d-----w- c:\program files (x86)\ATI Technologies
2012-09-28 12:06 . 2012-09-29 11:45 -------- d-sh--w- c:\windows\Installer
2012-09-28 12:06 . 2012-09-28 12:06 -------- d-----w- c:\program files\ATI
2012-09-28 12:05 . 2012-09-28 12:07 -------- d-----w- c:\program files\ATI Technologies
2012-09-28 12:05 . 2012-09-28 12:05 -------- d-----w- C:\AMD
2012-09-28 11:59 . 2012-09-28 11:59 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-28 11:55 . 2003-06-12 21:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd
2012-09-28 11:52 . 2012-09-28 12:20 -------- d-----w- c:\programdata\Creative
2012-09-28 11:52 . 2009-07-10 07:09 214528 ----a-w- c:\windows\system32\APOMgr64.DLL
2012-09-28 11:52 . 2009-07-10 07:07 166912 ----a-w- c:\windows\SysWow64\APOMngr.DLL
2012-09-28 11:52 . 2009-02-06 16:53 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 11:09 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-09-29 11:09 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-08-03 08:23 . 2012-08-03 08:23 35064 ----a-w- c:\windows\system32\drivers\CFRMD.sys
2012-08-03 08:23 . 2012-08-03 08:23 35064 ----a-w- c:\windows\inf\lps-ca\cfrmd.sys
2012-07-28 04:09 . 2012-07-28 04:09 5538984 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-07-28 04:07 . 2012-07-28 04:07 10278912 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-07-28 03:43 . 2012-07-28 03:43 70144 ----a-w- c:\windows\system32\coinst_8.982.dll
2012-07-28 03:19 . 2012-07-28 03:19 24935424 ----a-w- c:\windows\system32\atio6axx.dll
2012-07-28 02:50 . 2012-07-28 02:50 20546560 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-07-28 02:15 . 2012-07-28 02:15 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-07-28 02:15 . 2012-07-28 02:15 931328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-07-28 02:13 . 2012-07-28 02:13 1100288 ----a-w- c:\windows\system32\aticfx64.dll
2012-07-28 02:10 . 2012-07-28 02:10 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-07-28 02:10 . 2012-07-28 02:10 534528 ----a-w- c:\windows\system32\atieclxx.exe
2012-07-28 02:09 . 2012-07-28 02:09 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-07-28 02:08 . 2012-07-28 02:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-07-28 02:08 . 2012-07-28 02:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-07-28 02:07 . 2012-07-28 02:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-07-28 02:07 . 2012-07-28 02:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-07-28 02:07 . 2012-07-28 02:07 6430208 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-07-28 01:51 . 2012-07-28 01:51 7052288 ----a-w- c:\windows\system32\atidxx64.dll
2012-07-28 01:41 . 2012-07-28 01:41 4266496 ----a-w- c:\windows\system32\atiumd6a.dll
2012-07-28 01:35 . 2012-07-28 01:35 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-07-28 01:35 . 2012-07-28 01:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-07-28 01:35 . 2012-07-28 01:35 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-07-28 01:35 . 2012-07-28 01:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-07-28 01:34 . 2012-07-28 01:34 16034304 ----a-w- c:\windows\system32\aticaldd64.dll
2012-07-28 01:32 . 2012-07-28 01:32 4751872 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-07-28 01:30 . 2012-07-28 01:30 13605888 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-07-28 01:25 . 2012-07-28 01:25 6676480 ----a-w- c:\windows\system32\atiumd64.dll
2012-07-28 01:15 . 2012-07-28 01:15 540160 ----a-w- c:\windows\system32\atiadlxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-07-28 01:15 . 2012-07-28 01:15 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-07-28 01:15 . 2012-07-28 01:15 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-07-28 01:14 . 2012-07-28 01:14 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-07-28 01:14 . 2012-07-28 01:14 368640 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-07-28 01:13 . 2012-07-28 01:13 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-07-28 01:13 . 2012-07-28 01:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-07-28 01:13 . 2012-07-28 01:13 103936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-07-28 01:13 . 2012-07-28 01:13 83456 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-07-28 01:12 . 2012-07-28 01:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-07-28 01:08 . 2012-07-28 01:08 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-07-27 20:47 . 2012-07-27 20:47 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-07-27 20:47 . 2012-07-27 20:47 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-07-27 20:47 . 2012-07-27 20:47 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-07-27 20:47 . 2012-07-27 20:47 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-07-27 20:47 . 2012-07-27 20:47 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-07-27 20:46 . 2012-07-27 20:46 16464896 ----a-w- c:\windows\system32\amdocl64.dll
2012-07-27 20:46 . 2012-07-27 20:46 13013504 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-07-27 20:44 . 2012-07-27 20:44 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-07-27 20:44 . 2012-07-27 20:44 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"avast"="d:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"WinampAgent"="d:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files (x86)\COMODO\GeekBuddy\launcher.exe [2012-8-23 49360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2012-08-03 35064]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-30 250288]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-09-28 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-09-28 79360]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\Comodo\launcher_service.exe [2012-08-23 70352]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-19 2365792]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 RTL8023x64;Realtek 10/100-Netzwerkkartenfamilie-NDIS-x64-Treiber;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-19 11880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 14993658
*Deregistered* - 14993658
*Deregistered* - aswMBR
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-30 11:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- d:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{317911D6-43D9-4A2C-9C41-CE2F7CB71F28}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{3D00864E-26A5-474A-A715-EE62AAFC2273}: NameServer = 8.26.56.26,156.154.70.22
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\bensm4a1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-02 15:31:39
ComboFix-quarantined-files.txt 2012-10-02 13:31
.
Vor Suchlauf: 9 Verzeichnis(se), 24.739.385.344 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 24.468.443.136 Bytes frei
.
- - End Of File - - 09494FB06AA6AC7EF4C92FD5D65BC5C4
|
|
02.10.2012, 14:39
| #8 |
| /// the machine /// TB-Ausbilder | Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden Hast Du immer noch die im Threadtitel genannten Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.10.2012, 14:46
| #9 | |
| | Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werdenZitat:
Ich weiß wirklich nicht mehr weiter. Wie deaktiviere ich den Schädling? Ich habe davon nicht allzuviel Ahnung, ich bin also kein Profi, sondern nur erfahrenener Anwender. Widows Scripting Host werde ich erstmal deaktiviert lassen und ich werde den Kontakt mit fremden Rechnern meiden (USB-Sticks usw.) um andere nicht zu infizieren. Ich weiß nur, ich habe Schadsoftware auf dem Rechner, die macht, was sie will. Wie weit ich da mit der Deaktivierung des WSH gegenhebele weiß ich nicht. Das Programm ist scheinbar in der Lage, beliebig Code auf meinem Rechner zu ändern. |
|
02.10.2012, 14:52
| #10 |
| /// the machine /// TB-Ausbilder | Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden Öffne mal bitte TDSSKiller nochmal, unter Optionen alles anhaken und dann Scan drücken, sollte einen Neustart verlangen und dann beginnen zu scannen. Poste bitte das Log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.10.2012, 15:00
| #11 |
| | Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden Dieses Mal hat er 2 Logs gemacht. Eines um 15:55 und eines um 15:58. Ich poste beide. 15:55 Code:
ATTFilter 15:55:07.0805 6112 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:55:07.0992 6112 ============================================================
15:55:07.0992 6112 Current date / time: 2012/10/02 15:55:07.0992
15:55:07.0992 6112 SystemInfo:
15:55:07.0992 6112
15:55:07.0992 6112 OS Version: 6.1.7601 ServicePack: 1.0
15:55:07.0992 6112 Product type: Workstation
15:55:07.0992 6112 ComputerName: X4
15:55:07.0992 6112 UserName: Micha
15:55:07.0992 6112 Windows directory: C:\Windows
15:55:07.0992 6112 System windows directory: C:\Windows
15:55:07.0992 6112 Running under WOW64
15:55:07.0992 6112 Processor architecture: Intel x64
15:55:07.0992 6112 Number of processors: 4
15:55:07.0992 6112 Page size: 0x1000
15:55:07.0992 6112 Boot type: Normal boot
15:55:07.0992 6112 ============================================================
15:55:08.0788 6112 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:55:08.0803 6112 ============================================================
15:55:08.0803 6112 \Device\Harddisk0\DR0:
15:55:08.0803 6112 MBR partitions:
15:55:08.0803 6112 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:55:08.0803 6112 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x63D1180
15:55:08.0803 6112 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x64039BF, BlocksNum 0x33F81282
15:55:08.0803 6112 ============================================================
15:55:08.0835 6112 C: <-> \Device\Harddisk0\DR0\Partition2
15:55:08.0850 6112 D: <-> \Device\Harddisk0\DR0\Partition3
15:55:08.0850 6112 ============================================================
15:55:08.0850 6112 Initialize success
15:55:08.0850 6112 ============================================================
15:55:26.0556 4284 Deinitialize success
Code:
ATTFilter 15:57:06.0891 3644 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:57:08.0900 3644 ============================================================
15:57:08.0900 3644 Current date / time: 2012/10/02 15:57:08.0900
15:57:08.0900 3644 SystemInfo:
15:57:08.0900 3644
15:57:08.0900 3644 OS Version: 6.1.7601 ServicePack: 1.0
15:57:08.0900 3644 Product type: Workstation
15:57:08.0900 3644 ComputerName: X4
15:57:08.0900 3644 UserName: Micha
15:57:08.0900 3644 Windows directory: C:\Windows
15:57:08.0900 3644 System windows directory: C:\Windows
15:57:08.0900 3644 Running under WOW64
15:57:08.0900 3644 Processor architecture: Intel x64
15:57:08.0900 3644 Number of processors: 4
15:57:08.0900 3644 Page size: 0x1000
15:57:08.0900 3644 Boot type: Normal boot
15:57:08.0900 3644 ============================================================
15:57:21.0866 3644 BG loaded
15:57:22.0599 3644 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:57:22.0631 3644 ============================================================
15:57:22.0631 3644 \Device\Harddisk0\DR0:
15:57:22.0646 3644 MBR partitions:
15:57:22.0646 3644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:57:22.0646 3644 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x63D1180
15:57:22.0662 3644 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x64039BF, BlocksNum 0x33F81282
15:57:22.0662 3644 ============================================================
15:57:22.0755 3644 C: <-> \Device\Harddisk0\DR0\Partition2
15:57:22.0865 3644 D: <-> \Device\Harddisk0\DR0\Partition3
15:57:22.0865 3644 ============================================================
15:57:22.0865 3644 Initialize success
15:57:22.0865 3644 ============================================================
15:58:12.0362 3604 Deinitialize success
|
|
02.10.2012, 15:02
| #12 |
| /// the machine /// TB-Ausbilder | Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden Du hast alle 4 Optionen angehakt? Das Log müsste viel länger sein....
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.10.2012, 15:05
| #13 |
| | Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden Dachte ich mir auch. Ich hab unter Parameters alles angehakt. Ich hab mir erlaubt, die tdsskiller.exe Datei umzubenennen und hab dann nen Scan gestartet. Wie kann ich hier Dateianhänge posten? Der Text ist nämlich zu lang. Edit: OK, hab die Datei als 7zip Archiv angehängt - wenn alles geklappt hat. Geändert von subvision (02.10.2012 um 15:32 Uhr) |
|
02.10.2012, 15:27
| #14 |
| /// the machine /// TB-Ausbilder | Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden Dann schauen wir mal von aussen: Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager
Mit Windows CD/DVD
Wähle in den Reparaturoptionen Eingabeaufforderung
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.10.2012, 15:44
| #15 |
| | Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden Schau dir bitte nochmal Post 13 an. Ich mache das Log wenn ich mir alles aufgeschrieben habe. Leider habe ich keinen Drucker. tdsskiller mit der umbenannten Exe hat jedoch keinen Neustart gemacht. Betreff frst.exe. Ich hab mit der Windows 7 DVD gestartet, kam auch in das Verzeichnis meines Sticks (Bei mir war es der Laufwerksbuchstabe h:\), aber beim Versuch, die frst.exe zu starten kam folgende Meldung: "Das zum Unterstützen des Abbildtyps erforderliche Subsystem ist nicht vorhanden" Geändert von subvision (02.10.2012 um 16:08 Uhr) |
|
| Themen zu Wahrscheinlich neuer Virus: Avast VisthAux.exe deaktiviert und erster Sektor der Festplatte kann nicht gelesen werden |
| antivirus, avast, avast deaktiviert, avast free antivirus, check, comodo, computer, datei, digital, festplatte, firewall, folge, free, hintergrund, home, netzwerk, neuer virus, nexus, nodrives, personen, programm, rescue cd, scan, schädling, starten, system, trojaner, trojaner/virus, update, version., virus, visthaux.exe, windows, zufällig |
Linear-Darstellung
