| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner FakeAlert-WinWebSec!env.h in e-mail verstecktWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.11.2012, 21:26
| #1 |
 |  Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt Hallo! Ich habe gestern eine E-mail von der deutschen post bekommen wo drin stand das für mich eine lieferung im lager ist wo aber die lieferadresse nicht stimmt. als anhang war ein abhol beleg mitgesendet worden. als ich den anhang öffnete öffnete sich plötzlich ein programm mit dem namen "security service center" und scannte meinen Laptop und fand bestimmt mindestens 30 dateien die infiziert sein sollen. da ich nicht wuste was es für ein programm ist schloß ich es, aber es öffnete sich immer wieder. zwischendurch meldete sich auch mein virenscanner und meldete mir das ich den Virus "FakeAlert-WinWebSec!env.h" auf meinem laptop habe.nach ungefähr 1 minute schloß sich mein virusprogramm und ich konnte es auch n icht mehr starten um meinen rechner zu scannen. daraufhin habe ich meinen laptop runtergefahren und im abgesicherten modus zu starten was nicht ging, er startete und nach dem laden der treiber ackerte er noch ca 3min und ging den aus. daraufhin habe ich mein sicherheitsstick angeschlossen, von diesem den laptop gebootet und meinen laptop auf ein früheres datum zurückgesetzt, was auch geklappt hat. jetzt läuft mein laptop wieder. habe denn als erstes eure seite aufgesucht und die ersten schritte abgearbeitet und die logfiles gespeichert. (defogger,otl und gmer) da ich nicht sicher bin ob der virus runter ist bitte ich um kurze hilfe und beurteilung der logfiles. Danke schon mal im vorraus. Anhang 46028 Anhang 46029 Anhang 46030 |
|
09.11.2012, 23:07
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
Außerdem hast du wohl auch schon was mit Malwarebytes gemacht Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520
__________________ |
|
13.11.2012, 23:30
| #3 |
| | Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt Hallo!
__________________Sorry das ich mich jetzt erst melde. leider habe ich von meinem virenscanner(McAfee) keine log datei und Malwarebytes habe ich mir vor ca 4 wochen raufgespielt und nach meinem posting einmal durchlaufenlassen. gruß Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.08.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 M :: M-A [Administrator] 08.11.2012 20:47:10 mbam-log-2012-11-08 (20-47-10).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 198799 Laufzeit: 18 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
13.11.2012, 23:37
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt Sollen das jetzt alle Logs sein? Ohne die Logs mit den Funden kann man sich nicht wirklich auf dein Thema im Titel beziehen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.11.2012, 16:47
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt Es geht um Virenscanner-Logs mit Funden! Und dann eben der Hinweis, dass sich wenn überhaupt nur schwierig nachvollziehen lässt, welche Infektion du hast wenn du keine Logs mit Funden liefern kannst!
__________________ --> Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt |
|
15.11.2012, 01:14
| #7 |
| | Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt Hallo! habe meinen virenscanner durchlaufen lassen. weiß leider nicht wie ich das logfile herbekomme darum leider nur ein desktopbild. ich hoffe es hilft dir weiter. gruß |
|
15.11.2012, 17:01
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt Hast du denn kein Handbuch zu deinem McAfee? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2012, 17:56
| #9 |
| | Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt Hallo! nein habe ich nicht, mcafee war schon auf dem laptop drauf wo ich mir den gekauft habe. habe auch im internet nachgeschaut wegen log datei scheinbar gibt es soeas nicht bei mcafee. |
|
16.11.2012, 19:24
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt Was für ein Schrott von Virenscanner  Ich hätte den umgehend deinstalliert. Diese vorinstallierte Schei*e taugt auch einfach nichts mehr... 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2012, 23:14
| #11 |
| | Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt Hallo! habe beide programme durchlaufen lassen. hir die logs aswMBR Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-16 21:22:08
-----------------------------
21:22:08.083 OS Version: Windows 6.1.7601 Service Pack 1
21:22:08.083 Number of processors: 2 586 0x301
21:22:08.093 ComputerName: M-A UserName: M
21:22:09.213 Initialize success
21:22:27.211 AVAST engine defs: 12111600
21:22:34.771 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:22:34.771 Disk 0 Vendor: Hitachi_HTS543232L9A300 FB4OC40C Size: 305245MB BusType: 11
21:22:34.811 Disk 0 MBR read successfully
21:22:34.821 Disk 0 MBR scan
21:22:34.841 Disk 0 Windows 7 default MBR code
21:22:34.851 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10244 MB offset 63
21:22:34.881 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147501 MB offset 20981760
21:22:34.921 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 143872 MB offset 323063808
21:22:34.961 Disk 0 Partition 4 00 12 Compaq diag NTFS 3626 MB offset 617713664
21:22:34.991 Disk 0 scanning sectors +625139712
21:22:35.091 Disk 0 scanning C:\Windows\system32\drivers
21:22:59.283 Service scanning
21:23:50.362 Modules scanning
21:24:22.422 Disk 0 trace - called modules:
21:24:22.462 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
21:24:22.472 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e0b030]
21:24:22.482 3 CLASSPNP.SYS[8b00459e] -> nt!IofCallDriver -> [0x86de4c30]
21:24:22.492 5 ACPI.sys[8abc03d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86dd9908]
21:24:23.469 AVAST engine scan C:\Windows
21:24:32.621 AVAST engine scan C:\Windows\system32
21:30:52.122 AVAST engine scan C:\Windows\system32\drivers
21:31:29.724 AVAST engine scan C:\Users\M
21:59:44.403 AVAST engine scan C:\ProgramData
22:02:38.798 Scan finished successfully
22:50:47.811 Disk 0 MBR has been saved successfully to "C:\Users\M\Desktop\MBR.dat"
22:50:47.821 The log file has been saved successfully to "C:\Users\M\Desktop\aswMB.txt"
Code:
ATTFilter 22:53:09.0488 4388 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
22:53:10.0908 4388 ============================================================
22:53:10.0908 4388 Current date / time: 2012/11/16 22:53:10.0908
22:53:10.0908 4388 SystemInfo:
22:53:10.0908 4388
22:53:10.0908 4388 OS Version: 6.1.7601 ServicePack: 1.0
22:53:10.0908 4388 Product type: Workstation
22:53:10.0908 4388 ComputerName: M-A
22:53:10.0918 4388 UserName: M
22:53:10.0918 4388 Windows directory: C:\Windows
22:53:10.0918 4388 System windows directory: C:\Windows
22:53:10.0918 4388 Processor architecture: Intel x86
22:53:10.0918 4388 Number of processors: 2
22:53:10.0918 4388 Page size: 0x1000
22:53:10.0918 4388 Boot type: Normal boot
22:53:10.0918 4388 ============================================================
22:53:12.0782 4388 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:53:12.0822 4388 ============================================================
22:53:12.0822 4388 \Device\Harddisk0\DR0:
22:53:12.0822 4388 MBR partitions:
22:53:12.0822 4388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1402800, BlocksNum 0x12016800
22:53:12.0822 4388 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13419000, BlocksNum 0x11900000
22:53:12.0822 4388 ============================================================
22:53:12.0852 4388 C: <-> \Device\Harddisk0\DR0\Partition1
22:53:13.0312 4388 D: <-> \Device\Harddisk0\DR0\Partition2
22:53:13.0312 4388 ============================================================
22:53:13.0312 4388 Initialize success
22:53:13.0312 4388 ============================================================
22:54:24.0852 5304 ============================================================
22:54:24.0852 5304 Scan started
22:54:24.0852 5304 Mode: Manual; SigCheck; TDLFS;
22:54:24.0852 5304 ============================================================
22:54:25.0942 5304 ================ Scan system memory ========================
22:54:25.0942 5304 System memory - ok
22:54:25.0952 5304 ================ Scan services =============================
22:54:26.0242 5304 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:54:26.0522 5304 1394ohci - ok
22:54:26.0532 5304 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:54:26.0582 5304 ACPI - ok
22:54:26.0612 5304 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:54:26.0713 5304 AcpiPmi - ok
22:54:26.0763 5304 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:54:26.0813 5304 adp94xx - ok
22:54:26.0823 5304 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:54:26.0853 5304 adpahci - ok
22:54:26.0873 5304 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:54:26.0893 5304 adpu320 - ok
22:54:26.0953 5304 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:54:27.0103 5304 AeLookupSvc - ok
22:54:27.0163 5304 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
22:54:27.0283 5304 AFD - ok
22:54:27.0313 5304 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:54:27.0333 5304 agp440 - ok
22:54:27.0403 5304 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:54:27.0443 5304 aic78xx - ok
22:54:27.0523 5304 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:54:27.0583 5304 ALG - ok
22:54:27.0643 5304 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:54:27.0683 5304 aliide - ok
22:54:27.0753 5304 [ 5FE81700B1C45E6AE9727DFD6EBF8DF7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:54:27.0853 5304 AMD External Events Utility - ok
22:54:27.0943 5304 AMD FUEL Service - ok
22:54:27.0983 5304 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:54:28.0033 5304 amdagp - ok
22:54:28.0053 5304 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:54:28.0083 5304 amdide - ok
22:54:28.0113 5304 [ FF258424F0B2EF25EB98F04EE386E6E3 ] amdiox86 C:\Windows\system32\DRIVERS\amdiox86.sys
22:54:28.0153 5304 amdiox86 - ok
22:54:28.0203 5304 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:54:28.0243 5304 AmdK8 - ok
22:54:28.0273 5304 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:54:28.0323 5304 AmdPPM - ok
22:54:28.0383 5304 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:54:28.0403 5304 amdsata - ok
22:54:28.0443 5304 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:54:28.0463 5304 amdsbs - ok
22:54:28.0513 5304 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:54:28.0563 5304 amdxata - ok
22:54:28.0593 5304 [ 9910A9C7D307A9E156D951248601C33E ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
22:54:28.0643 5304 ApfiltrService - ok
22:54:28.0663 5304 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:54:28.0733 5304 AppID - ok
22:54:28.0793 5304 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:54:28.0903 5304 AppIDSvc - ok
22:54:28.0933 5304 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
22:54:29.0033 5304 Appinfo - ok
22:54:29.0073 5304 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
22:54:29.0143 5304 AppMgmt - ok
22:54:29.0183 5304 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
22:54:29.0203 5304 arc - ok
22:54:29.0253 5304 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:54:29.0273 5304 arcsas - ok
22:54:29.0353 5304 [ BB67BFBC8476C5F8715654DBCAF7BF3B ] ArcSec C:\Windows\system32\drivers\ArcSec.sys
22:54:29.0383 5304 ArcSec - ok
22:54:29.0413 5304 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:54:29.0513 5304 AsyncMac - ok
22:54:29.0523 5304 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
22:54:29.0543 5304 atapi - ok
22:54:29.0633 5304 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\Windows\system32\DRIVERS\athr.sys
22:54:29.0763 5304 athr - ok
22:54:29.0873 5304 [ 84FAF3D287D56D210F84DB7C1349D43B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
22:54:29.0923 5304 AtiHDAudioService - ok
22:54:29.0943 5304 [ E2398389648B5D44DC63CA43FDD5B3F8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
22:54:29.0973 5304 AtiHdmiService - ok
22:54:30.0093 5304 [ 77F8AC3E93BABC451E49D6D63D5C5282 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
22:54:30.0353 5304 atikmdag - ok
22:54:30.0393 5304 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
22:54:30.0413 5304 AtiPcie - ok
22:54:30.0473 5304 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:54:30.0553 5304 AudioEndpointBuilder - ok
22:54:30.0583 5304 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:54:30.0663 5304 Audiosrv - ok
22:54:30.0723 5304 [ 728C4A6C722535C16D1025F51AA31E22 ] avmaudio C:\Windows\system32\DRIVERS\avmaudio.sys
22:54:30.0803 5304 avmaudio - ok
22:54:30.0863 5304 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:54:30.0913 5304 AxInstSV - ok
22:54:30.0993 5304 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
22:54:31.0093 5304 b06bdrv - ok
22:54:31.0123 5304 [ 1FD21000184A9FE91B14B8B542A301C1 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:54:31.0143 5304 b57nd60x - ok
22:54:31.0213 5304 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:54:31.0303 5304 BDESVC - ok
22:54:31.0373 5304 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:54:31.0433 5304 Beep - ok
22:54:31.0473 5304 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
22:54:31.0543 5304 BFE - ok
22:54:31.0613 5304 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
22:54:31.0703 5304 BITS - ok
22:54:31.0733 5304 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:54:31.0773 5304 blbdrive - ok
22:54:31.0803 5304 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:54:31.0873 5304 bowser - ok
22:54:31.0923 5304 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:54:32.0013 5304 BrFiltLo - ok
22:54:32.0053 5304 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:54:32.0103 5304 BrFiltUp - ok
22:54:32.0173 5304 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
22:54:32.0263 5304 Browser - ok
22:54:32.0303 5304 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:54:32.0383 5304 Brserid - ok
22:54:32.0453 5304 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:54:32.0523 5304 BrSerWdm - ok
22:54:32.0533 5304 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:54:32.0573 5304 BrUsbMdm - ok
22:54:32.0583 5304 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:54:32.0613 5304 BrUsbSer - ok
22:54:32.0643 5304 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:54:32.0693 5304 BTHMODEM - ok
22:54:32.0773 5304 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:54:32.0843 5304 bthserv - ok
22:54:32.0883 5304 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:54:32.0943 5304 cdfs - ok
22:54:32.0983 5304 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:54:33.0033 5304 cdrom - ok
22:54:33.0093 5304 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:54:33.0144 5304 CertPropSvc - ok
22:54:33.0191 5304 [ 958C33D0715D1496684D2E5E329748E8 ] cfwids C:\Windows\system32\drivers\cfwids.sys
22:54:33.0226 5304 cfwids - ok
22:54:33.0256 5304 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:54:33.0286 5304 circlass - ok
22:54:33.0326 5304 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:54:33.0346 5304 CLFS - ok
22:54:33.0446 5304 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:54:33.0496 5304 clr_optimization_v2.0.50727_32 - ok
22:54:33.0606 5304 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:54:33.0676 5304 clr_optimization_v4.0.30319_32 - ok
22:54:33.0686 5304 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:54:33.0726 5304 CmBatt - ok
22:54:33.0766 5304 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:54:33.0786 5304 cmdide - ok
22:54:33.0846 5304 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
22:54:33.0896 5304 CNG - ok
22:54:33.0916 5304 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:54:33.0936 5304 Compbatt - ok
22:54:33.0956 5304 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:54:34.0016 5304 CompositeBus - ok
22:54:34.0056 5304 COMSysApp - ok
22:54:34.0076 5304 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:54:34.0096 5304 crcdisk - ok
22:54:34.0166 5304 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:54:34.0286 5304 CryptSvc - ok
22:54:34.0316 5304 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
22:54:34.0416 5304 CSC - ok
22:54:34.0496 5304 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
22:54:34.0556 5304 CscService - ok
22:54:34.0616 5304 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:54:34.0686 5304 DcomLaunch - ok
22:54:34.0746 5304 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:54:34.0826 5304 defragsvc - ok
22:54:34.0886 5304 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:54:34.0986 5304 DfsC - ok
22:54:35.0016 5304 [ 919F338FD36F47D860775368D0748780 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
22:54:35.0036 5304 dg_ssudbus - ok
22:54:35.0116 5304 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:54:35.0196 5304 Dhcp - ok
22:54:35.0216 5304 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:54:35.0323 5304 discache - ok
22:54:35.0359 5304 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
22:54:35.0379 5304 Disk - ok
22:54:35.0419 5304 [ C701324C9E0C25DD9D60311BD87FBC84 ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
22:54:35.0449 5304 DKbFltr - ok
22:54:35.0479 5304 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
22:54:35.0529 5304 dmvsc - ok
22:54:35.0589 5304 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:54:35.0669 5304 Dnscache - ok
22:54:35.0709 5304 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:54:35.0769 5304 dot3svc - ok
22:54:35.0789 5304 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:54:35.0849 5304 DPS - ok
22:54:35.0899 5304 DritekPortIO - ok
22:54:35.0929 5304 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:54:35.0989 5304 drmkaud - ok
22:54:36.0039 5304 [ FB38473835476A6FB272215A1D972AF9 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
22:54:36.0069 5304 dtsoftbus01 - ok
22:54:36.0099 5304 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:54:36.0139 5304 DXGKrnl - ok
22:54:36.0209 5304 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:54:36.0309 5304 EapHost - ok
22:54:36.0469 5304 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
22:54:36.0639 5304 ebdrv - ok
22:54:36.0689 5304 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
22:54:36.0799 5304 EFS - ok
22:54:36.0909 5304 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:54:36.0989 5304 ehRecvr - ok
22:54:37.0019 5304 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:54:37.0069 5304 ehSched - ok
22:54:37.0149 5304 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:54:37.0199 5304 elxstor - ok
22:54:37.0219 5304 [ 6C74035909B31F873D85B25E00BEB984 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
22:54:37.0309 5304 enecir - ok
22:54:37.0339 5304 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:54:37.0389 5304 ErrDev - ok
22:54:37.0459 5304 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:54:37.0569 5304 EventSystem - ok
22:54:37.0589 5304 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:54:37.0629 5304 exfat - ok
22:54:37.0689 5304 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:54:37.0809 5304 fastfat - ok
22:54:37.0849 5304 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:54:37.0949 5304 Fax - ok
22:54:37.0979 5304 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
22:54:38.0056 5304 fdc - ok
22:54:38.0111 5304 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:54:38.0211 5304 fdPHost - ok
22:54:38.0241 5304 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:54:38.0291 5304 FDResPub - ok
22:54:38.0311 5304 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:54:38.0331 5304 FileInfo - ok
22:54:38.0361 5304 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:54:38.0431 5304 Filetrace - ok
22:54:38.0571 5304 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:54:38.0631 5304 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:54:38.0631 5304 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:54:38.0661 5304 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:54:38.0701 5304 flpydisk - ok
22:54:38.0741 5304 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:54:38.0761 5304 FltMgr - ok
22:54:38.0851 5304 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
22:54:38.0971 5304 FontCache - ok
22:54:39.0071 5304 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:54:39.0101 5304 FontCache3.0.0.0 - ok
22:54:39.0152 5304 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:54:39.0172 5304 FsDepends - ok
22:54:39.0192 5304 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:54:39.0212 5304 Fs_Rec - ok
22:54:39.0232 5304 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:54:39.0262 5304 fvevol - ok
22:54:39.0282 5304 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:54:39.0302 5304 gagp30kx - ok
22:54:39.0402 5304 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
22:54:39.0442 5304 giveio ( UnsignedFile.Multi.Generic ) - warning
22:54:39.0442 5304 giveio - detected UnsignedFile.Multi.Generic (1)
22:54:39.0502 5304 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:54:39.0582 5304 gpsvc - ok
22:54:39.0622 5304 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:54:39.0712 5304 hcw85cir - ok
22:54:39.0802 5304 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:54:39.0882 5304 HdAudAddService - ok
22:54:39.0932 5304 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:54:39.0962 5304 HDAudBus - ok
22:54:40.0002 5304 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:54:40.0062 5304 HidBatt - ok
22:54:40.0092 5304 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:54:40.0143 5304 HidBth - ok
22:54:40.0159 5304 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:54:40.0205 5304 HidIr - ok
22:54:40.0255 5304 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
22:54:40.0315 5304 hidserv - ok
22:54:40.0385 5304 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:54:40.0425 5304 HidUsb - ok
22:54:40.0465 5304 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
22:54:40.0505 5304 HipShieldK - ok
22:54:40.0565 5304 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:54:40.0615 5304 hkmsvc - ok
22:54:40.0625 5304 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:54:40.0685 5304 HomeGroupListener - ok
22:54:40.0745 5304 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:54:40.0855 5304 HomeGroupProvider - ok
22:54:40.0895 5304 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:54:40.0935 5304 HpSAMD - ok
22:54:40.0995 5304 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
22:54:41.0095 5304 HsfXAudioService - ok
22:54:41.0195 5304 [ 227C3BA25012752BB7450235392C719F ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:54:41.0295 5304 HSF_DPV - ok
22:54:41.0305 5304 [ 4DF5C76302DC2F8F3465966C8426A292 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:54:41.0345 5304 HSXHWAZL - ok
22:54:41.0395 5304 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:54:41.0455 5304 HTTP - ok
22:54:41.0485 5304 [ 19E6885A061011D8DABE8F64498423FA ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:54:41.0545 5304 hwdatacard - ok
22:54:41.0565 5304 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:54:41.0605 5304 hwpolicy - ok
22:54:41.0635 5304 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:54:41.0665 5304 i8042prt - ok
22:54:41.0715 5304 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:54:41.0765 5304 iaStorV - ok
22:54:41.0855 5304 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:54:41.0915 5304 idsvc - ok
22:54:41.0975 5304 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:54:42.0015 5304 iirsp - ok
22:54:42.0095 5304 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
22:54:42.0165 5304 IKEEXT - ok
22:54:42.0347 5304 [ F42F2F88017A2E2B6F783ACEF6C2C149 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:54:42.0497 5304 IntcAzAudAddService - ok
22:54:42.0527 5304 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:54:42.0547 5304 intelide - ok
22:54:42.0597 5304 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
22:54:42.0617 5304 intelppm - ok
22:54:42.0677 5304 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:54:42.0737 5304 IPBusEnum - ok
22:54:42.0757 5304 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:54:42.0817 5304 IpFilterDriver - ok
22:54:42.0877 5304 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:54:42.0947 5304 iphlpsvc - ok
22:54:42.0997 5304 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:54:43.0027 5304 IPMIDRV - ok
22:54:43.0057 5304 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:54:43.0117 5304 IPNAT - ok
22:54:43.0157 5304 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:54:43.0217 5304 IRENUM - ok
22:54:43.0267 5304 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:54:43.0287 5304 isapnp - ok
22:54:43.0317 5304 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:54:43.0337 5304 iScsiPrt - ok
22:54:43.0377 5304 [ 4EBF405E067F7B231EF8A07729C4A52F ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
22:54:43.0397 5304 JMCR - ok
22:54:43.0407 5304 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:54:43.0437 5304 kbdclass - ok
22:54:43.0457 5304 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:54:43.0497 5304 kbdhid - ok
22:54:43.0527 5304 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
22:54:43.0557 5304 KeyIso - ok
22:54:43.0607 5304 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:54:43.0627 5304 KSecDD - ok
22:54:43.0657 5304 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:54:43.0677 5304 KSecPkg - ok
22:54:43.0727 5304 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:54:43.0827 5304 KtmRm - ok
22:54:43.0897 5304 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
22:54:43.0977 5304 LanmanServer - ok
22:54:44.0037 5304 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:54:44.0087 5304 LanmanWorkstation - ok
22:54:44.0257 5304 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
22:54:44.0307 5304 LBTServ - ok
22:54:44.0357 5304 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
22:54:44.0377 5304 LHidFilt - ok
22:54:44.0439 5304 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:54:44.0519 5304 lltdio - ok
22:54:44.0579 5304 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:54:44.0629 5304 lltdsvc - ok
22:54:44.0649 5304 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:54:44.0699 5304 lmhosts - ok
22:54:44.0719 5304 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
22:54:44.0749 5304 LMouFilt - ok
22:54:44.0789 5304 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:54:44.0819 5304 LSI_FC - ok
22:54:44.0859 5304 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:54:44.0879 5304 LSI_SAS - ok
22:54:44.0909 5304 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:54:44.0929 5304 LSI_SAS2 - ok
22:54:44.0949 5304 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:54:44.0969 5304 LSI_SCSI - ok
22:54:44.0989 5304 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:54:45.0049 5304 luafv - ok
22:54:45.0109 5304 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:54:45.0129 5304 MBAMProtector - ok
22:54:45.0219 5304 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:54:45.0269 5304 MBAMScheduler - ok
22:54:45.0319 5304 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:54:45.0349 5304 MBAMService - ok
22:54:45.0429 5304 [ ECAB006AC6136F1307E140B633CDB8C2 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:54:45.0459 5304 McAfee SiteAdvisor Service - ok
22:54:45.0489 5304 [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:54:45.0519 5304 McMPFSvc - ok
22:54:45.0529 5304 [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:54:45.0549 5304 mcmscsvc - ok
22:54:45.0589 5304 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:54:45.0619 5304 McNaiAnn - ok
22:54:45.0699 5304 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:54:45.0759 5304 McNASvc - ok
22:54:46.0009 5304 [ E63BF12007702D6AC5037AF1E0C6B1C9 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
22:54:46.0089 5304 McODS - ok
22:54:46.0129 5304 [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:54:46.0159 5304 McProxy - ok
22:54:46.0219 5304 [ E2E5B3BE663570089F352D311B3D335F ] McPvDrv C:\Windows\system32\drivers\McPvDrv.sys
22:54:46.0239 5304 McPvDrv - ok
22:54:46.0319 5304 [ 6A78931E71218F38B2B4665D2BA79789 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
22:54:46.0349 5304 McShield - ok
22:54:46.0389 5304 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:54:46.0409 5304 Mcx2Svc - ok
22:54:46.0439 5304 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:54:46.0459 5304 mdmxsdk - ok
22:54:46.0509 5304 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
22:54:46.0529 5304 megasas - ok
22:54:46.0559 5304 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:54:46.0589 5304 MegaSR - ok
22:54:46.0629 5304 [ 38995E33939DCA02BEED384C37A0BABB ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
22:54:46.0659 5304 mfeapfk - ok
22:54:46.0699 5304 [ ACB64C134E0FA7124FE67A8CC5F02833 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
22:54:46.0719 5304 mfeavfk - ok
22:54:46.0789 5304 mfeavfk01 - ok
22:54:46.0849 5304 [ FB331E460DBAE41B7CBDD72E690D6DA3 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
22:54:46.0869 5304 mfebopk - ok
22:54:46.0929 5304 [ 8421EF9F71E0595BE68B5D913ED0FE78 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
22:54:46.0949 5304 mfefire - ok
22:54:46.0969 5304 [ 53891A53ACF0D43088E899DDD7209ACC ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
22:54:46.0999 5304 mfefirek - ok
22:54:47.0029 5304 [ 2F70286021B917F6D69C32C5DB8CD288 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
22:54:47.0079 5304 mfehidk - ok
22:54:47.0149 5304 [ 9171F3CA5DDD1D6A590B295F90E1E3BB ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
22:54:47.0169 5304 mferkdet - ok
22:54:47.0239 5304 [ 958E4A10C7C2C80714882542934C6912 ] mfevtp C:\Windows\system32\mfevtps.exe
22:54:47.0269 5304 mfevtp - ok
22:54:47.0299 5304 [ 07A474725D2DC08759496F58164795CB ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
22:54:47.0319 5304 mfewfpk - ok
22:54:47.0419 5304 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:54:47.0459 5304 Microsoft Office Groove Audit Service - ok
22:54:47.0499 5304 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:54:47.0549 5304 MMCSS - ok
22:54:47.0639 5304 [ 35176FA09A0FC58DB630991A81A0BA39 ] MOBKbackup C:\Program Files\McAfee Online Backup\MOBKbackup.exe
22:54:47.0669 5304 MOBKbackup - ok
22:54:47.0679 5304 [ E896775837A8BCE436348DF460522394 ] MOBKFilter C:\Windows\system32\DRIVERS\MOBK.sys
22:54:47.0699 5304 MOBKFilter - ok
22:54:47.0719 5304 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:54:47.0779 5304 Modem - ok
22:54:47.0839 5304 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:54:47.0909 5304 monitor - ok
22:54:47.0949 5304 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:54:47.0979 5304 mouclass - ok
22:54:47.0989 5304 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:54:48.0029 5304 mouhid - ok
22:54:48.0059 5304 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:54:48.0079 5304 mountmgr - ok
22:54:48.0139 5304 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:54:48.0179 5304 MozillaMaintenance - ok
22:54:48.0219 5304 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:54:48.0239 5304 mpio - ok
22:54:48.0249 5304 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:54:48.0289 5304 mpsdrv - ok
22:54:48.0359 5304 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:54:48.0469 5304 MpsSvc - ok
22:54:48.0509 5304 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:54:48.0559 5304 MRxDAV - ok
22:54:48.0649 5304 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:54:48.0679 5304 mrxsmb - ok
22:54:48.0689 5304 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:54:48.0739 5304 mrxsmb10 - ok
22:54:48.0759 5304 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:54:48.0799 5304 mrxsmb20 - ok
22:54:48.0809 5304 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:54:48.0829 5304 msahci - ok
22:54:48.0849 5304 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:54:48.0909 5304 msdsm - ok
22:54:48.0959 5304 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:54:49.0039 5304 MSDTC - ok
22:54:49.0089 5304 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:54:49.0129 5304 Msfs - ok
22:54:49.0149 5304 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:54:49.0209 5304 mshidkmdf - ok
22:54:49.0229 5304 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:54:49.0249 5304 msisadrv - ok
22:54:49.0319 5304 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:54:49.0449 5304 MSiSCSI - ok
22:54:49.0459 5304 msiserver - ok
22:54:49.0499 5304 [ ECAB006AC6136F1307E140B633CDB8C2 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
22:54:49.0529 5304 MSK80Service - ok
22:54:49.0559 5304 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:54:49.0609 5304 MSKSSRV - ok
22:54:49.0659 5304 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:54:49.0729 5304 MSPCLOCK - ok
22:54:49.0749 5304 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:54:49.0799 5304 MSPQM - ok
22:54:49.0819 5304 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:54:49.0849 5304 MsRPC - ok
22:54:49.0859 5304 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:54:49.0879 5304 mssmbios - ok
22:54:49.0889 5304 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:54:49.0929 5304 MSTEE - ok
22:54:49.0949 5304 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:54:49.0989 5304 MTConfig - ok
22:54:49.0999 5304 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:54:50.0019 5304 Mup - ok
22:54:50.0079 5304 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:54:50.0129 5304 napagent - ok
22:54:50.0209 5304 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:54:50.0296 5304 NativeWifiP - ok
22:54:50.0456 5304 [ 1BBBF640BC0E0B750537BAECE8D66C18 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
22:54:50.0496 5304 NAUpdate - ok
22:54:50.0586 5304 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:54:50.0636 5304 NDIS - ok
22:54:50.0666 5304 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:54:50.0726 5304 NdisCap - ok
22:54:50.0756 5304 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:54:50.0796 5304 NdisTapi - ok
22:54:50.0816 5304 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:54:50.0886 5304 Ndisuio - ok
22:54:50.0916 5304 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:54:50.0976 5304 NdisWan - ok
22:54:50.0986 5304 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:54:51.0026 5304 NDProxy - ok
22:54:51.0066 5304 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:54:51.0106 5304 NetBIOS - ok
22:54:51.0116 5304 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:54:51.0176 5304 NetBT - ok
22:54:51.0216 5304 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
22:54:51.0266 5304 Netlogon - ok
22:54:51.0356 5304 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:54:51.0446 5304 Netman - ok
22:54:51.0466 5304 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:54:51.0526 5304 netprofm - ok
22:54:51.0586 5304 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:54:51.0607 5304 NetTcpPortSharing - ok
22:54:51.0687 5304 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:54:51.0797 5304 nfrd960 - ok
22:54:51.0837 5304 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:54:51.0897 5304 NlaSvc - ok
22:54:51.0937 5304 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:54:51.0997 5304 Npfs - ok
22:54:52.0047 5304 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:54:52.0097 5304 nsi - ok
22:54:52.0107 5304 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:54:52.0147 5304 nsiproxy - ok
22:54:52.0197 5304 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:54:52.0247 5304 Ntfs - ok
22:54:52.0277 5304 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:54:52.0337 5304 Null - ok
22:54:52.0367 5304 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:54:52.0397 5304 nvraid - ok
22:54:52.0427 5304 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:54:52.0447 5304 nvstor - ok
22:54:52.0467 5304 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:54:52.0487 5304 nv_agp - ok
22:54:52.0617 5304 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:54:52.0677 5304 odserv - ok
22:54:52.0727 5304 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:54:52.0807 5304 ohci1394 - ok
22:54:52.0897 5304 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:54:52.0957 5304 ose - ok
22:54:53.0037 5304 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:54:53.0127 5304 p2pimsvc - ok
22:54:53.0157 5304 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:54:53.0207 5304 p2psvc - ok
22:54:53.0237 5304 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
22:54:53.0267 5304 Parport - ok
22:54:53.0287 5304 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:54:53.0307 5304 partmgr - ok
22:54:53.0347 5304 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
22:54:53.0367 5304 Parvdm - ok
22:54:53.0397 5304 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:54:53.0427 5304 PcaSvc - ok
22:54:53.0477 5304 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
22:54:53.0557 5304 pccsmcfd - ok
22:54:53.0567 5304 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:54:53.0597 5304 pci - ok
22:54:53.0617 5304 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:54:53.0637 5304 pciide - ok
22:54:53.0657 5304 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:54:53.0687 5304 pcmcia - ok
22:54:53.0717 5304 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:54:53.0737 5304 pcw - ok
22:54:53.0817 5304 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:54:53.0917 5304 PEAUTH - ok
22:54:54.0017 5304 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:54:54.0097 5304 PeerDistSvc - ok
22:54:54.0217 5304 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:54:54.0337 5304 pla - ok
22:54:54.0427 5304 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:54:54.0497 5304 PlugPlay - ok
22:54:54.0527 5304 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:54:54.0567 5304 PNRPAutoReg - ok
22:54:54.0607 5304 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:54:54.0637 5304 PNRPsvc - ok
22:54:54.0697 5304 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:54:54.0767 5304 PolicyAgent - ok
22:54:54.0837 5304 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:54:54.0927 5304 Power - ok
22:54:54.0997 5304 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:54:55.0057 5304 PptpMiniport - ok
22:54:55.0087 5304 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
22:54:55.0107 5304 Processor - ok
22:54:55.0177 5304 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
22:54:55.0237 5304 ProfSvc - ok
22:54:55.0267 5304 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:54:55.0297 5304 ProtectedStorage - ok
22:54:55.0327 5304 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
22:54:55.0357 5304 ProtexisLicensing - ok
22:54:55.0387 5304 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:54:55.0427 5304 Psched - ok
22:54:55.0477 5304 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:54:55.0537 5304 ql2300 - ok
22:54:55.0597 5304 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:54:55.0617 5304 ql40xx - ok
22:54:55.0677 5304 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:54:55.0727 5304 QWAVE - ok
22:54:55.0757 5304 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:54:55.0787 5304 QWAVEdrv - ok
22:54:55.0797 5304 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:54:55.0867 5304 RasAcd - ok
22:54:55.0947 5304 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:54:56.0047 5304 RasAgileVpn - ok
22:54:56.0097 5304 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:54:56.0157 5304 RasAuto - ok
22:54:56.0187 5304 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:54:56.0247 5304 Rasl2tp - ok
22:54:56.0297 5304 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:54:56.0367 5304 RasMan - ok
22:54:56.0407 5304 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:54:56.0447 5304 RasPppoe - ok
22:54:56.0487 5304 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:54:56.0557 5304 RasSstp - ok
22:54:56.0587 5304 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:54:56.0637 5304 rdbss - ok
22:54:56.0717 5304 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:54:56.0787 5304 rdpbus - ok
22:54:56.0817 5304 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:54:56.0867 5304 RDPCDD - ok
22:54:56.0937 5304 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:54:57.0077 5304 RDPDR - ok
22:54:57.0247 5304 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:54:57.0367 5304 RDPENCDD - ok
22:54:57.0427 5304 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:54:57.0497 5304 RDPREFMP - ok
22:54:57.0527 5304 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:54:57.0557 5304 RdpVideoMiniport - ok
22:54:57.0587 5304 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:54:57.0647 5304 RDPWD - ok
22:54:57.0717 5304 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:54:57.0737 5304 rdyboost - ok
22:54:57.0807 5304 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:54:57.0877 5304 RemoteAccess - ok
22:54:57.0927 5304 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:54:58.0017 5304 RemoteRegistry - ok
22:54:58.0047 5304 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:54:58.0107 5304 RpcEptMapper - ok
22:54:58.0147 5304 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:54:58.0217 5304 RpcLocator - ok
22:54:58.0257 5304 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
22:54:58.0297 5304 RpcSs - ok
22:54:58.0347 5304 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:54:58.0407 5304 rspndr - ok
22:54:58.0447 5304 [ C853AE16CCF5033C0CBA0855390F5C7F ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
22:54:58.0477 5304 RTHDMIAzAudService - ok
22:54:58.0527 5304 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:54:58.0557 5304 s3cap - ok
22:54:58.0597 5304 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
22:54:58.0627 5304 SamSs - ok
22:54:58.0697 5304 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:54:58.0737 5304 sbp2port - ok
22:54:58.0807 5304 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:54:58.0877 5304 SCardSvr - ok
22:54:58.0917 5304 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:54:58.0987 5304 scfilter - ok
22:54:59.0147 5304 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:54:59.0307 5304 Schedule - ok
22:54:59.0427 5304 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:54:59.0517 5304 SCPolicySvc - ok
22:54:59.0587 5304 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:54:59.0667 5304 sdbus - ok
22:54:59.0727 5304 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:54:59.0867 5304 SDRSVC - ok
22:54:59.0917 5304 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:55:00.0007 5304 secdrv - ok
22:55:00.0057 5304 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:55:00.0127 5304 seclogon - ok
22:55:00.0177 5304 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
22:55:00.0247 5304 SENS - ok
22:55:00.0277 5304 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:55:00.0347 5304 SensrSvc - ok
22:55:00.0367 5304 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
22:55:00.0397 5304 Serenum - ok
22:55:00.0447 5304 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
22:55:00.0487 5304 Serial - ok
22:55:00.0527 5304 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:55:00.0547 5304 sermouse - ok
22:55:00.0677 5304 [ DD1328A18712A0B9C9A946EE55A2B1EC ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
22:55:00.0727 5304 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
22:55:00.0727 5304 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
22:55:00.0797 5304 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:55:00.0927 5304 SessionEnv - ok
22:55:00.0967 5304 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:55:01.0027 5304 sffdisk - ok
22:55:01.0057 5304 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:55:01.0087 5304 sffp_mmc - ok
22:55:01.0217 5304 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:55:01.0337 5304 sffp_sd - ok
22:55:01.0367 5304 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:55:01.0427 5304 sfloppy - ok
22:55:01.0517 5304 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:55:01.0707 5304 SharedAccess - ok
22:55:01.0787 5304 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:55:01.0997 5304 ShellHWDetection - ok
22:55:02.0037 5304 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:55:02.0057 5304 sisagp - ok
22:55:02.0097 5304 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:55:02.0117 5304 SiSRaid2 - ok
22:55:02.0147 5304 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:55:02.0177 5304 SiSRaid4 - ok
22:55:02.0207 5304 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:55:02.0287 5304 Smb - ok
22:55:02.0357 5304 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:55:02.0437 5304 SNMPTRAP - ok
22:55:02.0467 5304 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\Windows\system32\speedfan.sys
22:55:02.0507 5304 speedfan - ok
22:55:02.0517 5304 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:55:02.0537 5304 spldr - ok
22:55:02.0587 5304 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
22:55:02.0667 5304 Spooler - ok
22:55:02.0827 5304 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:55:03.0057 5304 sppsvc - ok
22:55:03.0117 5304 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:55:03.0197 5304 sppuinotify - ok
22:55:03.0267 5304 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:55:03.0417 5304 srv - ok
22:55:03.0467 5304 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:55:03.0617 5304 srv2 - ok
22:55:03.0807 5304 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
22:55:03.0947 5304 SrvHsfHDA - ok
22:55:04.0098 5304 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
22:55:04.0158 5304 SrvHsfV92 - ok
22:55:04.0218 5304 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
22:55:04.0258 5304 SrvHsfWinac - ok
22:55:04.0288 5304 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:55:04.0328 5304 srvnet - ok
22:55:04.0358 5304 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
22:55:04.0418 5304 ssadbus - ok
22:55:04.0478 5304 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
22:55:04.0548 5304 ssadmdfl - ok
22:55:04.0558 5304 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
22:55:04.0588 5304 ssadmdm - ok
22:55:04.0608 5304 [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
22:55:04.0628 5304 sscdbus - ok
22:55:04.0658 5304 [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
22:55:04.0678 5304 sscdmdfl - ok
22:55:04.0698 5304 [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
22:55:04.0718 5304 sscdmdm - ok
22:55:04.0768 5304 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:55:04.0858 5304 SSDPSRV - ok
22:55:04.0948 5304 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:55:05.0058 5304 SstpSvc - ok
22:55:05.0125 5304 [ 8F299012EF58246F1C98DE7B7E48DBF0 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
22:55:05.0212 5304 ssudmdm - ok
22:55:05.0252 5304 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:55:05.0282 5304 stexstor - ok
22:55:05.0402 5304 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
22:55:05.0492 5304 StiSvc - ok
22:55:05.0542 5304 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:55:05.0562 5304 storflt - ok
22:55:05.0632 5304 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:55:05.0682 5304 storvsc - ok
22:55:05.0722 5304 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:55:05.0742 5304 swenum - ok
22:55:05.0782 5304 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:55:05.0852 5304 swprv - ok
22:55:05.0872 5304 [ F2AD8960812FD111E20E84659EF19D43 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
22:55:05.0892 5304 Synth3dVsc - ok
22:55:05.0922 5304 [ 47183E3520C88FADD5B0C87D57040DA5 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
22:55:05.0942 5304 SynTP - ok
22:55:05.0992 5304 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
22:55:06.0042 5304 SysMain - ok
22:55:06.0102 5304 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:55:06.0162 5304 TabletInputService - ok
22:55:06.0192 5304 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
22:55:06.0262 5304 TapiSrv - ok
22:55:06.0312 5304 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:55:06.0412 5304 TBS - ok
22:55:06.0512 5304 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:55:06.0572 5304 Tcpip - ok
22:55:06.0632 5304 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:55:06.0682 5304 TCPIP6 - ok
22:55:06.0702 5304 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:55:06.0762 5304 tcpipreg - ok
22:55:06.0812 5304 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:55:06.0842 5304 TDPIPE - ok
22:55:06.0892 5304 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:55:06.0922 5304 TDTCP - ok
22:55:06.0952 5304 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:55:07.0002 5304 tdx - ok
22:55:07.0012 5304 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:55:07.0032 5304 TermDD - ok
22:55:07.0042 5304 [ 052306FD76793D5D5AB5D9891FD1ADBB ] terminpt C:\Windows\system32\drivers\terminpt.sys
22:55:07.0112 5304 terminpt - ok
22:55:07.0172 5304 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
22:55:07.0252 5304 TermService - ok
22:55:07.0272 5304 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:55:07.0322 5304 Themes - ok
22:55:07.0362 5304 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:55:07.0412 5304 THREADORDER - ok
22:55:07.0472 5304 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
22:55:07.0492 5304 TomTomHOMEService - ok
22:55:07.0552 5304 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:55:07.0642 5304 TrkWks - ok
22:55:07.0722 5304 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:55:07.0812 5304 TrustedInstaller - ok
22:55:07.0862 5304 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:55:07.0902 5304 tssecsrv - ok
22:55:07.0922 5304 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:55:07.0972 5304 TsUsbFlt - ok
22:55:07.0982 5304 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:55:08.0022 5304 TsUsbGD - ok
22:55:08.0052 5304 [ 045ACB987C650D8186C6B4A692223860 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
22:55:08.0082 5304 tsusbhub - ok
22:55:08.0142 5304 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:55:08.0212 5304 tunnel - ok
22:55:08.0232 5304 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:55:08.0262 5304 uagp35 - ok
22:55:08.0282 5304 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:55:08.0342 5304 udfs - ok
22:55:08.0402 5304 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:55:08.0432 5304 UI0Detect - ok
22:55:08.0502 5304 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:55:08.0562 5304 uliagpkx - ok
22:55:08.0592 5304 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:55:08.0622 5304 umbus - ok
22:55:08.0642 5304 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
22:55:08.0682 5304 UmPass - ok
22:55:08.0722 5304 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
22:55:08.0762 5304 UmRdpService - ok
22:55:08.0822 5304 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:55:08.0962 5304 upnphost - ok
22:55:09.0012 5304 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:55:09.0072 5304 usbccgp - ok
22:55:09.0092 5304 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:55:09.0112 5304 usbcir - ok
22:55:09.0132 5304 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:55:09.0172 5304 usbehci - ok
22:55:09.0182 5304 [ 0150B06D3E73F6C27AFCB963FD931820 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
22:55:09.0202 5304 usbfilter - ok
22:55:09.0232 5304 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:55:09.0262 5304 usbhub - ok
22:55:09.0312 5304 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:55:09.0382 5304 usbohci - ok
22:55:09.0412 5304 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:55:09.0472 5304 usbprint - ok
22:55:09.0512 5304 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:55:09.0612 5304 USBSTOR - ok
22:55:09.0642 5304 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:55:09.0672 5304 usbuhci - ok
22:55:09.0702 5304 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
22:55:09.0732 5304 usbvideo - ok
22:55:09.0792 5304 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:55:09.0882 5304 UxSms - ok
22:55:09.0902 5304 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
22:55:09.0932 5304 VaultSvc - ok
22:55:09.0952 5304 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:55:09.0982 5304 vdrvroot - ok
22:55:10.0022 5304 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
22:55:10.0082 5304 vds - ok
22:55:10.0132 5304 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:55:10.0182 5304 vga - ok
22:55:10.0212 5304 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:55:10.0252 5304 VgaSave - ok
22:55:10.0282 5304 VGPU - ok
22:55:10.0312 5304 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:55:10.0342 5304 vhdmp - ok
22:55:10.0372 5304 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:55:10.0392 5304 viaagp - ok
22:55:10.0412 5304 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
22:55:10.0452 5304 ViaC7 - ok
22:55:10.0482 5304 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
22:55:10.0502 5304 viaide - ok
22:55:10.0542 5304 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:55:10.0562 5304 vmbus - ok
22:55:10.0592 5304 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:55:10.0612 5304 VMBusHID - ok
22:55:10.0752 5304 [ 6E021D6DA429AD7288FE8322E2BBA96B ] VMCService C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
22:55:10.0782 5304 VMCService ( UnsignedFile.Multi.Generic ) - warning
22:55:10.0782 5304 VMCService - detected UnsignedFile.Multi.Generic (1)
22:55:10.0812 5304 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:55:10.0842 5304 volmgr - ok
22:55:10.0862 5304 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:55:10.0892 5304 volmgrx - ok
22:55:10.0902 5304 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:55:10.0932 5304 volsnap - ok
22:55:10.0962 5304 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:55:10.0982 5304 vsmraid - ok
22:55:11.0062 5304 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
22:55:11.0132 5304 VSS - ok
22:55:11.0172 5304 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:55:11.0202 5304 vwifibus - ok
22:55:11.0272 5304 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:55:11.0362 5304 vwififlt - ok
22:55:11.0402 5304 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:55:11.0452 5304 vwifimp - ok
22:55:11.0522 5304 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:55:11.0602 5304 W32Time - ok
22:55:11.0632 5304 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:55:11.0682 5304 WacomPen - ok
22:55:11.0712 5304 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:55:11.0772 5304 WANARP - ok
22:55:11.0782 5304 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:55:11.0822 5304 Wanarpv6 - ok
22:55:11.0932 5304 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
22:55:12.0042 5304 wbengine - ok
22:55:12.0062 5304 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:55:12.0122 5304 WbioSrvc - ok
22:55:12.0222 5304 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:55:12.0272 5304 wcncsvc - ok
22:55:12.0302 5304 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:55:12.0402 5304 WcsPlugInService - ok
22:55:12.0462 5304 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
22:55:12.0502 5304 Wd - ok
22:55:12.0532 5304 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:55:12.0572 5304 Wdf01000 - ok
22:55:12.0622 5304 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:55:12.0732 5304 WdiServiceHost - ok
22:55:12.0742 5304 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:55:12.0772 5304 WdiSystemHost - ok
22:55:12.0792 5304 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
22:55:12.0852 5304 WebClient - ok
22:55:12.0892 5304 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:55:12.0952 5304 Wecsvc - ok
22:55:13.0002 5304 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:55:13.0072 5304 wercplsupport - ok
22:55:13.0102 5304 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:55:13.0162 5304 WerSvc - ok
22:55:13.0232 5304 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:55:13.0282 5304 WfpLwf - ok
22:55:13.0302 5304 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:55:13.0322 5304 WIMMount - ok
22:55:13.0402 5304 [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:55:13.0482 5304 winachsf - ok
22:55:13.0582 5304 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:55:13.0652 5304 WinDefend - ok
22:55:13.0672 5304 WinHttpAutoProxySvc - ok
22:55:13.0772 5304 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:55:13.0842 5304 Winmgmt - ok
22:55:13.0949 5304 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
22:55:14.0109 5304 WinRM - ok
22:55:14.0369 5304 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:55:14.0479 5304 WinUsb - ok
22:55:14.0569 5304 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:55:14.0669 5304 Wlansvc - ok
22:55:14.0699 5304 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:55:14.0749 5304 WmiAcpi - ok
22:55:14.0809 5304 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:55:14.0859 5304 wmiApSrv - ok
22:55:14.0979 5304 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:55:15.0089 5304 WMPNetworkSvc - ok
22:55:15.0139 5304 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:55:15.0219 5304 WPCSvc - ok
22:55:15.0239 5304 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:55:15.0329 5304 WPDBusEnum - ok
22:55:15.0389 5304 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:55:15.0489 5304 ws2ifsl - ok
22:55:15.0539 5304 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
22:55:15.0579 5304 wscsvc - ok
22:55:15.0589 5304 WSearch - ok
22:55:15.0669 5304 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:55:15.0769 5304 wuauserv - ok
22:55:15.0789 5304 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:55:15.0849 5304 WudfPf - ok
22:55:15.0899 5304 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:55:16.0009 5304 WUDFRd - ok
22:55:16.0089 5304 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:55:16.0139 5304 wudfsvc - ok
22:55:16.0179 5304 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:55:16.0239 5304 WwanSvc - ok
22:55:16.0269 5304 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
22:55:16.0309 5304 XAudio - ok
22:55:16.0359 5304 ================ Scan global ===============================
22:55:16.0399 5304 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:55:16.0470 5304 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
22:55:16.0500 5304 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
22:55:16.0550 5304 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:55:16.0620 5304 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:55:16.0640 5304 [Global] - ok
22:55:16.0640 5304 ================ Scan MBR ==================================
22:55:16.0670 5304 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:55:17.0520 5304 \Device\Harddisk0\DR0 - ok
22:55:17.0530 5304 ================ Scan VBR ==================================
22:55:17.0540 5304 [ D004C7FB7ABC32343FF5EE82E9ACE843 ] \Device\Harddisk0\DR0\Partition1
22:55:17.0540 5304 \Device\Harddisk0\DR0\Partition1 - ok
22:55:17.0580 5304 [ 885188B7B5BCBD04F8AF64E1B545ABE4 ] \Device\Harddisk0\DR0\Partition2
22:55:17.0580 5304 \Device\Harddisk0\DR0\Partition2 - ok
22:55:17.0590 5304 ============================================================
22:55:17.0590 5304 Scan finished
22:55:17.0590 5304 ============================================================
22:55:17.0610 4056 Detected object count: 4
22:55:17.0610 4056 Actual detected object count: 4
23:00:54.0922 4056 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:00:54.0922 4056 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:00:54.0932 4056 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
23:00:54.0932 4056 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:00:54.0932 4056 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
23:00:54.0932 4056 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:00:54.0932 4056 VMCService ( UnsignedFile.Multi.Generic ) - skipped by user
23:00:54.0932 4056 VMCService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Gruß |
|
16.11.2012, 23:20
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2012, 23:27
| #13 |
| | Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt Hier die logdatei von adwcleaner Code:
ATTFilter # AdwCleaner v2.007 - Datei am 16/11/2012 um 23:26:08 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : M - M-A
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\M\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Users\M\AppData\RoaMing\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\M\AppData\RoaMing\Mozilla\Firefox\Profiles\xfvkuzgp.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1277 octets] - [16/11/2012 23:26:08]
########## EOF - C:\AdwCleaner[R1].txt - [1337 octets] ##########
|
|
16.11.2012, 23:34
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2012, 00:14
| #15 |
| | Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt log adwcleaner Code:
ATTFilter # AdwCleaner v2.007 - Datei am 16/11/2012 um 23:39:50 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : M - M-A
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\M\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Users\M\AppData\RoaMing\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\M\AppData\RoaMing\Mozilla\Firefox\Profiles\xfvkuzgp.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1406 octets] - [16/11/2012 23:38:00]
AdwCleaner[S1].txt - [1339 octets] - [16/11/2012 23:39:50]
########## EOF - C:\AdwCleaner[S1].txt - [1399 octets] ##########
OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.11.2012 23:47:35 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\M\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,47 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 51,89% Memory free 4,93 Gb Paging File | 3,42 Gb Available in Paging File | 69,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 11,53 Gb Free Space | 8,01% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 8,54 Gb Free Space | 6,08% Space Free | Partition Type: NTFS Computer Name: M-A | User Name: M | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\M\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\M\AppData\Local\Apps\2.0\59A6CLA7.5DD\MLTYHMRM.XAC\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe (AVM Berlin) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Programme\McAfee\MAT\McPvTray.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\DAEMON Tools Lite\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Programme\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe (ArcSoft Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Users\M\AppData\Local\Apps\2.0\59A6CLA7.5DD\MLTYHMRM.XAC\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll () MOD - C:\Programme\Logitech\SetPointP\Macros\MacroCore.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\System32\msjetoledb40.dll () MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll () MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (NAUpdate) -- C:\Programme\Nero\Update\NASvc.exe (Nero AG) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (MOBKbackup) -- C:\Programme\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (mfeavfk01) -- File not found DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys File not found DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (McPvDrv) -- C:\Windows\System32\drivers\McPvDrv.sys (McAfee, Inc.) DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (ssudmdm) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (dg_ssudbus) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation) DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation) DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation) DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ArcSec) -- C:\Windows\System32\drivers\ArcSec.sys () DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (giveio) -- C:\Windows\System32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 6A 7E 1A 6A B4 CD 01 [binary data] IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\..\SearchScopes\{BB93CF59-A42C-4699-8E06-749ADE23418B}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Sichere Suche" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7 FF - prefs.js..extensions.enabledAddons: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1 FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.11.07 19:47:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.07 19:47:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012.11.07 20:31:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.07 19:47:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.02 22:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M\AppData\Roaming\mozilla\Extensions [2012.02.02 22:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.10.23 17:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\M\AppData\Roaming\mozilla\Firefox\Profiles\xfvkuzgp.default\extensions [2012.11.07 19:49:00 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\M\AppData\Roaming\mozilla\Firefox\Profiles\xfvkuzgp.default\extensions\fb_add_on@avm.de [2012.08.29 21:07:47 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\M\AppData\Roaming\mozilla\firefox\profiles\xfvkuzgp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012.01.18 23:32:41 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\M\AppData\Roaming\mozilla\firefox\profiles\xfvkuzgp.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2012.10.27 21:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.27 21:22:01 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.05 20:10:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 20:10:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.09.05 20:10:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.09.05 20:10:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.05 20:10:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.05 20:10:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.) O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001..\Run: [AVMUSBFernanschluss] C:\Users\M\AppData\Local\Apps\2.0\59A6CLA7.5DD\MLTYHMRM.XAC\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKU\S-1-5-21-3939653844-2987989265-3787317749-1001..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.7.20.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61EE6ADE-D091-4F01-8EC2-4567265193DE}: DhcpNameServer = 10.7.20.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAE9A0C4-0FFB-4698-9D9E-18B95A3E8476}: DhcpNameServer = 10.7.20.3 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{24347878-b25b-11e1-93a7-001eec54080e}\Shell - "" = AutoRun O33 - MountPoints2\{24347878-b25b-11e1-93a7-001eec54080e}\Shell\AutoRun\command - "" = J:\NokiaPCIA_Autorun.exe O33 - MountPoints2\{24347887-b25b-11e1-93a7-001eec54080e}\Shell - "" = AutoRun O33 - MountPoints2\{24347887-b25b-11e1-93a7-001eec54080e}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{24347889-b25b-11e1-93a7-001eec54080e}\Shell - "" = AutoRun O33 - MountPoints2\{24347889-b25b-11e1-93a7-001eec54080e}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{54d7ca0d-adae-11e1-af4c-001eec54080e}\Shell - "" = AutoRun O33 - MountPoints2\{54d7ca0d-adae-11e1-af4c-001eec54080e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{54d7ca0f-adae-11e1-af4c-001eec54080e}\Shell - "" = AutoRun O33 - MountPoints2\{54d7ca0f-adae-11e1-af4c-001eec54080e}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{96bb23ec-6314-11e1-a758-001eec54080e}\Shell - "" = AutoRun O33 - MountPoints2\{96bb23ec-6314-11e1-a758-001eec54080e}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{96bb23ee-6314-11e1-a758-001eec54080e}\Shell - "" = AutoRun O33 - MountPoints2\{96bb23ee-6314-11e1-a758-001eec54080e}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{96bb245d-6314-11e1-a758-001eec54080e}\Shell - "" = AutoRun O33 - MountPoints2\{96bb245d-6314-11e1-a758-001eec54080e}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{a5bc630a-6175-11e1-97ee-001eec54080e}\Shell - "" = AutoRun O33 - MountPoints2\{a5bc630a-6175-11e1-97ee-001eec54080e}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{ca4ae027-6311-11e1-bd69-001eec54080e}\Shell - "" = AutoRun O33 - MountPoints2\{ca4ae027-6311-11e1-bd69-001eec54080e}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{fc904898-4229-11e1-bfd5-001eec54080e}\Shell - "" = AutoRun O33 - MountPoints2\{fc904898-4229-11e1-bfd5-001eec54080e}\Shell\AutoRun\command - "" = F:\Setup.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.16 22:52:41 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\M\Desktop\tdsskiller.exe [2012.11.16 20:18:10 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\M\Desktop\aswMBR.exe [2012.11.15 18:41:51 | 000,526,800 | ---- | C] (McAfee, Inc.) -- C:\Users\M\Desktop\MVTInstaller.exe [2012.11.07 17:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\2CB5E81483702AAC00002CB5BB602C10 [2012.11.05 18:20:33 | 000,000,000 | R--D | C] -- C:\Users\M\Desktop\nokia [2012.10.27 21:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.10.24 20:01:39 | 000,000,000 | ---D | C] -- C:\Users\M\AppData\Local\SKIDROW [2012.10.24 20:01:39 | 000,000,000 | ---D | C] -- C:\Users\M\AppData\Roaming\DarknessII [2012.10.24 19:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games [2012.10.22 18:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.10.22 18:47:40 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.10.22 18:47:40 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.10.22 18:47:13 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.22 18:47:13 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.22 18:47:13 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.22 18:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.10.21 20:44:09 | 000,000,000 | ---D | C] -- C:\Users\M\AppData\Roaming\Malwarebytes [2012.10.21 20:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.21 20:43:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.21 20:43:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.21 20:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.21 20:41:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\M\Desktop\mbam-setup.exe [2012.10.21 17:27:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\M\Desktop\OTL.exe [2012.10.21 16:19:56 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2012.10.21 16:19:56 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [2012.10.21 15:29:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.10.21 15:29:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.10.21 15:29:03 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.10.21 15:29:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.10.21 15:29:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.10.21 15:29:02 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.10.21 15:29:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.10.21 15:29:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.10.21 15:20:26 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll [2012.10.21 15:20:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.21 15:19:37 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012.10.21 15:19:37 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS [2012.10.21 15:19:31 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe [2012.10.21 15:18:19 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.10.21 15:18:19 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.10.21 15:18:18 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.10.21 15:18:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.10.21 15:18:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.10.21 15:18:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.10.21 15:18:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.10.21 15:18:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.10.21 15:18:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.10.21 15:18:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.10.21 15:18:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.10.21 15:18:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.10.21 15:18:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.10.21 15:18:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.10.21 15:18:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.10.21 15:18:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.10.21 15:18:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.10.21 15:18:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.10.21 15:18:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.10.21 15:18:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.10.21 15:18:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.10.21 15:18:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.10.21 15:18:14 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.10.21 15:18:14 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.10.21 15:18:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.10.21 15:18:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.10.21 15:18:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.10.21 15:18:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.10.21 15:18:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.10.21 15:18:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.10.21 15:17:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys [2012.10.21 15:17:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll [2012.10.21 15:12:36 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.21 15:12:36 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.10.21 15:12:27 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2012.10.21 15:12:05 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.10.18 18:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\stabwfcjxvfpbhg ========== Files - Modified Within 30 Days ========== [2012.11.16 23:50:32 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.16 23:50:32 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.16 23:42:04 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012.11.16 23:41:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.16 23:41:47 | 1986,859,008 | -HS- | M] () -- C:\hiberfil.sys [2012.11.16 23:37:12 | 000,541,569 | ---- | M] () -- C:\Users\M\Desktop\adwcleaner.exe [2012.11.16 23:30:32 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys [2012.11.16 22:52:41 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\M\Desktop\tdsskiller.exe [2012.11.16 22:50:47 | 000,000,512 | ---- | M] () -- C:\Users\M\Desktop\MBR.dat [2012.11.16 20:18:34 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\M\Desktop\aswMBR.exe [2012.11.15 23:04:04 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.15 23:04:04 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.15 23:04:04 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.15 23:04:04 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.15 18:41:51 | 000,526,800 | ---- | M] (McAfee, Inc.) -- C:\Users\M\Desktop\MVTInstaller.exe [2012.11.15 01:08:42 | 000,270,485 | ---- | M] () -- C:\Users\M\Desktop\Image3.jpg [2012.11.10 20:04:13 | 000,597,473 | ---- | M] () -- C:\Users\M\Desktop\OTL.rar [2012.11.08 20:45:57 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.07 20:58:07 | 000,302,592 | ---- | M] () -- C:\Users\M\Desktop\lf61ovol.exe [2012.11.07 20:37:04 | 000,000,156 | ---- | M] () -- C:\Users\M\defogger_reenable [2012.11.07 20:36:17 | 000,050,477 | ---- | M] () -- C:\Users\M\Desktop\Defogger.exe [2012.11.07 17:41:33 | 000,046,461 | ---- | M] () -- C:\Users\M\AppData\Local\qdgqgrca [2012.10.24 19:58:59 | 000,001,643 | ---- | M] () -- C:\Users\Public\Desktop\The Darkness II.lnk [2012.10.22 18:46:11 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.10.22 18:46:08 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.10.22 18:46:08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.10.22 18:46:08 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.10.22 18:46:07 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012.10.22 18:46:07 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.10.21 20:41:48 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\M\Desktop\mbam-setup.exe [2012.10.21 17:27:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\M\Desktop\OTL.exe [2012.10.21 16:40:54 | 000,883,840 | ---- | M] () -- C:\Users\M\Desktop\Avira-DE-Cleaner.exe [2012.10.21 16:30:37 | 000,412,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.10.21 16:19:50 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2012.10.21 16:19:50 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [2012.10.18 18:55:51 | 000,076,347 | ---- | M] () -- C:\ProgramData\tdocfaumpmggoyq ========== Files Created - No Company Name ========== [2012.11.16 23:36:57 | 000,541,569 | ---- | C] () -- C:\Users\M\Desktop\adwcleaner.exe [2012.11.16 20:29:22 | 000,000,512 | ---- | C] () -- C:\Users\M\Desktop\MBR.dat [2012.11.10 20:12:20 | 000,270,485 | ---- | C] () -- C:\Users\M\Desktop\Image3.jpg [2012.11.10 20:04:13 | 000,597,473 | ---- | C] () -- C:\Users\M\Desktop\OTL.rar [2012.11.07 20:58:06 | 000,302,592 | ---- | C] () -- C:\Users\M\Desktop\lf61ovol.exe [2012.11.07 20:37:03 | 000,000,156 | ---- | C] () -- C:\Users\M\defogger_reenable [2012.11.07 20:36:14 | 000,050,477 | ---- | C] () -- C:\Users\M\Desktop\Defogger.exe [2012.11.07 17:41:33 | 000,046,461 | ---- | C] () -- C:\Users\M\AppData\Local\qdgqgrca [2012.10.24 19:58:59 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\The Darkness II.lnk [2012.10.21 20:43:57 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.21 16:40:51 | 000,883,840 | ---- | C] () -- C:\Users\M\Desktop\Avira-DE-Cleaner.exe [2012.10.18 18:55:48 | 000,076,347 | ---- | C] () -- C:\ProgramData\tdocfaumpmggoyq [2012.06.29 14:43:43 | 000,007,608 | ---- | C] () -- C:\Users\M\AppData\Local\Resmon.ResmonCfg [2012.04.02 21:58:55 | 000,009,216 | ---- | C] () -- C:\Users\M\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.07 18:01:28 | 000,000,662 | ---- | C] () -- C:\Windows\wiso.ini [2012.01.21 15:48:02 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\DE2D5743D6.sys [2012.01.21 15:26:57 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2012.01.21 13:28:47 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI [2012.01.20 19:40:08 | 000,195,854 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.01.18 23:50:50 | 000,107,276 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2012.01.18 23:50:50 | 000,000,632 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2012.01.18 23:50:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2012.01.18 23:50:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2012.01.18 23:50:50 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2012.01.18 23:50:50 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2012.01.18 22:26:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.12.23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.12.23 20:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2011.12.23 20:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2011.12.23 20:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2011.12.23 20:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2010.11.21 01:46:14 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.21 01:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.21 01:46:14 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.21 01:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.11.20 22:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2008.06.23 13:02:02 | 000,097,410 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.05.23 17:48:50 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.11.2012 23:47:35 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\M\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,47 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 51,89% Memory free
4,93 Gb Paging File | 3,42 Gb Available in Paging File | 69,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 11,53 Gb Free Space | 8,01% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 8,54 Gb Free Space | 6,08% Space Free | Partition Type: NTFS
Computer Name: M-A | User Name: M | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3939653844-2987989265-3787317749-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035D81E0-7E04-4296-8126-0FF58DE6B149}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{053DC611-312D-4EEC-8545-5841FABAE71B}" = lport=445 | protocol=6 | dir=in | app=system |
"{14CE9331-F1AF-4B64-8AAF-B12BAC66444D}" = rport=445 | protocol=6 | dir=out | app=system |
"{18A64702-A665-49E9-883E-A0641ECE5586}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{194699BE-1F28-425D-B714-E3F157BAD8AB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24AB282C-62CD-4F64-9707-F5CC4CBC58BD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31905B2E-50B3-4F52-B056-B96F03DD5E8B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{450E361E-D164-49C0-BDF7-961E92E54EFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{45D03628-12D4-4F68-A997-D242F0014760}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D76CFCA-1982-4E29-889B-FCB6468A5A2D}" = rport=139 | protocol=6 | dir=out | app=system |
"{6B5B9503-2C42-41A2-926B-A83EB07AE00D}" = rport=138 | protocol=17 | dir=out | app=system |
"{7218861D-EDDE-4AD9-B2B0-BF70EFB0382A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{725CD7D0-CB2F-4C62-A23E-4CEE6BB198DA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{805F9CD7-32E5-4CA1-8B27-69C1B93976A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B1BB8E6-5027-4E90-A9FB-E2C3E6EAF9C2}" = lport=139 | protocol=6 | dir=in | app=system |
"{9DAB7B09-B004-4902-851F-D84D86FD11D4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A37C6505-F10B-4532-8207-8E9F62F65BDF}" = lport=137 | protocol=17 | dir=in | app=system |
"{B77ADE15-1C2E-4BF8-A392-E78C5E053E33}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0D3D180-B3B5-4BF3-8413-CB20B898D06B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DC7EE35C-EC12-4180-8991-294F67AB1233}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DE5EC512-B6EE-4D96-AAC4-5B59B7D45164}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E560BAAF-C95E-4C9B-9293-F3FE18ACD161}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F0A38E3C-B8BE-448A-B34C-DCD2F0C9947E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F8423DFF-79DA-47EF-9D02-36D35A45B8CD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069E7DDE-74A7-4A31-AF76-4348B75D5F24}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax deluxe\maxtax.exe |
"{08B3AC8E-9B39-4078-9D6C-42C8DC32F1B0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{167F5CF0-DCC9-47DC-AE7A-77CDC0AF9AF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DBA470E-48B0-43CD-9CE5-62E35475A0FC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2967AB91-7372-43C6-8047-9A20F662E37C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{31F23D34-A532-4B0C-AA06-54BB47C78084}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{32759961-0E7A-4ADA-B22A-977CD36AAB09}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax deluxe\stmaxtax.exe |
"{3662D225-3C6E-4527-B565-0A1EE87ACA77}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{3665FFF5-09EC-4A9A-94F8-5D1D86FFAA12}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{407B39DA-20A4-4DC7-8097-3CA2F8E74D6B}" = protocol=17 | dir=in | app=c:\users\m\appdata\local\apps\2.0\59a6cla7.5dd\mltyhmrm.xac\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{4CACEE89-7AB9-4812-97B5-11808EEFE09E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4F1D2BBA-EC23-4A4B-846A-82F77CA0E1D6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59AD1F18-1369-48B7-A0FE-195F1FD2531F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{654926CA-121B-4305-AF02-61CA7DCAE2D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6699C8FC-44CC-4130-BF92-46E95DF90197}" = protocol=6 | dir=out | app=system |
"{6AC7411E-392D-4C2A-BDDB-7A916D470A5B}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax standard\maxtax.exe |
"{6AD638C0-75FB-47C3-895B-3E64E1A66D75}" = protocol=6 | dir=in | app=c:\users\m\appdata\local\apps\2.0\59a6cla7.5dd\mltyhmrm.xac\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |
"{6C29BF37-F8C5-4A0C-A075-443DCCF073BD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{71FCA845-61B5-4663-8A2B-B534C7F520E3}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{7C66E8FB-D659-45EE-9814-5BC0C02209D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{906653DA-68E1-49EA-8FC4-04C7857DC1EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A00B5228-663A-483F-84D8-7E9711A99158}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7257D46-2111-425C-A57B-4581172F93C3}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax deluxe\maxtax.exe |
"{A7C1D3FF-3614-4BF1-B149-04DF1A37704B}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax deluxe\stmaxtax.exe |
"{AC118144-1534-4DE0-AC31-80F202E5116D}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax standard\stmaxtax.exe |
"{B406C6B3-323A-4F01-A377-C398C0802563}" = protocol=17 | dir=in | app=c:\program files\eurowin\maxtax standard\maxtax.exe |
"{B45EA6F6-C60E-4F9B-9BB8-B30F71E22EA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4558C2B-2878-4987-A621-38369CE10969}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E13A1141-F912-444F-AAA0-7AF2D93F26A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E298755D-479D-457F-9CF7-B185C42D339B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E7F9316D-4AB1-4F45-A103-0F46BDD736B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EDEB1FD0-F870-4BD8-BF3D-19F9A6258CAD}" = protocol=6 | dir=in | app=c:\program files\eurowin\maxtax standard\stmaxtax.exe |
"{F1EF9919-C4BB-4BE1-9818-6B102B401534}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4FE0BEB-E58D-4365-8392-C960C7AEA490}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{CE28A63C-5873-4139-864A-23CF15D84140}C:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"TCP Query User{F30F959B-0C7B-4DC9-8D90-9BE87EC7CC13}C:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"UDP Query User{97FEB2C2-80D7-42F4-87F8-9E8EC5D5C52F}C:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"UDP Query User{BA4BDB7E-68B7-4715-A259-8822A7A929B6}C:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D4D67AB-C830-1787-5868-7EB8CDE396FD}" = Catalyst Control Center InstallProxy
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2911F8A7-8513-7A0C-E02B-B4BF3260376D}" = CCC Help Hungarian
"{2997ABF5-E5F6-4E9C-9717-26F208D9ED5E}" = PC Connectivity Solution Lite
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{337944EB-8A7B-9A4F-5616-BE20776318B0}" = Catalyst Control Center Graphics Previews Common
"{376924D9-9D83-366E-8DF4-3785F7200572}" = CCC Help Greek
"{37D77500-8BAB-D917-A1E5-80DB5DBC90A4}" = CCC Help Polish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DBF3B04-45ED-7839-A732-572F5132C87E}" = CCC Help French
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FCB5D68-F2EC-00BC-4F00-A921C894A670}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B3914C1-4D22-92B1-D391-BF2CF160A391}" = ccc-utility
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{58184585-45B7-AC59-3367-CC89814C2657}" = AMD VISION Engine Control Center
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66268C28-7687-4B59-93EA-FD3F7BA13CD2}" = Warhammer 40,000™ Dawn of War - Complete Collection (Hi-Res)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B558624-36B9-7D51-AA9F-339E85E3C6CA}" = CCC Help Portuguese
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{960C091F-A830-2964-D775-05ECD97484B5}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A35E7ACE-0D23-049B-FE8D-117BEF783503}" = AMD Fuel
"{A4A9D179-DF6D-3876-F1C4-F4D2F5B77F23}" = CCC Help English
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{DB32230C-5CE1-8112-F793-A8124B25A60B}" = CCC Help Italian
"{DC07522A-FA33-C098-E885-2FFA362097FC}" = AMD Catalyst Install Manager
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.1.4
"{DF9E978D-54DA-6E2B-E699-D161E31DA144}" = CCC Help German
"{E656D89A-8CBB-497F-918F-8361A4071C26}" = Nero Burning ROM 11
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MAXTAXDel" = eurowin maxtax
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Total Protection
"ratDVD" = ratDVD 0.78.1444
"sp6" = Logitech SetPoint 6.32
"SpeedFan" = SpeedFan (remove only)
"SPlayer" = SPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Darkness II_is1" = The Darkness II
"TomTom HOME" = TomTom HOME 2.8.3.2499
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.10
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3939653844-2987989265-3787317749-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.11.2012 19:39:35 | Computer Name = M-A | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 14.11.2012 19:40:55 | Computer Name = M-A | Source = WinMgmt | ID = 10
Description =
Error - 14.11.2012 19:41:46 | Computer Name = M-A | Source = VSS | ID = 8194
Description =
Error - 16.11.2012 14:23:17 | Computer Name = M-A | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 16.11.2012 14:25:23 | Computer Name = M-A | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3132 (0xc3c) Thread address : 0x770A7094 Thread message : Build VSCORE.15.1.0.461
/ 5500.1093 Object being scanned = \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 16.11.2012 14:25:23 | Computer Name = M-A | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3148 (0xc4c) Thread address : 0x770A7094 Thread message : Build VSCORE.15.1.0.461
/ 5500.1093 Object being scanned = \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
by C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)
7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Error - 16.11.2012 14:25:27 | Computer Name = M-A | Source = WinMgmt | ID = 10
Description =
Error - 16.11.2012 14:29:36 | Computer Name = M-A | Source = VSS | ID = 8194
Description =
Error - 16.11.2012 18:42:23 | Computer Name = M-A | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 16.11.2012 18:43:41 | Computer Name = M-A | Source = WinMgmt | ID = 10
Description =
Error - 16.11.2012 18:45:18 | Computer Name = M-A | Source = VSS | ID = 8194
Description =
[ OSession Events ]
Error - 08.08.2012 15:46:10 | Computer Name = M-A | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 113
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 16.11.2012 14:22:02 | Computer Name = M-A | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst McNASvc erreicht.
Error - 16.11.2012 14:24:11 | Computer Name = M-A | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst eventlog erreicht.
Error - 16.11.2012 14:25:09 | Computer Name = M-A | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Server" wurde nicht richtig gestartet.
Error - 16.11.2012 14:25:11 | Computer Name = M-A | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst eventlog erreicht.
Error - 16.11.2012 14:25:38 | Computer Name = M-A | Source = Service Control Manager | ID = 7022
Description = Der Dienst "McAfee Firewall Core Service" wurde nicht richtig gestartet.
Error - 16.11.2012 14:27:22 | Computer Name = M-A | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Personal Firewall Service" ist vom Dienst "McAfee
Firewall Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%1070
Error - 16.11.2012 14:27:22 | Computer Name = M-A | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Proxy Service" ist vom Dienst "McAfee Firewall
Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1070
Error - 16.11.2012 14:27:22 | Computer Name = M-A | Source = Service Control Manager | ID = 7001
Description = Der Dienst "McAfee Anti-Spam Service" ist vom Dienst "McAfee Firewall
Core Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1070
Error - 16.11.2012 14:27:25 | Computer Name = M-A | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee McShield" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 16.11.2012 14:30:15 | Computer Name = M-A | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
| Themen zu Trojaner FakeAlert-WinWebSec!env.h in e-mail versteckt |
| center, dateien, e-mail, gesendet, gmer, infiziert, kurze, laden, laptop, logfiles, namen, plötzlich, programm, rechner, scan, scanner, schloß, security, seite, service, starten, treiber, trojaner, virenscanner, virus |
Linear-Darstellung
